summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Network interfacePaul Holzinger2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement a new network interface to abstract CNI from libpod. The interface is implemented for the CNI backend but in the future we can add more backends. The code is structured in three new packages: - `libpod/network/types`: contains the interface definition and the necessary types for it. - `libpod/network/cni` contains the interface implementation for the CNI backend. - `libpod/network/util` a set of utility functions related to networking. The CNI package uses ginkgo style unit tests. To test Setup/Teardown the test must be run as root. Each test will run in their own namespace to make the test independent from the host environment. New features with the CNI backend: - The default network will be created in memory if it does not exists on disk. - It can set more than one static IP per container network. - Networks are loaded once from disk and only if this interface is used, e.g. for commands such as `podman info` networks are not loaded. This reduces unnecessary disk IO. This commit only adds the interface it is not wired into libpod. This requires a lot of breaking changes which will be done in a followup commit. Once this is integrated into libpod the current network code under `libpod/network` should be removed. Also the dependency on OCICNI should be dropped. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11290 from flouthoc/volume-exportOpenShift Merge Robot2021-08-23
|\ | | | | volumes: Add support for `volume export` which allows exporting content to external path.
| * volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | | | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11205 from Shivkumar13/shivkumar-tls-fixOpenShift Merge Robot2021-08-23
|\ \ | | | | | | Support for --tls-verify flag in podman-run & podman-create
| * | Support for --tls-verify flag in podman run & podman createShivkumar132021-08-21
| | | | | | | | | | | | Signed-off-by: Shivkumar13 <sople@redhat.com>
* | | Merge pull request #11308 from vrothberg/profilingOpenShift Merge Robot2021-08-23
|\ \ \ | | | | | | | | profiling: higher memory sampling rate
| * | | profiling: higher memory sampling rateValentin Rothberg2021-08-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Increase the memory-sampling rate to the same default as github.com/pkg/profile. Allow for custom rates by reading the `MemProfileRate` env variable. [NO TESTS NEEDED] since it's a dev only flag and not part of CI. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Use pod netns with --pod-id-filePaul Holzinger2021-08-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | When `--pod-id-file` is used do not parse the default network namespace and let specgen handle it instead. This regression was introduced in commit 7ef3981abe24. Fixes #11303 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | / add flag to record memory profilesValentin Rothberg2021-08-20
| |/ |/| | | | | | | | | | | | | | | Add a new flag `--memory-profile=$path` which creates a memory profile. The generated profile can later be analyzed via `go tool pprof`. [NO TESTS NEEDED] since it's a hidden flag, devs-only. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Add ability to build images in play kubeBrent Baude2021-08-18
| | | | | | | | | | | | | | | | When playing a kube YAML file, it can be desirable to be able to build an image on the fly. This is good for development of an image and YAML files and somewhat mocks what compose does. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11195 from Luap99/xdg-rootopenshift-ci[bot]2021-08-16
|\ \ | | | | | | rootful: unset XDG_RUNTIME_DIR
| * | rootful: unset XDG_RUNTIME_DIRPaul Holzinger2021-08-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Depending how the user logs in to the root account, XDG_RUNTIME_DIR is set to /run/user/0 or it is unset. For conmon we already set it always to an empty string. The inconsistency is causing issues for the dnsname plugin. To fix it unset XDG_RUNTIME_DIR for the podman process. [NO TESTS NEEDED] Fixes #10806 Fixes #10745 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11228 from mlegenovic/mainopenshift-ci[bot]2021-08-16
|\ \ | | | | | | Fixed healthcheck default values when container created via compat API
| * | Fixed healthcheck default values when container created via compat APIMilivoje Legenovic2021-08-14
| | | | | | | | | | | | | | | | | | Fixes #11225 Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | rename oneshot initcontainers to onceBrent Baude2021-08-12
|/ / | | | | | | | | | | | | | | | | | | after the init containers pr merged, it was suggested to use `once` instead of `oneshot` containers as it is more aligned with other terminiology used similarily. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Run codespell to fix spellingDaniel J Walsh2021-08-11
| | | | | | | | | | | | [NO TESTS NEEDED] Just fixing spelling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11153 from cdoern/scpopenshift-ci[bot]2021-08-11
|\ \ | |/ |/| Added autocompletion for images and system connections for podman image SCP
| * Added autocompletion for images and system connectionscdoern2021-08-09
| | | | | | | | | | | | | | [NO TESTS NEEDED] image scp should autocomplete images and system connections since the args can be either. Made a new function, common.AutocompleteScp Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #10589 from umohnani8/pod-usernsopenshift-ci[bot]2021-08-10
|\ \ | | | | | | Add support for pod inside of user namespace.
| * | Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* / Alias build to buildx, so it won't failDaniel J Walsh2021-08-09
|/ | | | | | Add hidden --load and --progress flag as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11074 from vrothberg/auto-update-rollbackopenshift-ci[bot]2021-08-06
|\ | | | | auto-update: simple rollback
| * auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | | | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ \ | |/ |/| implement init containers in podman
| * implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Fix podman unpause,pause,kill --all to work like podman stop --allDaniel J Walsh2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you execute podman unpause --all, podman pause --all Podman shows attempts to unpause containers that are not paused and prints an error. This PR catches this error and only prints errors if a paused container was not able to be unpaused. Currently if you execute podman pause --all or podman kill --all, Podman Podman shows attempts to pause or kill containers that are not running and prints an error. This PR catches this error and only prints errors if a running container was not able to be paused or killed. Also change printing of multiple errors to go to stderr and to prefix "Error: " in front to match the output of the last error. Fixes: https://github.com/containers/podman/issues/11098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ \ | | | | | | stats: add a interval parameter to cli and api stats streaming
| * | e2e tests: re-enable and fix podman stats testsThomas Weber2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Renamed podman pod stats test specs to distinguish them from podman stats tests. podman stats tests where disabled by a +build flag. Fix podman stats format test, add negative test. Fix podman stats cli command, exit non-zero on invalid format string. Add tests for podman stats interval flag. Signed-off-by: Thomas Weber <towe75@googlemail.com>
| * | stats: add a interval parameter to cli and api stream modeThomas Weber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman stats polled by default in a 1 sec period. This can put quite some load on a machine if you run many containers. The default value is now 5 seconds. You can change this interval with a new, optional, --interval, -i cli flag. The api request got also a interval query parameter for the same purpose. Additionally a unused const was removed. Api and cli will fail the request if a 0 or negative value is passed in. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | | image scp: fix typo in outputValentin Rothberg2021-08-03
| |/ |/| | | | | | | | | | | | | s/Loaded images(s)/Loaded image(s)/ [NO TESTS NEEDED] (I think we should test the output at some point) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10828 from cdoern/scpopenshift-ci[bot]2021-08-02
|\ \ | | | | | | Created image scp feature
| * | Created scp.go image_scp_test.go and podman-image-scp.1.mdcdoern2021-07-30
| |/ | | | | | | | | | | | | | | added functionality for image secure copying from local to remote. Also moved system connection add code around a bit so functions within that file can be used by scp. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11054 from saschagrunert/login-logout-path-testsopenshift-ci[bot]2021-08-01
|\ \ | | | | | | Add `--accept-repositories` integration tests
| * | Add `--accept-repositories` integration testsSascha Grunert2021-07-30
| | | | | | | | | | | | | | | | | | | | | This adds the integration tests for the repository or namespaced registry feature introduced in c/common. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | Merge pull request #11048 from cdoern/heatlhCheckCompatOpenShift Merge Robot2021-07-29
|\ \ \ | | | | | | | | Fixed Healthcheck formatting, string to []string
| * | | Fixed Healthcheck formatting, string to []stringcdoern2021-07-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
| * | | Fixed Healthcheck formatting, string to []stringcdoern2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Compat healthcheck tests are of the format []string but podman's were of the format string. Converted podman's to []string at the specgen level since it has the same effect and removed the incorrect parsing of compat healthchecks. fixes #10617 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #11065 from vrothberg/cp-cleanupsOpenShift Merge Robot2021-07-28
|\ \ \ \ | | | | | | | | | | cp: consolidate and simplify
| * | | | cp: consolidate and simplifyValentin Rothberg2021-07-28
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Consolidate and simplify code in `podman cp` a bit. PR #11049 introduced some code duplicates that were worth tackling. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #10910 from ↵OpenShift Merge Robot2021-07-28
|\ \ \ \ | |/ / / |/| | | | | | | | | | | adrianreber/2021-07-12-checkpoint-restore-into-pod Add support for checkpoint/restore into and out of pods
| * | | Support checkpoint/restore with podsAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support to checkpoint containers out of pods and restore container into pods. It is only possible to restore a container into a pod if it has been checkpointed out of pod. It is also not possible to restore a non pod container into a pod. The main reason this does not work is the PID namespace. If a non pod container is being restored in a pod with a shared PID namespace, at least one process in the restored container uses PID 1 which is already in use by the infrastructure container. If someone tries to restore container from a pod with a shared PID namespace without a shared PID namespace it will also fail because the resulting PID namespace will not have a PID 1. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #11049 from vrothberg/fix-7370OpenShift Merge Robot2021-07-27
|\ \ \ \ | | | | | | | | | | support container to container copy
| * | | | support container to container copyMehul Arora2021-07-27
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement container to container copy. Previously data could only be copied from/to the host. Fixes: #7370 Co-authored-by: Mehul Arora <aroram18@mcmaster.ca> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / / / command: migrate doesn't move process to cgroupGiuseppe Scrivano2021-07-27
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add a new annotation for the "system migrate" command to not move the pause process to a separate cgroup. The operation is not needed since "system migrate" destroys the pause process, so there won't be any process left to move to a cgroup. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #10895 from rhatdan/devicesOpenShift Merge Robot2021-07-24
|\ \ \ | | | | | | | | Support DeviceCgroupRules to actually get added.
| * | | Support DeviceCgroupRules to actually get added.Daniel J Walsh2021-07-21
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/10302 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #10996 from cdoern/untilLogOpenShift Merge Robot2021-07-24
|\ \ \ \ | | | | | | | | | | Implemented --until flag for Libpod's Container Logs
| * | | | Implemented --until flag for libpod's container logscdoern2021-07-22
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. This led me to implement the until param for libpod's container logs as well. Added e2e tests. Signed-off-by: cdoern <cdoern@redhat.com>
* | | | import: write stdin to tmp fileValentin Rothberg2021-07-23
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If importing an archive via stdin write it to a temporary file such that the temporary file can be opened multiple times later on. Otherwise, we may end up with an empty image. Also fix a bug in the URL parsing code; we need to check whether there's actually a scheme. Add system tests for `podman import` exercising the basics. Fixes: #10994 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>