summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Strip defaults from namespace flagsMatthew Heon2020-06-04
| | | | | | | | | | | | | | | | | We were picking up defaults from the client's containers.conf, which broke pod namespaces. The server-side code already checks containers.conf when not explicitly overridden by the user, or by the container being part of a pod (the last bit being our bug). This only manifested on systems with a containers.conf installed, so RHEL 8 and Fedora 32 (which means our F32 CI VMs likely should have caught it, but didn't, which is concerning). This prevents defaults for these flags being shown, but they were incorrect anyways for `podman-remote`, so I'm not terribly concerned. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6484 from rhatdan/namespaceOpenShift Merge Robot2020-06-04
|\ | | | | Namespace fields were set with bogus values
| * Namespace fields were set with bogus valuesDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | Namespace fields were being set with their option names unless overriden by the user. This was causing issues with podman-remote on userns. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6482 from mheon/split_inspectOpenShift Merge Robot2020-06-04
|\ \ | | | | | | Ensure that image/container inspect are specialized
| * | Ensure that image/container inspect are specializedMatthew Heon2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are currently able to inspect images with `podman container inspect` and containers with `podman image inspect` and neither of those seem correct. This ensures that the appropriate flags, and only the appropriate flags, are available for each specialized exec, and they can only inspect the specific type they were intended to. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6478 from rhatdan/abisupportOpenShift Merge Robot2020-06-03
|\ \ \ | |_|/ |/| | Remove use of ABISupport buildtag
| * | Remove use of ABISupport buildtagDaniel J Walsh2020-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to default to building podman. If you specify no build tags you will not build podman, not podman-remote. Just using remote flag to indicate podman-remote and !remote for podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6465 from rhatdan/remoteOpenShift Merge Robot2020-06-03
|\ \ \ | |_|/ |/| | Add more Remote tests
| * | Add more Remote testsDaniel J Walsh2020-06-03
| |/ | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / V2 Add support for ssh authentication methodsJhon Honce2020-06-03
|/ | | | | | | | | | | | | | | | | * podman --remote ssh://<user>:<password>@<host>:<port><path> * podman --remote ssh://<user>:<password>@<host>:<port><path> \ --identity <path> --passphrase <phrase> * ssh-add <key> podman --remote ssh://<user>@<host><path> * Fix `podman help` to run even if podman missing components * Prompt for passphrase on stdin IFF key is protected and passphrase not given via any other configuration * cobra flags do not support optional value flags therefore refactored --remote to be a boolean and --url will now contain the URI to Podman service Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #6435 from QiWang19/uidOpenShift Merge Robot2020-06-02
|\ | | | | check --user range for rootless containers
| * check --user range for rootless containersQi Wang2020-06-02
| | | | | | | | | | | | Check --user range if it's a uid for rootless containers. Returns error if it is out of the range. From https://github.com/containers/libpod/issues/6431#issuecomment-636124686 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6460 from vrothberg/no-truncOpenShift Merge Robot2020-06-02
|\ \ | | | | | | images --no-trunc: fix ID formatting
| * | images --no-trunc: fix ID formattingValentin Rothberg2020-06-02
| | | | | | | | | | | | | | | | | | | | | Remove the redundant `sha256:` prefix from the image IDs. Fixes: #6459 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6411 from mheon/exec_bindingsOpenShift Merge Robot2020-06-02
|\ \ \ | | | | | | | | Add bindings for exec and enable attached remote exec
| * | | Add bindings for exec and enable attached remoteMatthew Heon2020-06-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds bindings for starting exec sessions, and then uses them to wire up detached exec. Code is heavily based on Attach code for containers, slightly modified to handle exec sessions. Bindings are presently attached-only, detached is pending on a Conmon update landing in CI. I'll probably get to that next. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Combine the code of dealing with 'readonly' and 'ro'.Charles Shih2020-06-02
| |/ / |/| | | | | | | | | | | | | | https://github.com/containers/libpod/pull/6380#discussion_r432391376 Signed-off-by: Charles Shih <schrht@gmail.com>
* | | Merge pull request #6350 from rhatdan/buildOpenShift Merge Robot2020-06-01
|\ \ \ | |/ / |/| | Don't build code on remoteclient
| * | Don't build code on remoteclientDaniel J Walsh2020-05-29
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add support for format {{.Label}}Brent Baude2020-06-01
| |/ |/| | | | | | | | | | | | | the pod ps man page says .Label is valid go template format. i dont think the function was actually ever implemented. Fixes #6448 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6380 from mheon/fix_mount_readonlyOpenShift Merge Robot2020-05-29
|\ \ | |/ |/| Add support for `readonly` option to --mount
| * Add support for `readonly` option to --mountMatthew Heon2020-05-26
| | | | | | | | | | | | | | | | | | This is just an alias to the `ro` option, but it's already in the manpages (and Docker) so we might as well add support for it. Fixes #6379 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6372 from boaz0/gh_6283OpenShift Merge Robot2020-05-27
|\ \ | | | | | | Add --format to pod inspect
| * | Add --format to pod inspectBoaz Shuster2020-05-27
| |/ | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* / container stats: fix --no-stream raceValentin Rothberg2020-05-27
|/ | | | | | | | | Fix a race in `podman container stats` by waiting for the client to consume the data in the channel. This requires a `sync.WaitGroup` (or semaphore) in the client and to also close the channel the backend. Fixes: #6405 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6321 from Luap99/podman-generate-systemd-unit-prefixOpenShift Merge Robot2020-05-25
|\ | | | | Allow to change the generated systemd unit name prefix
| * Added new flags to 'podman generate systemd' to change the unit name prefixLuap992020-05-22
| | | | | | | | | | | | | | | | | | | | | | | | | | --container-prefix <string> - default 'container' Systemd unit name prefix for containers --pod-prefix <string> - default 'pod' Systemd unit name prefix for pods --separator <string> - default '-' Systemd unit name seperator between name/id and prefix Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Attempt to turn on build_without_cgo testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Attempt to turn on additional build testsDaniel J Walsh2020-05-22
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | V2 enable remote logs and testingJhon Honce2020-05-22
| | | | | | | | | | | | | | | | | | | | * wire up bindings and handler for obtaining logs remotely * enable debug logging from podman in e2e test using DEBUG and DEBUG_SERVICE env variables * Fix error in streaming log frames * enable remote logs test Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | podman version --format ... was not workingDaniel J Walsh2020-05-21
| | | | | | | | | | | | This patch fixes the podman --version --format command. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Display human build date in podman infoDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | Currently we are displaying the Seconds since EPOCH this will change to displaying date, similar to `podman version` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6323 from rhatdan/shrinkOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Remove github.com/libpod/libpod from cmd/pkg/podman
| * | Remove github.com/libpod/libpod from cmd/pkg/podmanDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | | | | | | | | By moving a couple of variables from libpod/libpod to libpod/libpod/define I am able shrink the podman-remote-* executables by another megabyte. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6320 from rhatdan/skipOpenShift Merge Robot2020-05-21
|\ \ \ | | | | | | | | Start testing with cross compilation
| * | | Start testing with cross compilationDaniel J Walsh2020-05-21
| |/ / | | | | | | | | | | | | | | | | | | Add missing man page links for podman-image-search and podman-image-diff Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6313 from sujil02/pod-create-idOpenShift Merge Robot2020-05-21
|\ \ \ | | | | | | | | Fixes podman pod create --pod-id-file #6292
| * | | Fixes podman pod create --pod-id-file #6292Sujil022020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | Prints pod id to file and adds relevant test case Signed-off-by: Sujil02 <sushah@redhat.com>
* | | | Merge pull request #6312 from rhatdan/imageOpenShift Merge Robot2020-05-21
|\ \ \ \ | |_|/ / |/| | | Fix remote handling of podman images calls
| * | | Handle filters correctly for podman pruneDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | Fix remote handling of podman images callsDaniel J Walsh2020-05-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Enable three more tests Fix handling of image filters Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6270 from mheon/detached_execOpenShift Merge Robot2020-05-21
|\ \ \ \ | |_|_|/ |/| | | Implement detached exec
| * | | Enable cleanup processes for detached execMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The cleanup command creation logic is made public as part of this and wired such that we can call it both within SpecGen (to make container exit commands) and from the ABI detached exec handler. Exit commands are presently only used for detached exec, but theoretically could be turned on for all exec sessions if we wanted (I'm declining to do this because of potential overhead). I also forgot to copy the exit command from the exec config into the ExecOptions struct used by the OCI runtime, so it was not being added. There are also two significant bugfixes for exec in here. One is for updating the status of running exec sessions - this was always failing as I had coded it to remove the exit file *before* reading it, instead of after (oops). The second was that removing a running exec session would always fail because I inverted the check to see if it was running. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add ability to clean up exec sessions with cleanupMatthew Heon2020-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We need to be able to use cleanup processes to remove exec sessions as part of detached exec. This PR adds that ability. A new flag is added to `podman container cleanup`, `--exec`, to specify an exec session to be cleaned up. As part of this, ensure that `ExecCleanup` can clean up exec sessions that were running, but have since exited. This ensures that we can come back to an exec session that was running but has since stopped, and clean it up. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * | | Add CLI frontend for detached execMatthew Heon2020-05-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new ContainerEngine method for creating a detached exec session, and wire in the frontend code to do this. As part of this, move Streams out of ExecOptions to the function signature in an effort to share the struct between both methods. Fixes #5884 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6311 from mheon/fix_darwin_buildOpenShift Merge Robot2020-05-21
|\ \ \ | |_|/ |/| | Fix build on OS X
| * | Fix build on OS XMatthew Heon2020-05-20
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We disabled the OS X and Windows cross-building tests. This, predictably, led us to regress a bit in our ability to build for both of these. This fixes the build on OS X and fixes one obvious Windows bug. Unfortunately, we're dragging in all of `pkg/spec` somewhere on Windows, and things are blowing up spectacularly because of it (plus a few uses of the `syscall` package in the bindings). I've giving up for the day. This fixes OS X, but does not fully enable the cross-build CI (need Windows fixes for that). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6284 from baude/v2remotetestfixesOpenShift Merge Robot2020-05-21
|\ \ | | | | | | Test fixes for remote integration
| * | Test fixes for remote integrationBrent Baude2020-05-20
| |/ | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>