summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Set TMPDIR to /var/tmp by default if not setDaniel J Walsh2020-06-30
| | | | | | | | | Containers/image will use TMPDIR for the location of pulled layer blobs. If TMPDIR is not set, it will use /tmp. Since this is known to be of limited space on most systems, we change the default to /var/tmp if the user has not told the tools where to store temporary files. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #6808 from mheon/allow_empty_hostportOpenShift Merge Robot2020-06-29
|\ | | | | Allow empty host port in --publish flag
| * Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6794 from baude/v2remotewindowsterminalOpenShift Merge Robot2020-06-29
|\ \ | | | | | | Set console mode for windows
| * | Set console mode for windowsBrent Baude2020-06-29
| |/ | | | | | | | | | | Windows terminal handling is different than darwin and linux. It needs to have the terminal mode set to enable virtual terminal processing. This allows colors and other things to work. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #6716 from jwhonce/issues/6598OpenShift Merge Robot2020-06-29
|\ \ | | | | | | Fixes --remote flag issues
| * | Fixes --remote flag issuesJhon Honce2020-06-26
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * --remote, --url and --identity are now anchored to podman command. Subcommands should no longer have issues * TraverseChildren now set to V1 expectations * Latest flag now has helper function. Now has consistent usage. * IsRemote() uses cobra parser to determin if --remote is given * Moved validation functions from parser pkg to validate pkg * Fixes #6598 Fixes #6704 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6666 from giuseppe/conmon-delegateOpenShift Merge Robot2020-06-29
|\ \ | |/ |/| podman: add new cgroup mode split
| * podman: add new cgroup mode splitGiuseppe Scrivano2020-06-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running under systemd there is no need to create yet another cgroup for the container. With conmon-delegated the current cgroup will be split in two sub cgroups: - supervisor - container The supervisor cgroup will hold conmon and the podman process, while the container cgroup is used by the OCI runtime (using the cgroupfs backend). Closes: https://github.com/containers/libpod/issues/6400 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Revert sending --remote flag to containersJhon Honce2020-06-25
| | | | | | | | | | | | * quick --remote fix, sent --remote to ctnrs as argument Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6754 from edsantiago/man_page_xrefOpenShift Merge Robot2020-06-25
|\ \ | | | | | | Docs: consistency between man / --help
| * | Docs: consistency between man / --helpEd Santiago2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | New functionality in hack/man-page-checker: start cross- referencing the man page 'Synopsis' line against the output of 'podman foo --help'. This is part 1, flag/option consistency. Part 2 (arg consistency) is too big and will have to wait for later. flag/option consistency means: if 'podman foo --help' includes the string '[flags]' in the Usage message, make sure the man page includes '[*options*]' in its Synopsis line, and vice-versa. This found several inconsistencies, which I've fixed. While doing this I realized that Cobra automatically includes a 'Flags:' subsection in its --help output for all subcommands that have defined flags. This is great - it lets us cross-check against the usage synopsis, and make sure that '[flags]' is present or absent as needed, without fear of human screwups. If a flag-less subcommand ever gets extended with flags, but the developer forgets to add '[flags]' and remove DisableFlagsInUseLine, we now have a test that will catch that. (This, too, caught two instances which I fixed). I don't actually know if the new man-page-checker functionality will work in CI: I vaguely recall that it might run before 'make podman' does; and also vaguely recall that some steps were taken to remedy that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6751 from vrothberg/fix-6744OpenShift Merge Robot2020-06-25
|\ \ \ | |_|/ |/| | podman run/create: support all transports
| * | podman run/create: support all transportsValentin Rothberg2020-06-24
| |/ | | | | | | | | | | | | | | | | Support all image transports in podman run/create. It seems we regressed with v2 on that. Also add tests to make sure we're not regressing again. Fixes: #6744 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6752 from rhatdan/inspectOpenShift Merge Robot2020-06-24
|\ \ | | | | | | Fix inspect to display multiple label: changes
| * | Fix inspect to display multiple label: changesDaniel J Walsh2020-06-24
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the user runs a container like podman run --security-opt seccomp=unconfined --security-opt label=type:spc_t --security-opt label=level:s0 ... Podman inspect was only showing the second option This change will show "SecurityOpt": [ "label=type:spc_t,label=level:s0:c60", "seccomp=unconfined" ], Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6732 from mheon/fix_stopsignal_setOpenShift Merge Robot2020-06-24
|\ \ | |/ |/| Set stop signal to 15 when not explicitly set
| * Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6733 from edsantiago/bats_help_extra_argsOpenShift Merge Robot2020-06-24
|\ \ | | | | | | BATS tests: new too-many-arguments test
| * | BATS tests: new too-many-arguments testEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...plus a few others. And fixes to actual parsing. If a command's usage message includes '...' in the argument list, assume it can take unlimited arguments. Nothing we can check. For all others, though, the ALL-CAPS part on the right-hand side of the usage message will define an upper bound on the number of arguments accepted by the command. So in our 'podman --help' test, generate N+1 args and run that command. We expect a 125 exit status and a suitably helpful error message. Not all podman commands or subcommands were checking, so I fixed that. And, fixed some broken usage messages (all-caps FLAGS, and '[flags]' at the end of 'ARGS'). Add new checks to the help test to prevent those in the future. Plus a little refactoring/cleanup where necessary. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Fix ssh-agent supportJhon Honce2020-06-23
|/ / | | | | | | | | | | | | * An identity of "" implies ssh-agent and user/password to be used * Fixed example Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #6731 from baude/toolboxjsonOpenShift Merge Robot2020-06-23
|\ \ | | | | | | Add JSON output field for ps
| * | Add JSON output field for psBrent Baude2020-06-23
| |/ | | | | | | | | | | the toolbox team needs a field in our ps json that represents a human readable time. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | V2 podman system connectionJhon Honce2020-06-23
| | | | | | | | | | | | | | | | | | * Implement command * Refactor podman-remote to pull from containers.conf by default * podman-remote defaults to --remote being true * Write podman-system-connection.1.md Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | wipBrent Baude2020-06-23
|/ | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #6722 from vrothberg/fix-6718OpenShift Merge Robot2020-06-23
|\ | | | | image load: no args required
| * image load: no args requiredValentin Rothberg2020-06-23
| | | | | | | | | | | | | | | | | | Disable the args requirement of `image load`. Instead of requiring a lower bound, we really need an upper one with at most 1 argument. Extend the system tests to prevent future regressions. Fixes: #6718 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6712 from mheon/readd_userns_envvarOpenShift Merge Robot2020-06-23
|\ \ | |/ |/| Re-add PODMAN_USERNS environment variable
| * Re-add PODMAN_USERNS environment variableMatthew Heon2020-06-22
| | | | | | | | | | | | | | | | | | | | This was lost during the Podman 2.0 migration. Turns out to be a very easy fix, fortunately - we want to use the environment var if not explicitly overridden. Fixes #6705 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ \ | | | | | | Add --preservefds to podman run
| * | Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Fix conflicts between privileged and other flagsMatthew Heon2020-06-22
| |/ |/| | | | | | | | | | | | | The `--privileged` flag does not conflict with `--group-add` (this one was breaking Toolbox) and does not conflict with most parts of `--security-opt` (this was breaking Openstack). Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6671 from rhatdan/buildOpenShift Merge Robot2020-06-21
|\ \ | | | | | | Fix podman build handling of --http-proxy flag
| * | Fix podman build handling of --http-proxy flagDaniel J Walsh2020-06-19
| |/ | | | | | | | | | | Also fixed a todo for handling of cgroup manager while I was in there. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6676 from lsm5/tag-correctionOpenShift Merge Robot2020-06-20
|\ \ | | | | | | Account for non-default port number in image name
| * | Account for non-default port number in image nameLokesh Mandvekar2020-06-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, if an image was tagged with the format $REGISTRY:$PORT/$REPO:$TAG, then `podman images` would display $PORT/$REPO:$TAG under the "TAG" field. This commit correctly displays $REGISTRY:$PORT/$REPO under the "REPOSITORY" field while the "TAG" field only displays $TAG. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> Fixes: gh#6665
* | | Fixes #6670Jhon Honce2020-06-19
|/ / | | | | | | | | | | | | * Sort images for -q option, removing duplicate id's * Sort images for --format json Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / podman images --format json: pretty printValentin Rothberg2020-06-19
|/ | | | | | | | | Pretty print the JSON output when listing images. We regressed on that during v2 development. The indentation is now identical to the one of Podman v1.9.3. Fixes: #6687 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Podman system service is no longer experimentalMatthew Heon2020-06-17
| | | | | | | As such, we can remove the warnings logs that previously printed every time it was run. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6636 from mheon/add_warningsOpenShift Merge Robot2020-06-17
|\ | | | | Re-add resource limit warnings to Specgen
| * Re-add resource limit warnings to SpecgenMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | These were part of Podman v1.9, but were lost in the transition to using Specgen to create containers. Most resource limits are checked via the sysinfo package to ensure they are safe to use (the cgroup is mounted, kernel support is present, etc) and removed if not safe. Further, bounds checks are performed to ensure that values are valid. Ensure these warnings are printed client-side when they occur. This part is a little bit gross, as it happens in pkg/infra and not cmd/podman, which is largely down to how we implemented `podman run` - all the work is done in pkg/infra and it returns only once the container has exited, and we need warnings to print *before* the container runs. The solution here, while inelegant, avoid the need to extensively refactor our handling of run. Should fix blkio-limit warnings that were identified by the FCOS test suite. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ | | | | | | Fix podman inspect on overlapping/missing objects
| * | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #6622 from goochjj/podman_fix_initOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Fix --init and --init-path
| * | Fix --init and --init-pathJoseph Gooch2020-06-16
| |/ | | | | | | | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* / Add deprecated message to varlink commandJhon Honce2020-06-15
|/ | | | | | | * Remove varlink references from the man pages * Fix signature for extractTarFile() Signed-off-by: Jhon Honce <jhonce@redhat.com>
* pod create --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | | | Add a `--replace` flag to the `pod create` command. If another pod with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a pod may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Note that the `--replace` flag does not require the `--name` flag to be set, so it can be set unconditionally in `podman generate systemd`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* {create,run} --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | Add a `--replace` flag to the `container {create,run}` commands. If another container with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a container may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Turn on More lintersDaniel J Walsh2020-06-15
| | | | | | | | | - misspell - prealloc - unparam - nakedret Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Do not default WorkingDir to / on client sideDaniel J Walsh2020-06-12
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>