summaryrefslogtreecommitdiff
path: root/cmd/podman
Commit message (Collapse)AuthorAge
* Merge pull request #3328 from mheon/storage_opts_for_cleanupOpenShift Merge Robot2019-06-15
|\ | | | | When creating exit command, pass storage options on
| * Fix storage-opts type in CobraMatthew Heon2019-06-14
| | | | | | | | | | | | | | | | | | StringSliceVar was distorting options. StringArrayVar seems to not mangle them, so use that instead. Thanks to Giuseppe for finding this one. Signed-off-by: Matthew Heon <mheon@redhat.com>
| * When creating exit command, pass storage options onMatthew Heon2019-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We made changes earlier that empty storage options when setting storage driver explicitly. Unfortunately, this breaks rootless cleanup commands, as they lose the fuse-overlayfs mount program path. Fix this by passing along the storage options to the cleanup process. Also, fix --syslog, which was broken a while ago (probably when we broke up main to add main_remote). Fixes #3326 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Add --storage flag to 'podman rm' (local only)Matthew Heon2019-06-13
|/ | | | | | | | | | | | | | | | This flag switches to removing containers directly from c/storage and is mostly used to remove orphan containers. It's a superior solution to our former one, which attempted removal from storage under certain circumstances and could, under some conditions, not trigger. Also contains the beginning of support for storage in `ps` but wiring that in is going to be a much bigger pain. Fixes #3329. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* If container is not in correct state podman exec should exit with 126Daniel J Walsh2019-06-12
| | | | | | | | | | | | This way a tool can determine if the container exists or not, but is in the wrong state. Since 126 is documeted as: **_126_** if the **_contained command_** cannot be invoked It makes sense that the container would exit with this state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #3298 from ashley-cui/usernameOpenShift Merge Robot2019-06-12
|\ | | | | Fix podman-remote to user default username
| * Fix podman-remote to user default usernameAshley Cui2019-06-11
| | | | | | | | | | | | Currently, you have to specify the username every time, rather than default like SSH does. Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
* | Merge pull request #3290 from edsantiago/batsOpenShift Merge Robot2019-06-11
|\ \ | | | | | | BATS tests - get working again
| * | Prohibit use of positional args with --importEd Santiago2019-06-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I took the liberty of combining related checks together so as to avoid a little duplication; if this is not a Go best practice, I will revert. I also made a minor wording adjustment to an error message for clarity. Also: update wording of man page. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | BATS tests - get working againEd Santiago2019-06-11
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Various small fixes to get BATS tests working again. Split from #2947 because that one keeps getting stalled, and I'm hoping these separate changes get approved. I consider these changes urgent because RHEL8 gating tests are failing, and will fail even more if/when #2272 gets picked up and packaged for RHEL8, and I consider it important to have clean passing tests for RHEL8. * info test: 'insecure registries' is gone. A recent commit (d1a7378aa) changed the format of 'podman info', removing the 'insecure registries' key. Deal with it. * info test: remove check for .host.{Conmon,OCIRuntime}.package; the value on f28 and f29 is 'Unknown' (instead of an NVR). We can live without this check. * 'load' test: skip when running in CI, because stdin is not a tty. * container restore: fix arg processing. #2272 broke argument processing: 'podman container restore', with no args, should exit with 'argument required' error. Root cause is that the new --import option takes the place of an argument, so the checkAllAndLatest() call had to be changed to not exit on error. Workaround is (sigh) to copy/paste the skipped checkAllAndLatest() code, with minor tweaks to accommodate --import. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #3293 from mheon/add_test_for_play_kubeOpenShift Merge Robot2019-06-11
|\ \ | |/ |/| Add a test for 'podman play kube' to prevent regression
| * Add --filename option to generate kubeMatthew Heon2019-06-11
| | | | | | | | | | | | | | | | This allows writing output directly to a file, instead of STDOUT. Makes things easier for some scripting tasks. Like the unit tests for 'play kube'. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #3240 from rhatdan/storageoptsOpenShift Merge Robot2019-06-10
|\ \ | |/ |/| When you change the storage driver we ignore the storage-options
| * When you change the storage driver we ignore the storage-optionsDaniel J Walsh2019-06-08
| | | | | | | | | | | | | | | | | | | | | | The storage driver and the storage options in storage.conf should match, but if you change the storage driver via the command line then we need to nil out the default storage options from storage.conf. If the user wants to change the storage driver and use storage options, they need to specify them on the command line. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #3180 from mheon/inspect_volumesOpenShift Merge Robot2019-06-08
|\ \ | |/ |/| Begin to break up pkg/inspect
| * Begin to break up pkg/inspectMatthew Heon2019-06-03
| | | | | | | | | | | | | | | | | | | | Let's put inspect structs where they're actually being used. We originally made pkg/inspect to solve circular import issues. There are no more circular import issues. Image structs remain for now, I'm focusing on container inspect. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Default 'pause' to false for 'podman cp'Matthew Heon2019-06-07
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #2272 from adrianreber/migrationOpenShift Merge Robot2019-06-07
|\ \ | | | | | | Add support to migrate containers
| * | migration: add possibility to restore a container with a new nameAdrian Reber2019-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The option to restore a container from an external checkpoint archive (podman container restore -i /tmp/checkpoint.tar.gz) restores a container with the same name and same ID as id had before checkpointing. This commit adds the option '--name,-n' to 'podman container restore'. With this option the restored container gets the name specified after '--name,-n' and a new ID. This way it is possible to restore one container multiple times. If a container is restored with a new name Podman will not try to request the same IP address for the container as it had during checkpointing. This implicitly assumes that if a container is restored from a checkpoint archive with a different name, that it will be restored multiple times and restoring a container multiple times with the same IP address will fail as each IP address can only be used once. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Added support to migrate containersAdrian Reber2019-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds an option to the checkpoint command to export a checkpoint into a tar.gz file as well as importing a checkpoint tar.gz file during restore. With all checkpoint artifacts in one file it is possible to easily transfer a checkpoint and thus enabling container migration in Podman. With the following steps it is possible to migrate a running container from one system (source) to another (destination). Source system: * podman container checkpoint -l -e /tmp/checkpoint.tar.gz * scp /tmp/checkpoint.tar.gz destination:/tmp Destination system: * podman pull 'container-image-as-on-source-system' * podman container restore -i /tmp/checkpoint.tar.gz The exported tar.gz file contains the checkpoint image as created by CRIU and a few additional JSON files describing the state of the checkpointed container. Now the container is running on the destination system with the same state just as during checkpointing. If the container is kept running on the source system with the checkpoint flag '-R', the result will be that the same container is running on two different hosts. Signed-off-by: Adrian Reber <areber@redhat.com>
| * | Fix restore options help text and commentsAdrian Reber2019-06-03
| | | | | | | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* | | remove -c for podman remote global optionsbaude2019-06-04
| | | | | | | | | | | | | | | | | | it conflicts with commit Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3231 from baude/remoteclientconfOpenShift Merge Robot2019-06-04
|\ \ \ | | | | | | | | podman-remote.conf enablement
| * | | podman-remote.conf enablementbaude2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add the ability for the podman remote client to use a configuration file which describes its connections. users can now define a connection the configuration and then call it by name like: podman-remote -c connection1 and the destination and user will be derived from the configuration file. if no -c is provided, we look for a connection in the configuration file designated as 'default'. If the configuration file has only one connection, it will be deemed the 'default'. Signed-off-by: baude <bbaude@redhat.com>
* | | | Vendor Buildah v1.8.3TomSweeneyRedHat2019-06-04
| |/ / |/| | | | | | | | | | | | | | Vendor in Buildah v1.8.3 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #3081 from baude/remotecommitOpenShift Merge Robot2019-06-03
|\ \ \ | |_|/ |/| | podman remote-client commit
| * | podman remote-client commitbaude2019-05-30
| | | | | | | | | | | | | | | | | | | | | add the ability to commit a container to an image using the remote client. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #3227 from giuseppe/fix-warning-rootlessOpenShift Merge Robot2019-05-31
|\ \ \ | | | | | | | | rootless: skip check fo /etc/containers/registries.conf
| * | | rootless: skip check fo /etc/containers/registries.confGiuseppe Scrivano2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the warning can be confusing when used in rootless mode as the unprivileged user has no way for setting it up. Closes: https://github.com/containers/libpod/issues/2955 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Error when trying to copy into a running rootless ctrMatthew Heon2019-05-30
| | | | | | | | | | | | | | | | | | | | | | | | We can't pause them, so if that's requested, throw an error. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | We can't pause rootless containers during cpMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rootless containers can't be paused (no CGroups, so no freezer). We could try and emulate this with a SIGSTOP to all PIDs in the container, but that's inherently racy, so let's avoid it for now. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Tolerate non-running containers in paused cpMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Pause containers while copying into themMatthew Heon2019-05-29
| | | | | | | | | | | | | | | | | | | | | | | | Should fix CVE-2018-15664 for Podman. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Use securejoin to merge paths in `podman cp`Matthew Heon2019-05-29
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | Securejoin ensures that paths are resolved in the container, not on the host. Fixes #3211 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #3221 from josegonzalez/masterOpenShift Merge Robot2019-05-29
|\ \ \ | |_|/ |/| | Add missing 'container cp' alias and document missing 'container update' command
| * | add missing container cp commandJose Diaz-Gonzalez2019-05-29
| | | | | | | | | | | | | | | | | | 'docker cp' is an alias for 'docker container cp', and podman should have the equivalent alias. Signed-off-by: Jose Diaz-Gonzalez <email@josediazgonzalez.com>
* | | Merge pull request #2709 from haircommander/journaldOpenShift Merge Robot2019-05-29
|\ \ \ | |_|/ |/| | Add libpod journald logging
| * | Implement podman logs with log-driver journaldPeter Hunt2019-05-28
| | | | | | | | | | | | | | | | | | | | | | | | Add a journald reader that translates the journald entry to a k8s-file formatted line, to be added as a log line Note: --follow with journald hasn't been implemented. It's going to be a larger undertaking that can wait. Signed-off-by: Peter Hunt <pehunt@redhat.com>
| * | Added --log-driver and journald loggingPeter Hunt2019-05-28
| | | | | | | | | | | | Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #3188 from giuseppe/fix-join-existing-containersOpenShift Merge Robot2019-05-29
|\ \ \ | |_|/ |/| | rootless: new function to join existing conmon processes
| * | rootless: new function to join existing conmon processesGiuseppe Scrivano2019-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | move the logic for joining existing namespaces down to the rootless package. In main_local we still retrieve the list of conmon pid files and use it from the rootless package. In addition, create a temporary user namespace for reading these files, as the unprivileged user might not have enough privileges for reading the conmon pid file, for example when running with a different uidmap and root in the container is different than the rootless user. Closes: https://github.com/containers/libpod/issues/3187 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #3137 from giuseppe/unshare-fixesOpenShift Merge Robot2019-05-28
|\ \ \ | | | | | | | | unshare: some cleanups and define CONTAINERS_{RUNROOT,GRAPHROOT}
| * | | unshare: define CONTAINERS_GRAPHROOT and CONTAINERS_RUNROOTGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | define two environment variables, that simplify the task of cleaning up the storage, as we can do something like: podman unshare sh -c 'rm -rf $CONTAINERS_GRAPHROOT $CONTAINERS_RUNROOT' Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | unshare: use rootless from libpodGiuseppe Scrivano2019-05-16
| | | | | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #3194 from QiWang19/cptarOpenShift Merge Robot2019-05-28
|\ \ \ \ | |_|_|/ |/| | | fix bug dest path of copying tar
| * | | fix bug dest path of copying tarQi Wang2019-05-24
| | | | | | | | | | | | | | | | | | | | | | | | when podman cp tar without --extract flag, if the destination already exists, or ends with path seprator, cp the tar under the directory, otherwise copy the tar named with the destination Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #3189 from vrothberg/apparmor-fixesOpenShift Merge Robot2019-05-28
|\ \ \ \ | |_|_|/ |/| | | Apparmor fixes
| * | | warn when --security-opt and --privilegedValentin Rothberg2019-05-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | Log a warning when --security-opt and --privileged are used together to indicate that it has no effect since --privileged will set everything. To avoid regressions, only warn, do not error out and do not print on error level. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | podman: honor env variable PODMAN_USERNSGiuseppe Scrivano2019-05-24
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | userns: add new option --userns=keep-idGiuseppe Scrivano2019-05-24
|/ / | | | | | | | | | | | | it creates a namespace where the current UID:GID on the host is mapped to the same UID:GID in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>