summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* Add pod annotations to containerPeter Hunt2019-11-08
| | | | | | We have the annotations SandboxID, let's use them. This also allows kata containers to be created in pods and share a VM with the infra container. Note: as of now, this sharing only works if the pod has an infra container Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Split up create config handling of namespaces and securityPeter Hunt2019-11-07
| | | | | | | | As it stands, createconfig is a huge struct. This works fine when the only caller is when we create a container with a fully created config. However, if we wish to share code for security and namespace configuration, a single large struct becomes unweildy, as well as difficult to configure with the single createConfigToOCISpec function. This PR breaks up namespace and security configuration into their own structs, with the eventual goal of allowing the namespace/security fields to be configured by the pod create cli, and allow the infra container to share this with the pod's containers. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #4451 from giuseppe/set-macOpenShift Merge Robot2019-11-07
|\ | | | | podman: add support for specifying MAC
| * podman: add support for specifying MACJakub Filak2019-11-06
| | | | | | | | | | | | | | | | I basically copied and adapted the statements for setting IP. Closes #1136 Signed-off-by: Jakub Filak <jakub.filak@sap.com>
* | Merge pull request #4468 from nalind/image-digestsOpenShift Merge Robot2019-11-07
|\ \ | | | | | | podman images --digest: always list a digest
| * | podman images --digest: always list a digestNalin Dahyabhai2019-11-06
| |/ | | | | | | | | | | | | When we're asked to display image digests, always provide them if we have values that we can provide. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #4441 from rhatdan/detachOpenShift Merge Robot2019-11-07
|\ \ | |/ |/| Allow users to disable detach keys
| * Allow users to disable detach keysDaniel J Walsh2019-11-05
| | | | | | | | | | | | | | | | | | | | If user specifies --detach-keys="", this will disable the feature. Adding define.DefaultDetachKeys to help screen to help identify detach keys. Updated man pages with additonal information. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | help message: don't parse the config for cgroup-manager defaultValentin Rothberg2019-11-06
| | | | | | | | | | | | | | | | | | | | | | | | | | Do not generate an entire `config.Config` for displaying the default value for the --cgroup-manager flag and just default to systemd. Not using the `config.Config` is okay as 1) the value may change at runtime in any case (rootless, DBUS access, etc.), 2) it avoids to redundantly parse the system config files and to generate the hard-coded default config, and 3) the log-level and other attributes are not yet set during init() causing undesirable side effects. Fixes: #4456 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | namespaces: by default create cgroupns on cgroups v2Giuseppe Scrivano2019-11-05
|/ | | | | | | | | | | | | | | | change the default on cgroups v2 and create a new cgroup namespace. When a cgroup namespace is used, processes inside the namespace are only able to see cgroup paths relative to the cgroup namespace root and not have full visibility on all the cgroups present on the system. The previous behaviour is maintained on a cgroups v1 host, where a cgroup namespace is not created by default. Closes: https://github.com/containers/libpod/issues/4363 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Validate contextdir on buildTomSweeneyRedHat2019-11-01
| | | | | | | | | | | We never verified that the context directory passed into the build command was a valid directory. When we then slapped a default Containerfile name onto it, things went south fast if the user had passed us a file and not a directory. Fixes: #4383 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Merge pull request #4404 from jwhonce/wip/panicOpenShift Merge Robot2019-11-01
|\ | | | | Refactor test to prevent panic
| * Refactor test to prevent panicJhon Honce2019-10-31
| | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | logs: support --tail 0Giuseppe Scrivano2019-10-31
| | | | | | | | | | | | | | | | | | change the default to -1, so that we can change the semantic of "--tail 0" to not print any existing log line. Closes: https://github.com/containers/libpod/issues/4396 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4352 from vrothberg/config-packageOpenShift Merge Robot2019-10-31
|\ \ | | | | | | refactor libpod config into libpod/config
| * | add libpod/configValentin Rothberg2019-10-31
| |/ | | | | | | | | | | | | | | | | | | | | | | Refactor the `RuntimeConfig` along with related code from libpod into libpod/config. Note that this is a first step of consolidating code into more coherent packages to make the code more maintainable and less prone to regressions on the long runs. Some libpod definitions were moved to `libpod/define` to resolve circular dependencies. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Fix cp from pipeAleksey Chudov2019-10-30
| | | | | | | | Signed-off-by: Aleksey Chudov <aleksey.chudov@gmail.com>
* | Merge pull request #4369 from baude/golandautocodecorrectionsOpenShift Merge Robot2019-10-30
|\ \ | |/ |/| goland autocorrections
| * goland autocorrectionsbaude2019-10-29
| | | | | | | | | | | | | | just ran the autocorrect code corrections from goland and it found a few nits. Signed-off-by: baude <bbaude@redhat.com>
* | Set default seccomp.json file for podman play kubeDaniel J Walsh2019-10-29
| | | | | | | | | | | | | | Currently podman play kube is not using the system default seccomp.json file. This PR will use the default or override location for podman play. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | images: distinguish between tags and digestsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Generate an image's RepoDigests list using all applicable digests, and refrain from outputting a digest in the tag column of the "images" output. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | API: report multiple digests for imagesNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Be prepared to report multiple image digests for images which contain multiple manifests but, because they continue to have the same set of layers and the same configuration, are considered to be the same image. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | pull/create: add --override-arch/--override-os flagsNalin Dahyabhai2019-10-29
| | | | | | | | | | | | | | | | Add --override-arch and --override-os as hidden flags, in line with the global flag names that skopeo uses, so that we can test behavior around manifest lists without having to conditionalize more of it by arch. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | bump containers/image to v5.0.0, buildah to v1.11.4Nalin Dahyabhai2019-10-29
|/ | | | | | | | | Move to containers/image v5 and containers/buildah to v1.11.4. Replace an equality check with a type assertion when checking for a docker.ErrUnauthorizedForCredentials in `podman login`. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* enable dnsplugin for network createbaude2019-10-28
| | | | | | | | | | | when users create a new network and the dnsname plugin can be found by podman, we will enable container name resolution on the new network. there is an option to opt *out* as well. tests cannot be added until we solve the packaging portion of the dnsname plugin. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #4228 from giuseppe/detect-no-systemd-sessionOpenShift Merge Robot2019-10-24
|\ | | | | rootless: detect no system session with --cgroup-manager=systemd
| * rootless: detect no system session with --cgroup-manager=systemdGiuseppe Scrivano2019-10-23
| | | | | | | | | | | | | | if the cgroup manager is set to systemd, detect if dbus is available, otherwise fallback to --cgroup-manager=cgroupfs. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4298 from mheon/uid_gid_optionsOpenShift Merge Robot2019-10-24
|\ \ | | | | | | Add parsing for UID, GID in volume "o" option
| * | Add parsing for UID, GID in volume "o" optionMatthew Heon2019-10-22
| | | | | | | | | | | | | | | | | | | | | Everything else is a flag to mount, but "uid" and "gid" are not. We need to parse them out of "o" and handle them separately. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | stats: list all running containers unless specified otherwiseValentin Rothberg2019-10-23
|/ / | | | | | | | | | | | | | | | | | | Unless specified otherwise by --all, --latest or via arguments, list all running containers. This matches the behaviour of Docker and is also illustrated in the man pages where containers and options are marked to be optional. Fixes: #4274 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4284 from mheon/fix_vol_inspectOpenShift Merge Robot2019-10-21
|\ \ | |/ |/| Show volume options in 'volume inspect'
| * Rewrite backend for remote 'volume inspect'Matthew Heon2019-10-21
| | | | | | | | | | | | | | | | | | | | We need to use the new Inspect() endpoint instead of trying to JSON the actual volume structs. Currently, the output seems completely nonsensical; it seems like we're JSONing the struct for the Varlink connection itself? This should restore sanity and match the format of remote and local inspect on volumes. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4125 from baude/remotestdinOpenShift Merge Robot2019-10-20
|\ \ | |/ |/| Add ability to redirect bash for run -i
| * Add ability to redirect bash for run -ibaude2019-10-15
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #4195 from vrothberg/fix-4193OpenShift Merge Robot2019-10-15
|\ \ | |/ |/| inspect: rename ImageID go field to Image
| * inspect: rename ImageID go field to ImageValentin Rothberg2019-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The json field is called `Image` while the go field is called `ImageID`, tricking users into filtering for `Image` which ultimately results in an error. Hence, rename the field to `Image` to align json and go. To prevent podman users from regressing, rename `Image` to `ImageID` in the specified filters. Add tests to prevent us from regressing. Note that consumers of the go API that are using `ImageID` are regressing; ultimately we consider it to be a bug fix. Fixes: #4193 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #4267 from giuseppe/accept-sbin-initOpenShift Merge Robot2019-10-15
|\ \ | | | | | | systemd: accept also /sbin/init
| * | systemd: accept also /sbin/initGiuseppe Scrivano2019-10-15
| |/ | | | | | | | | | | | | | | | | it is a regression caused by 3ba3e1c7510d1780b6527a4aa52e40ac2c5b576a. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1761514 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4215 from TomSweeneyRedHat/dev/tsweeney/fixsquashOpenShift Merge Robot2019-10-15
|\ \ | |/ |/| Add squash-all, fix squash option in build
| * Add squash-all, fix squash option in buildTomSweeneyRedHat2019-10-11
| | | | | | | | | | | | | | | | | | | | | | | | | | Translate the podman build --squash command to podman build --layers=false which has the same functionality as docker build --squash. Add a new option --squash-all which will squash all layers into one. This will be translated to buildah bud --squash for the buildah bud api. Also allow only one option, squash, layers or squash--all to be used per build command. Fixes: https://github.com/containers/buildah/issues/1234 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | images: empty list is valid json with --format=jsonGiuseppe Scrivano2019-10-11
| | | | | | | | | | | | | | | | | | similar change to f7d55d64e7040cdad149684234ea150b0a90cf0e with images --format=json, be sure the output is valid json also when it is an empty list. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4221 from mheon/reset_runtimeOpenShift Merge Robot2019-10-11
|\ \ | |/ |/| Migrate can move containers to a user-defined runtime
| * Migrate can move containers to a new runtimeMatthew Heon2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | This is a horrible hack to work around issues with Fedora 31, but other distros might need it to, so we'll move it upstream. I do not recommend this functionality for general use, and the manpages and other documentation will reflect this. But for some upgrade cases, it will be the only thing that allows for a working system. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #4237 from giuseppe/ps-not-nullOpenShift Merge Robot2019-10-11
|\ \ | | | | | | container: initialize results list
| * | container: initialize results listGiuseppe Scrivano2019-10-11
| |/ | | | | | | | | | | | | | | | | it solves: $ podman ps --format=json null Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #4201 from TomSweeneyRedHat/dev/tsweeney/updatebuildmdOpenShift Merge Robot2019-10-11
|\ \ | | | | | | Update build man page with latest Buildah changes
| * | Update build man page with latest Buildah changesTomSweeneyRedHat2019-10-10
| | | | | | | | | | | | | | | | | | | | | Changes include: Containerfile by default, add --device flags to bud, allow buildah bud to be called without arguments, and a couple of small typo corrections. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Merge pull request #4232 from csomh/auth-file-pathOpenShift Merge Robot2019-10-11
|\ \ \ | |/ / |/| | Fix default path for auth.json
| * | Fix default path for auth.jsonHunor Csomortáni2019-10-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Default path should be ${XDG_RUNTIME_DIR}/containers/auth.json according to the docs. This regressed to ${XDG_RUNTIME_DIR}/auth.json in #3760. Fixes: #4227 Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* | | Merge pull request #4206 from giuseppe/systemd-mode-look-full-pathOpenShift Merge Robot2019-10-10
|\ \ \ | |/ / |/| | systemd: expect full path /usr/sbin/init