summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Allow users to add host user accounts to /etc/passwdDaniel J Walsh2021-12-23
| | | | | | | | | | | Some containers require certain user account(s) to exist within the container when they are run. This option will allow callers to add a bunch of passwd entries from the host to the container even if the entries are not in the local /etc/passwd file on the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12672 from adrianreber/2021-12-21-check-for-memtrackOpenShift Merge Robot2021-12-23
|\ | | | | Error out early if system does not support pre-copy checkpointing
| * Error out early if system does not support pre-copy checkpointingAdrian Reber2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU's pre-copy migration support relies on the soft dirty page tracking in the Linux kernel: https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt This functionality is not implemented for all architectures and it can also be turned off in the kernel. CRIU can check if the combination of architecture/kernel/CRIU supports the soft dirty page tracking and exports this feature checking functionality in go-criu. This commit adds an early check if the user selects pre-copy checkpointing to error out if the system does not support it. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
|/ | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Podman run --passwdcdoern2021-12-21
| | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #12622 from flouthoc/return_exit_code_for_buildOpenShift Merge Robot2021-12-17
|\ | | | | build: relay `exitcode` from imagebuildah to registry
| * build: relay exitcode from imagebuildah to registryAditya Rajan2021-12-17
| | | | | | | | | | | | | | | | Podman does not relay exit code from buildah instead returns a generic error code `125`. Following PR allows `podman` to relay exit code from `imagebuildah` to `registry` as it is. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | Set machine timezoneBrent Baude2021-12-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Added an option to podman machine init to declare the timezone of the resulting machine. the default is to use the value of the host name or else a given timezone name like America/Chicago. Fixes: #11895 Signed-off-by: Brent Baude <bbaude@redhat.com> [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | kill: fix outputValentin Rothberg2021-12-16
|/ | | | | | | Make sure that `kill -a` is printing the IDs of killed containers. Previously, it was only printing empty lines. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12534 from Luap99/network-dbOpenShift Merge Robot2021-12-15
|\ | | | | network db rewrite
| * play kube add support for multiple networksPaul Holzinger2021-12-14
| | | | | | | | | | | | Allow the same --network options for play kube as for podman run/create. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * support advanced network configuration via cliPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rework the --network parse logic to support multiple networks with specific network configuration settings. --network can now be set multiple times. For bridge network mode the following options have been added: - **alias=name**: Add network-scoped alias for the container. - **ip=IPv4**: Specify a static ipv4 address for this container. - **ip=IPv6**: Specify a static ipv6 address for this container. - **mac=MAC**: Specify a static mac address address for this container. - **interface_name**: Specify a name for the created network interface inside the container. So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99 for the default bridge network as well as for network names. This is better than using --ip because we can set the ip per network without any confusion which network the ip address should be assigned to. The --ip, --mac-address and --network-alias options are still supported but --ip or --mac-address can only be set when only one network is set. This limitation already existed previously. The ability to specify a custom network interface name is new Fixes #11534 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * Add new networks format to spegecenPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | Add the new networks format to specgen. For api users cni_networks is still supported to make migration easier however the static ip and mac fields are removed. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * network connect allow ip, ipv6 and mac addressPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | Network connect now supports setting a static ipv4, ipv6 and mac address for the container network. The options are added to the cli and api. Fixes #9883 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12595 from Luap99/network-idOpenShift Merge Robot2021-12-14
|\ \ | | | | | | fix network id handling
| * | fix network id handlingPaul Holzinger2021-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have to get the network ID from the network backend. With the netavark backend we no longer use the sha from the name as ID. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12586 from jmguzik/secret-cmdOpenShift Merge Robot2021-12-14
|\ \ \ | |/ / |/| | Add secret list --filter to cli
| * | Add secret list --filter to cliJakub Guzik2021-12-14
| |/ | | | | | | | | | | | | This PR is a follow-up of #11431. It adds possibility of filtering secret list based on id and name. Signed-off-by: Jakub Guzik <jguzik@redhat.com>
* / network ls: show networks in deterministic orderPaul Holzinger2021-12-14
|/ | | | | | | | The new network backend stores the networks in a map so the returned order is not deterministic. Lets sort the network names alphabetically to ensure a deterministic order. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* --hostname should be set when using --pod new:foobarDaniel J Walsh2021-12-09
| | | | | | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599 When you create pod, it shares the UTS namespace with Containers. Currently the --hostname is not passed to the pod created when you create a container and pod in the same command. Also fix error message on supported --share flags Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Update vendor or containers/common moving pkg/cgroups thereDaniel J Walsh2021-12-07
| | | | | | | [NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so existing tests should be fine. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Refactor podman pods to report.FormatterJhon Honce2021-12-06
| | | | | | | | | | | [NO NEW TESTS NEEDED] Support better compatibility output for podman pods commands See #10974 Depends on containers/common#831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Refactor podman system to report.FormatterJhon Honce2021-12-03
| | | | | | | | | | | | | | [NO NEW TESTS NEEDED] Support better compatibility output for podman system commands * Format and content of output from podman version changed to be more compatible See #10974 Depends on containers/common#831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* Refactor podman image command outputJhon Honce2021-12-02
| | | | | | | | | | | Leverage new report.Formatter allowing better compatibility from podman command output. Follow on PR's will cover containers, etc. See #10974 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #12460 from jwhonce/issues/10974-1OpenShift Merge Robot2021-12-01
|\ | | | | [NO NEW TESTS NEEDED] Refactor podman container command output
| * [NO NEW TESTS NEEDED] Refactor podman container command outputJhon Honce2021-12-01
| | | | | | | | | | | | | | | | | | | | | | | | Leverage new report.Formatter allowing better compatibility from podman command output. See #10974 See #12455 Depends on containers/common#831 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | podman, push: expose --compression-formatGiuseppe Scrivano2021-12-01
|/ | | | | | support overriding the compression format at push time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix: parsing of HostConfig.Mounts for container createMatej Vasek2021-11-29
| | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* Merge pull request #12361 from rhatdan/remoteDaniel J Walsh2021-11-23
|\ | | | | podman-remote does not support signature-policy
| * podman-remote does not support signature-policyDaniel J Walsh2021-11-19
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12357 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Use same runtime to restore a container as during checkpointingAdrian Reber2021-11-19
|/ | | | | | | | | | | | | | | | | | | | | | There are at least two runtimes that support checkpoint and restore: runc and crun. Although the checkpoints created by these are almost compatible, it is not (yet) possible to restore a checkpoint created with one runtime with the other runtime. To make checkpoint/restore usage more comfortable this adds code to look into the checkpoint archive during restore and to set the runtime to the one used during checkpointing. This also adds a check, if the user explicitly sets a runtime during restore, that the runtime is also the same as used during checkpointing. If a different runtime is selected than the one used during checkpointing the restore will fail early. If runc and crun will create compatible checkpoints in the future the check can be changed to treat crun and runc as compatible checkpoint/restore runtimes. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #12356 from Luap99/pod-logsOpenShift Merge Robot2021-11-19
|\ | | | | fix duplicated logs command
| * fix duplicated logs commandPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | Podman logs was defined twice, once for container logs and once for pod logs. This causes problems with the shell completion. Also podman --help showed this command twice. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Add --file-locks checkpoint/restore optionRadostin Stoyanov2021-11-18
|/ | | | | | | | CRIU supports checkpoint/restore of file locks. This feature is required to checkpoint/restore containers running applications such as MySQL. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* Merge pull request #12281 from vrothberg/fix-12007OpenShift Merge Robot2021-11-17
|\ | | | | fix remote checkpoint/restore
| * fix remote checkpoint/restoreValentin Rothberg2021-11-16
| | | | | | | | | | | | | | | | | | Nothing was working before, and it's too much to summarize. To make sure we're not regressing in the future again, enable the remote e2e tests. Fixes: #12007 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12303 from rhatdan/tmpdirOpenShift Merge Robot2021-11-17
|\ \ | | | | | | Set config environment variables early in Podman init
| * | Set config environment variables early in Podman initDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12296 [NO NEW TESTS NEEDED] because there is no easy way to test this. Tests are in containers/common. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11076 from boaz0/closes_10275OpenShift Merge Robot2021-11-15
|\ \ | | | | | | Support template unit files in podman generate systemd
| * | Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Added optional container restore statisticsAdrian Reber2021-11-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container restore'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to restore a checkpoint and print out these information. CRIU already creates process restore statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the restored container, Podman will now print out JSON: # podman container restore --latest --print-stats { "podman_restore_duration": 305871, "container_statistics": [ { "Id": "47b02e1d474b5d5fe917825e91ac653efa757c91e5a81a368d771a78f6b5ed20", "runtime_restore_duration": 140614, "criu_statistics": { "forking_time": 5, "restore_time": 67672, "pages_restored": 14 } } ] } The output contains 'podman_restore_duration' which contains the number of microseconds Podman required to restore the checkpoint. The output also includes 'runtime_restore_duration' which is the time the runtime needed to restore that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Added optional container checkpointing statisticsAdrian Reber2021-11-15
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds the parameter '--print-stats' to 'podman container checkpoint'. With '--print-stats' Podman will measure how long Podman itself, the OCI runtime and CRIU requires to create a checkpoint and print out these information. CRIU already creates checkpointing statistics which are just read in addition to the added measurements. In contrast to just printing out the ID of the checkpointed container, Podman will now print out JSON: # podman container checkpoint --latest --print-stats { "podman_checkpoint_duration": 360749, "container_statistics": [ { "Id": "25244244bf2efbef30fb6857ddea8cb2e5489f07eb6659e20dda117f0c466808", "runtime_checkpoint_duration": 177222, "criu_statistics": { "freezing_time": 100657, "frozen_time": 60700, "memdump_time": 8162, "memwrite_time": 4224, "pages_scanned": 20561, "pages_written": 2129 } } ] } The output contains 'podman_checkpoint_duration' which contains the number of microseconds Podman required to create the checkpoint. The output also includes 'runtime_checkpoint_duration' which is the time the runtime needed to checkpoint that specific container. Each container also includes 'criu_statistics' which displays the timing information collected by CRIU. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12272 from hshiina/memory-swappinessOpenShift Merge Robot2021-11-13
|\ \ | | | | | | Enable 'podman run --memory-swappiness=0'
| * | Enable 'podman run --memory-swappiness=0'Hironori Shiina2021-11-12
| | | | | | | | | | | | | | | | | | | | | | | | '--memory-swappiness=0' used to work. This patch fixes the regression issue, which was caused by the change of infra container creation process. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ \ \ | |/ / |/| | --authfile command line argument for image sign command.
| * | --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12224 from cdoern/scpOpenShift Merge Robot2021-11-12
|\ \ \ | |/ / |/| | Podman Image SCP transfer patch