summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Fix handler and systemd activation errorsJhon Honce2020-02-17
| | | | | | | | | | | | | | | | | | | On panic from handler: log warning and stack trace, report InternalServerError to client When using `podman system service` make determining the listening endpoint deterministic. // When determining _*THE*_ listening endpoint -- // 1) User input wins always // 2) systemd socket activation // 3) rootless honors XDG_RUNTIME_DIR // 4) if varlink -- adapter.DefaultVarlinkAddress // 5) lastly adapter.DefaultAPIAddress Fixes #5150 Fixes #5151 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor image tree for API usageSascha Grunert2020-02-17
| | | | Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Merge pull request #5218 from Jumanjii/update-go-md2man-pkg-nameOpenShift Merge Robot2020-02-17
|\ | | | | Update documentation of commit command to show image reference is optional
| * Update documentation of commit command to show image reference is optionalAllan Jacquet-Cretides2020-02-15
| | | | | | | | | | | | | | | | | | | | | | Following Commit ba1d1304a67b ("make image reference for commit optional") Updates usage text used by cobra and markdown document used to generate MAN page. Fixes: #5145 Signed-off-by: Allan Jacquet-Cretides <allan.jacquet@gmail.com>
* | Rework label parsingMatthew Heon2020-02-14
|/ | | | | | | | | | | | | | | We attempted to share all logic for parsing labels and environment variables, which on the surface makes lots of sense (both are formatted key=value so parsing logic should be identical) but has begun to fall apart now that we have added additional logic to environment variable handling. Environment variables that are unset, for example, are looked up against environment variables set for the process. We don't want this for labels, so we have to split parsing logic. Fixes #3854 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #5189 from mheon/only_set_all_on_statusOpenShift Merge Robot2020-02-13
|\ | | | | Only set --all when a status filter is given to ps
| * Only set --all when a status filter is given to psMatthew Heon2020-02-12
| | | | | | | | | | | | | | | | The changes in #5075 turn out to be too aggressive; we should only be setting --all if a status= filter is given. Otherwise only running containers are filtered. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #5115 from QiWang19/images-formatOpenShift Merge Robot2020-02-13
|\ \ | | | | | | images --format compatible with docker
| * | images --format compatible with dockerQi Wang2020-02-10
| | | | | | | | | | | | | | | | | | | | | This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince. Keep CreatedTime and Created are valid as hidden options. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #5152 from QiWang19/device-cgroup-ruleOpenShift Merge Robot2020-02-13
|\ \ \ | |_|/ |/| | support device-cgroup-rule
| * | support device-cgroup-ruleQi Wang2020-02-12
| | | | | | | | | | | | | | | | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | add pkg/seccompValentin Rothberg2020-02-12
| | | | | | | | | | | | | | | | | | | | | | | | Add pkg/seccomp to consolidate all seccomp-policy related code which is currently scattered across multiple packages and complicating the creatconfig refactoring. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | cmd/podman/pull: refactor codeValentin Rothberg2020-02-12
|/ / | | | | | | | | | | | | | | Refactor and simplify the code in cmd/podman/pull.go to address a couple of issues w.r.t. how the arguments were passed. Also make sure to always use the c/image API for parsing instead of working around it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5083 from vrothberg/v2-libpod-image-endpointsOpenShift Merge Robot2020-02-11
|\ \ | | | | | | v2 api: /libpod/images/{import,load,pull}
| * | v2 api: /libpod/images/pullValentin Rothberg2020-02-10
| |/ | | | | | | | | | | | | | | | | | | Implement the /libpod/images/pull endpoint and correct the swagger docs. The reference parameter is mandatory and must either be a c/image/docker/reference or a reference to the "docker://" transport as the pull endpoint is meant to only support pulling images from a registry. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #5159 from baude/apiv2cockpit1OpenShift Merge Robot2020-02-11
|\ \ | | | | | | Rewire ListContainers for APIv2 libpod
| * | Rewire ListContainers for APIv2 libpodBrent Baude2020-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | consumers of the api remarked how they would prefer a more strongly typed data structure from list containers oon the libpod side of things. for example, events should be consumable and consistent timestamps. also, for the sake of compatibility, it is helpful to have the json named atttributes for Id to not be ID. listcontainers on the libpod side no longer strongly uses the the ps cli to obtain information but we do benefit from turning on the ability to list the last X containers, something CLI does not have yet. we also flipped the bit on defaulting to truncated output in the return. thanks to the efforts of the cockpit team to help us here. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | container create: relax os/arch checksValentin Rothberg2020-02-11
|/ / | | | | | | | | | | | | | | | | | | Relax the os/arch checks when creating a container and only info-log mismatches instead of erroring out. There are too many images used in the wild which do not set their arch correctly correctly. Erroring out has hit users sufficiently enough to justify relaxing the errors and only log to at least inform the users and image vendors. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / Remove incorrect validation of --change for commitMatthew Heon2020-02-10
|/ | | | | | | | | | The validation logic was failing on properly-formatted changes. There's already validation in Commit itself, so no need to duplicate. Fixes #5148 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Refactor runtime functions to pass options structureSascha Grunert2020-02-07
| | | | | | | This makes the code easier to read but should not change the overall behavior. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Move podman-service to podman-system-serviceMatthew Heon2020-02-06
| | | | | | Fixes #5108 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #5098 from rhatdan/memory-swapOpenShift Merge Robot2020-02-06
|\ | | | | Special case memory-swap=-1
| * Special case memory-swap=-1Daniel J Walsh2020-02-05
| | | | | | | | | | | | | | We document that memory-swap==-1 means unlimited, but currently we won't allow the user to specify the -1 value. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5075 from mheon/filter_forces_allOpenShift Merge Robot2020-02-04
|\ \ | | | | | | Force --all when --filter is passed to podman ps
| * | Force --all when --filter is passed to podman psMatthew Heon2020-02-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we filter, it should be out of all containers, not just running ones, by default - this is necessary to ensure Docker compatability. Fixes #5050 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Fix wrong Containerfile location on buildSascha Grunert2020-02-04
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman does select the wrong Containerfile if the current working directory contains a Containerfile but we specify one from a different location. Reproducer: ``` > mkdir 1 > echo FROM scratch > Containerfile > echo FROM golang > 1/Containerfile > podman build -f 1/Containerfile -t test STEP 1: FROM scratch ``` Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | seperate container create network optionsBrent Baude2020-02-03
|/ | | | | | | | | | | | | | | | | | this pr splits off some of the network container create options into a different flag set. the options in question are: --add-host --dns --dns-opt --dns-search --ip --mac-address --network --no-hosts --publish in the future, these options are going to be added to the pod create flags. this makes that transition easier and provides for less code duplication. Signed-off-by: Brent Baude <bbaude@redhat.com>
* fix longname handling for bindingsBrent Baude2020-01-31
| | | | | | the api needs to account for image input where the image is encoded as a fqd image name. Signed-off-by: Brent Baude <bbaude@redhat.com>
* make image reference for commit optionalBrent Baude2020-01-30
| | | | | | | | to match docker compat, the image tag should be optional. Fixes: #5027 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Throw error on invalid sort valueDaniel J Walsh2020-01-28
| | | | | | | We define the valid sort values, so we should throw an error on invalid sort values. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4984 from baude/pullarchoverrideOpenShift Merge Robot2020-01-28
|\ | | | | expose --arch-override option for pull
| * expose --arch-override option for pullBrent Baude2020-01-27
| | | | | | | | | | | | | | | | We no longer wish to hide the --arch-override from the cli on pulls. we now expose it. docs updated. tests already exist. Fixes: #4849 Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Hidden remote flags can be nilBrent Baude2020-01-26
|/ | | | | | | | The pull command has several options that are hidden for the remote client. In that case, when checking to see if the flag has been flipped with .Changed, we get a nil pointer error. Using IsSet is tolerant of this. Fixes: #4706 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #4965 from baude/reviewcorrections3OpenShift Merge Robot2020-01-25
|\ | | | | APIv2 review corrections #3
| * APIv2 review corrections #3Brent Baude2020-01-25
| | | | | | | | | | | | The third pass of corrections for the APIv2. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | fork fatih/camelcaseValentin Rothberg2020-01-25
|/ | | | | | | | | faith/camelcase has been archived and is no longer maintained. The package is sufficiently small and self-contained enough to maintain it in libpod. Fixes: #4783 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* seccomp policy: expect profile in config labelValentin Rothberg2020-01-23
| | | | | | | | Move the seccomp profile from a manifest annotation to a config label. This way, we can support it for Docker images as well and provide an easy way to add that data via Dockerfiles. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4861 from giuseppe/add-cgroups-disabled-conmonOpenShift Merge Robot2020-01-22
|\ | | | | oci_conmon: do not create a cgroup under systemd
| * podman: add new option --cgroups=no-conmonGiuseppe Scrivano2020-01-16
| | | | | | | | | | | | | | | | it allows to disable cgroups creation only for the conmon process. A new cgroup is created for the container payload. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Add service endpointbaude2020-01-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add service endpoint for the new API. Also supports the varlink implementation. Signed-off-by: baude <bbaude@redhat.com> Refactor to allow developer more control of API server * Add api.NewServerWithSettings() to create an API server with custom settings * Add api.ListenUnix() to create a UDS net.Listener and setup UDS Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: baude <bbaude@redhat.com> More service completion Add podman service command that allows users to run either a RESTful or varlink protocol API service. Addition of docs and RESTful listening. Signed-off-by: baude <bbaude@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Update `tag` documentation regarding 'alias' usageSascha Grunert2020-01-17
|/ | | | | | | | The word `alias` is not very common when speaking about image names and tags. So we just refer to image name as the overall identifier of an image. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* Remove c.String(net)Daniel J Walsh2020-01-16
| | | | | | | We have a lot of cludgy code trying to make --net and --network equivalent. This will allow --net to still exists but will eliminate the help and confusion. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #4806 from vrothberg/seccompOpenShift Merge Robot2020-01-15
|\ | | | | policy for seccomp-profile selection
| * policy for seccomp-profile selectionValentin Rothberg2020-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a policy for selecting a seccomp profile. In addition to the default behaviour (default profile unless --security-opt seccomp is set) add a second policy doing a lookup in the image annotation. If the image has the "io.containers.seccomp.profile" set its value will be interpreted as a seccomp profile. The policy can be selected via the new --seccomp-policy CLI flag. Once the containers.conf support is merged into libpod, we can add an option there as well. Note that this feature is marked as experimental and may change in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * shared/create.go: s/data/imageData/Valentin Rothberg2020-01-09
| | | | | | | | | | | | | | Rename `data` to `imageData` to make it more obvious which kind of data the variable refers to. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | make lint: include unit testsValentin Rothberg2020-01-14
| | | | | | | | | | | | | | Include the unit tests (i.e., _test.go files) for linting to make the tests more robust and enforce the linters' coding styles etc. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4845 from baude/pruneforceOpenShift Merge Robot2020-01-13
|\ \ | | | | | | clarify cont
| * | clarify container prune --forcebaude2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | the --force parameter should only be used for the CLI and should only dictate whether to prompt the user for confirmation. Fixes: #4844 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #4850 from vrothberg/fix-lintingOpenShift Merge Robot2020-01-13
|\ \ \ | | | | | | | | Fix linting
| * | | make lint: enable gocriticValentin Rothberg2020-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `gocritic` is a powerful linter that helps in preventing certain kinds of errors as well as enforcing a coding style. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>