summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Hide podman manifest push --sign-by on remoteMiloslav Trmač2022-08-02
| | | | | | ... because it is documented to be ignored. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Use signByFlagName instead of copy&pasting the stringMiloslav Trmač2022-08-02
| | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* pod create --share none should not create infraCharlie Doern2022-07-26
| | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* docs: remove CNI word where it is not applicablePaul Holzinger2022-07-26
| | | | | | | | | | Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-26
| | | | | | | | | | | | | | | The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix some pkg/machine/e2e test to read stderrPaul Holzinger2022-07-26
| | | | | | Also fix the machine ssh code order to provide a better error message. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Remove return error from "containers.pause"Toshiki Sonoda2022-07-26
| | | | | | | | | When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`. Podman does not need to return error from `containers.pause` because of duplicate. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-26
| | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Podman pull --all-tags shorthand optionJake Correnti2022-07-26
| | | | | | | I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* Podman stop --filter flagKarthik Elango2022-07-26
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Add podman events -f to be alias for --filterDaniel J Walsh2022-07-26
| | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman: always call into SetupRootlessGiuseppe Scrivano2022-07-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: move MaybeMoveToSubCgroup to utils/Giuseppe Scrivano2022-07-26
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Docker uses "-c" to mean "--cpu-shares" in create and runDaniel J Walsh2022-07-26
| | | | | | | Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #14826 from sstosh/net-pruneopenshift-ci[bot]2022-07-11
|\ | | | | Refactored networkPrune function
| * Refactored networkPrune functionToshiki Sonoda2022-07-08
| | | | | | | | | | | | | | | | | | | | | | Refactored the networkPrune function to improve readability. This commit changes the `networkPrune` function to use the `PrintNetworkPruneResults` function. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Merge pull request #14818 from rhatdan/waitopenshift-ci[bot]2022-07-11
|\ \ | | | | | | podman wait can take multiple conditions
| * | podman wait can take multiple conditionsDaniel J Walsh2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | Podman wait should not be defaulting to just stopped. By default wait API waits for stopped and exited. We should not override this on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | improve pull-policy documentationValentin Rothberg2022-07-08
|/ / | | | | | | | | | | | | | | | | | | | | | | Make sure that the docs for pull policies is consistent with Buildah and reflects the implementation. Further improve the help messages and auto completions. [NO NEW TESTS NEEDED] Fixes: #14846 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* / pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-07
|/ | | | | | | | | | | It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #14762 from ashley-cui/machinfoopenshift-ci[bot]2022-07-07
|\ | | | | Podman machine info
| * Podman machine infoAshley Cui2022-07-05
| | | | | | | | | | | | | | Add podman machine info command, which displays infor about the machine host as well as version info. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #14501 from cdoern/podUTSopenshift-ci[bot]2022-07-06
|\ \ | | | | | | podman pod create --uts support
| * | podman pod create --uts supportcdoern2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for the --uts flag in pod create, allowing users to avoid issues with default values in containers.conf. uts follows the same format as other namespace flags: --uts=private (default), --uts=host, --uts=ns:PATH resolves #13714 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Fix podman pod unpaue TODOUrvashi Mohnani2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the podman pod unpause to only show the paused containers with autocomplete. Fix a typo in the help command. Update the unpause function to only attempt an unpause on pasued pods instead of all the pods. Update the tests accordingly. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #14805 from jakecorrenti/df-format-outputopenshift-ci[bot]2022-07-05
|\ \ \ | |/ / |/| | Podman system df JSON format outputs `Size` and `Reclaimable`
| * | Podman system df JSON format outputs `Size` and `Reclaimable`Jake Correnti2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, `podman system df --format "{{json .}}"` would not output `Size` and `Reclaimable` like `podman system df` would. ``` {"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240} {"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0} {"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0} ``` Closes: #14769 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | specgen,run: support running container from valid manifest listAditya R2022-07-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Following PR adds support for running containers from a manifest list present on localstorage. Before this PR podman only supports running containers from valid images but not from manifest list. So `podman run -it --platform <some> <manifest-list> command` should become functional now and users should be able to resolve images on the bases of provided `--platform` string. Example ``` podman manifest create test podman build --platform linux/amd64,linux/arm64 --manifest test . podman run --rm --platform linux/arm64/v8 test uname -a ``` Closes: https://github.com/containers/podman/issues/14773 Signed-off-by: Aditya R <arajan@redhat.com>
* | | podman pod create --memoryCharlie Doern2022-07-01
| |/ |/| | | | | | | | | | | | | using the new resource backend, implement podman pod create --memory which enables users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all children unless overriden Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #14794 from n1hility/fix-winopenshift-ci[bot]2022-07-01
|\ \ | | | | | | Fix podman machine on Windows
| * | Fix podman machine on WindowsJason T. Greene2022-06-30
| | | | | | | | | | | | Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
* | | Merge pull request #14449 from cdoern/podVolumesopenshift-ci[bot]2022-07-01
|\ \ \ | |/ / |/| | podman volume create --opt=o=timeout...
| * | podman volume create --opt=o=timeout...cdoern2022-06-09
| | | | | | | | | | | | | | | | | | | | | add an option to configure the driver timeout when creating a volume. The default is 5 seconds but this value is too small for some custom drivers. Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #14787 from giuseppe/move-systemd-service-to-subcgroupopenshift-ci[bot]2022-06-30
|\ \ \ | | | | | | | | service: do not run under the root cgroup
| * | | service: do not run under the root cgroupGiuseppe Scrivano2022-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | at startup, when running on a cgroup v2 system, check if the current process is running in the root cgroup and move it to a sub-cgroup, otherwise Podman is not able to create cgroups and move processes there. Closes: https://github.com/containers/podman/issues/14573 [NO NEW TESTS NEEDED] it needs nested podman Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | cmd/podman: switch to golang native error wrappingSascha Grunert2022-06-30
|/ / / | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | | Merge pull request #14706 from ashley-cui/rootmachopenshift-ci[bot]2022-06-29
|\ \ \ | | | | | | | | Only allow Rootless runs of Podman Machine
| * | | Only allow Rootless runs of Podman MachineAshley Cui2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot. [NO NEW TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | | | Merge pull request #14717 from ZeyadYasser/fix-restore-runtime-checkopenshift-ci[bot]2022-06-28
|\ \ \ \ | | | | | | | | | | Fix runtime check during restore
| * | | | Fix runtime check during restoreZeyad Yasser2022-06-28
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | cfg.RuntimePath was set to default runtime, so the empty string check fails. Instead we could check if the flag was changed. Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
* / | | podman image scp remote support & podman image scp taggingcdoern2022-06-28
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #14713 from Luap99/volume-pluginopenshift-ci[bot]2022-06-27
|\ \ \ | | | | | | | | add podman volume reload to sync volume plugins
| * | | add podman volume reload to sync volume pluginsPaul Holzinger2022-06-23
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod requires that all volumes are stored in the libpod db. Because volume plugins can be created outside of podman, it will not show all available plugins. This podman volume reload command allows users to sync the libpod db with their external volume plugins. All new volumes from the plugin are also created in the libpod db and when a volume from the db no longer exists it will be removed if possible. There are some problems: - naming conflicts, in this case we only use the first volume we found. This is not deterministic. - race conditions, we have no control over the volume plugins. It is possible that the volumes changed while we run this command. Fixes #14207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14695 from boaz0/closes_14682openshift-ci[bot]2022-06-27
|\ \ \ | | | | | | | | Fix machine list: --format implies --noheading
| * | | Fix machine list: --format implies --noheadingBoaz Shuster2022-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems like previously if --format was changed then listFlag.noHeading is changed accordingly however printHeader is used to determine whether to print header or not. This patch fixes that problem. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | Merge pull request #14665 from Luap99/machine-nowopenshift-ci[bot]2022-06-27
|\ \ \ \ | |_|/ / |/| | | podman machine init --now: respect proxy envs
| * | | podman machine init --now: respect proxy envsPaul Holzinger2022-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman machine start contains more logic than just the simple vm.Start() call. Instead of duplicating this into inti we just call start(). [NO NEW TESTS NEEDED] I have no way to test this right now. Fixes #14640 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | | | Fix system prune output messageToshiki Sonoda2022-06-22
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | 'podman system prune' command always outputs "Deleted Images" message, even though there is no dangling or unused image to remove. This message should be output only if dangling or unused image exists. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>