summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Ignore containers.conf sysctl when namespaces set to hostDaniel J Walsh2020-09-28
| | | | | | | | | | | If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7786 from rhatdan/rootlessOpenShift Merge Robot2020-09-28
|\ | | | | Remove SkipIfRootless if possible, document other calls
| * Remove SkipIfRootless if possible, document other callsDaniel J Walsh2020-09-27
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Properly handle podman run --pull commandDaniel J Walsh2020-09-27
|/ | | | | | | | | | | | | | | | | | Currently the --pull missing|always|never is ignored This PR implements this for local API. For remote we need to default to pullpolicy specified in the containers.conf file. Also fixed an issue when images were matching other images names based on prefix, causing images to always be pulled. I had named an image myfedora and when ever I pulled fedora, the system thought that it there were two images named fedora since it was checking for the name fedora as well as the prefix fedora. I changed it to check for fedora and the prefix /fedora, to prefent failures like I had. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7473 from giuseppe/honor-runtime-for-buildahOpenShift Merge Robot2020-09-24
|\ | | | | build: honor --runtime setting
| * build: honor --runtime settingGiuseppe Scrivano2020-09-24
| | | | | | | | | | | | pass down to Buildah the --runtime setting. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #7753 from vrothberg/fix-7689OpenShift Merge Robot2020-09-24
|\ \ | |/ |/| remote stats
| * stats: break out CLI optionsValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | Have a clear separation of concerns for the CLI-only options (and their logic) from the backend. The backend logic is now easier to understand (e.g., `stream` instead of `noStream`). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * stats refactorValentin Rothberg2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | Refactor the entities' stats API to simplify using it and reduce the risk of running into concurrency issues at the call sites. Further simplify the stats code by de-spaghetti-ing the logic and reducing duplicate code. `ContainerStats` now returns a data channel and an error. If the error is nil, callers can read from the channel. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Allow filtering on pod label valuesJordan Christiansen2020-09-23
|/ | | | | | | | | | | | | | | Before this change, filters of the form `podman pod ps --filter label=app=myapp` were not working. The results would include all pods that contained the app label with any value. Looking at the code, this makes sense. It appears that the second = and everything after it were getting truncated. Even though there was already a passing test that tested `podman pod ps --filter label=io.podman.test.label=value1`, the test failed with the above example with a label `app=myapp`. The new code works in both cases. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* podman save: fix redirect of multi-imagesValentin Rothberg2020-09-22
| | | | | | | | Fix a bug when saving multi-image archives where the progress bars from copying images was accidentally written to the archive and hence corrupted it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #7696 from jwhonce/wip/versionOpenShift Merge Robot2020-09-21
|\ | | | | Refactor version handling in cmd tree
| * Refactor version handling in cmd treeJhon Honce2020-09-18
| | | | | | | | | | | | | | * Move from simple string to semver objects * Change client API Version from '1' to 2.0.0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Fix incorrect parsing of create/run --volumes-fromPaul Holzinger2020-09-20
|/ | | | | | | | | Add a bunch of tests to ensure that --volumes-from works as expected. Also align the podman create and run man page. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7655 from vrothberg/fix-7628OpenShift Merge Robot2020-09-17
|\ | | | | --mount: support arbitrary mount-argument order
| * --mount: support arbitrary mount-argument orderValentin Rothberg2020-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | Support an arbitrary order in which arguments are specified to the `--mount` flag. Previously, Podman expected `type=...` to come first which was breaking compatibility with Docker. Note that this is the ground work to default to "volume" (again Docker compat). However, this will require some further massaging as we have to assign a name. Fixes: #7628 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7647 from jwhonce/issues/7543OpenShift Merge Robot2020-09-17
|\ \ | | | | | | Refactor remote pull to provide progress
| * | Refactor remote pull to provide progressJhon Honce2020-09-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman and podman-remote do not exactly match as the lower layer code checks if the output is destined for a TTY before creating the progress bars. A future PR for containers/images could change this behavior. Fixes #7543 Tested with: $ (echo '# start'; podman-remote pull nginx ) 2>&1 | ts '[%Y-%m-%d %H:%M:%.S]' $ (echo '# start'; podman pull nginx ) 2>&1 | ts '[%Y-%m-%d %H:%M:%.S]' Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #7646 from edsantiago/version_optionsOpenShift Merge Robot2020-09-17
|\ \ | | | | | | podman version and --version: fix format, exit
| * | podman version and --version: fix format, exitEd Santiago2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three unrelated fixes to version output: * podman version --format json: was missing a newline * podman version --format TEMPLATE: had too many newlines * podman --version: would neither display version nor exit if followed by a subcommand ('podman --version ps') The first two were easy: I used my best tweezers to delicately pluck and transfer the misplaced \n and place it where needed. The third was a doozy of a rabbit hole. As best I can tell, a workaround was added in root.go to override cobra's built-in Version handling, apparently to avoid having cobra add "-v" as an alias for "--version". As best I can tell, cobra only does this if the "-v" shortcut is not already taken (at least as of Nov 2019: https://github.com/spf13/cobra/pull/996 ). Also as best I can tell that workaround is purely vestigial, and removing it is safe. I've manually tested "-v" in podman run, system df, and rm. I've run system tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | image list: return all associated namesValentin Rothberg2020-09-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always return all associated names / repo tags of an image and fix a bug with malformed repo tags. Previously, Podman returned all names only with `--all` but this flag only instructs to list intermediate images and should not alter associated names. With `--all` Podman queried the repo tags of an image which splits all *tagged* names into repository and tag which is then reassembled to eventually be parsed again in the frontend. Lot's of redundant CPU heat and buggy as the reassembly didn't consider digests which ultimately broke parsing in the frontend. Fixes: #7651 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Fix podman pod create --infra-command and --infra-imageDaniel J Walsh2020-09-16
| |/ |/| | | | | | | | | | | | | Currently infr-command and --infra-image commands are ignored from the user. This PR instruments them and adds tests for each combination. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7624 from QiWang19/policy-optionOpenShift Merge Robot2020-09-16
|\ \ | | | | | | Supports import&run--signature-policy
| * | Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | | | | | | | | | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #7636 from vrothberg/fix-7407OpenShift Merge Robot2020-09-16
|\ \ \ | |_|/ |/| | run/create: record raw image
| * | run/create: record raw imageValentin Rothberg2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the user-specified "raw" image name in the SpecGenerator, so we can pass it along to the config when creating a container. We need a separate field as the image name in the generator may be set to the ID of the previously pulled image - ultimately the cause of #7404. Reverting the image name from the ID to the user input would not work since "alpine" for pulling iterates over the search registries in the registries.conf but looking up "alpine" normalizes to "localhost/alpine". Recording the raw-image name directly in the generator was the best of the options I considered as no hidden magic from search registries or normalizations (that may or may not change in the future) can interfere. The auto-update backend enforces that the raw-image name is a fully-qualified reference, so we need to worry about that in the front end. Fixes: #7407 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Fix CI breakage due to PR collisionEd Santiago2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR #7633 disallowed "-l" (--latest) with container args. PR #7630 made changes to the "podman wait" command. The error message it issues is inconsistent (and incompatible) with the one required by the new BATS --help test. Fix that. This is entirely my fault. I was aware of #7630, and I was careful to check the output message format, but I was not careful enough (I trusted my eyes, not my code). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7633 from edsantiago/minus_l_with_other_argsOpenShift Merge Robot2020-09-15
|\ \ \ | |_|/ |/| | Usability: prevent "-l" with arguments
| * | Usability: prevent "-l" with argumentsEd Santiago2020-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new system check confirming that "podman foo -l arg" throws an error; and fix lots of instances where code was not doing this check. I'll probably need to add something similar for --all but that can wait. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7452 from jwhonce/issues/7136OpenShift Merge Robot2020-09-15
|\ \ \ | |_|/ |/| | Refactor API build endpoint to be more compliant
| * | Refactor API build endpoint to be more compliantJhon Honce2020-09-14
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Refactor/Rename channel.WriteCloser() to encapsulate the channel * Refactor build endpoint to "live" stream buildah output channels over API rather then buffering output * Refactor bindings/tunnel build because endpoint changes * building tar file now in bindings rather then depending on caller * Cleanup initiating extra image engine * Remove setting fields to zero values (less noise in code) * Update tests to support remote builds Fixes #7136 Fixes #7137 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / podman wait accept args > 1Paul Holzinger2020-09-15
|/ | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #7600 from rhatdan/codespellOpenShift Merge Robot2020-09-11
|\ | | | | Fix up errors found by codespell
| * Fix up errors found by codespellDaniel J Walsh2020-09-11
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7403 from QiWang19/runtime-flagOpenShift Merge Robot2020-09-11
|\ \ | |/ |/| Add global options --runtime-flags
| * Add global options --runtime-flagsQi Wang2020-09-04
| | | | | | | | | | | | Add global options --runtime-flags for setting options to container runtime. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7577 from rhatdan/runlabel1OpenShift Merge Robot2020-09-10
|\ \ | | | | | | podman container runlabel should pull the image if it does not exist
| * | podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7460 from AkihiroSuda/allow-rootless-cniOpenShift Merge Robot2020-09-10
|\ \ \ | | | | | | | | rootless: support `podman network create` (CNI-in-slirp4netns)
| * | | rootless: support `podman network create` (CNI-in-slirp4netns)Akihiro Suda2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usage: ``` $ podman network create foo $ podman run -d --name web --hostname web --network foo nginx:alpine $ podman run --rm --network foo alpine wget -O - http://web.dns.podman Connecting to web.dns.podman (10.88.4.6:80) ... <h1>Welcome to nginx!</h1> ... ``` See contrib/rootless-cni-infra for the design. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7576 from openSUSE/manifest-add-extend-flagsOpenShift Merge Robot2020-09-10
|\ \ \ \ | |_|/ / |/| | | Extend the flags of the `manifest add` command
| * | | Extend flags of `manifest add`Flavio Castelli2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Extend the flags of `podman manifest add` to include also: * cert-dir * auth-file * creds * tls-verify These options are useful when adding to a manifest an image that is not part of the local image store. The image resides on a remote registry that falls into one of these cases: it's not using tls termination, it requires authentication or it's secured with an unknown tls certificate. Consider the following scenario: a multi architecture manifest is created as part of a multi-step CI pipeline running in a containerized way. All the images referenced by the manifest live inside of a registry secured with a self-signed tls certificate. Without this patch the manifest creation step would have to pull all the multi-architecture images locally via `podman pull`. With this patch the usage of `podman pull` would not be needed because the images' digests can be requested straight to the registry. That means the execution of manifest creation step would be faster and result in less disk space and network bandwidth being used. Finally, this is a propagation of a similar fix done inside of buildah via https://github.com/containers/buildah/pull/2593 Signed-off-by: Flavio Castelli <fcastelli@suse.com>
* | | | Merge pull request #7290 from rhatdan/externalOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Show c/storage (Buildah/CRI-O) containers in ps
| * | | | Show c/storage (Buildah/CRI-O) containers in psDaniel J Walsh2020-09-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `podman ps --all` command will now show containers that are under the control of other c/storage container systems and the new `ps --storage` option will show only containers that are in c/storage but are not controlled by libpod. In the below examples, the '*working-container' entries were created by Buildah. ``` podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9257ef8c786c docker.io/library/busybox:latest ls /etc 8 hours ago Exited (0) 8 hours ago gifted_jang d302c81856da docker.io/library/busybox:latest buildah 30 hours ago storage busybox-working-container 7a5a7b099d33 localhost/tom:latest ls -alF 30 hours ago Exited (0) 30 hours ago hopeful_hellman 01d601fca090 localhost/tom:latest ls -alf 30 hours ago Exited (1) 30 hours ago determined_panini ee58f429ff26 localhost/tom:latest buildah 33 hours ago storage alpine-working-container podman ps --external CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d302c81856da docker.io/library/busybox:latest buildah 30 hours ago external busybox-working-container ee58f429ff26 localhost/tom:latest buildah 33 hours ago external alpine-working-container ``` Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Fix podman build --logfileDaniel J Walsh2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently this command blows up because it closes the file descriptor before doing the build. Add tests to make sure we don't regress. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877188 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #6811 from vrothberg/multi-image-archivesOpenShift Merge Robot2020-09-09
|\ \ \ \ | |/ / / |/| | | podman load/save: support multi-image docker archive
| * | | support multi-image (docker) archivesValentin Rothberg2020-09-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support loading and saving tarballs with more than one image. Add a new `/libpod/images/export` endpoint to the rest API to allow for exporting/saving multiple images into an archive. Note that a non-release version of containers/image is vendored. A release version must be vendored before cutting a new Podman release. We force the containers/image version via a replace in the go.mod file; this way go won't try to match the versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / / Don't setup the Image/ContainerEngine when calling a cmd with subcmdsPaul Holzinger2020-09-08
|/ / | | | | | | | | | | | | | | | | | | | | There is no need to setup the image and container engine when calling a command with subcommands since we only print a usage message. e.g `podman`,`podman container` This also allows the remote client to show the usage message on these commands without a running endpoint. I added a test for this. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7540 from QiWang19/system-dfOpenShift Merge Robot2020-09-07
|\ \ | | | | | | Fix system df inconsistent
| * | Fix system df inconsistentQi Wang2020-09-04
| |/ | | | | | | | | | | Use RWSzir as system df verbose containers size to remain consistent with the summery. Volume is reclaimable only if not used by container. Signed-off-by: Qi Wang <qiwan@redhat.com>