summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* This PR allows users to remove external containers directlyDaniel J Walsh2020-10-09
| | | | | | | | | | | | | | | | | | | | | | | Currenly if a user specifies the name or ID of an external storage container, we report an error to them. buildah from scratch working-container-2 podman rm working-container-2 Error: no container with name or ID working-container-2 found: no such container Since the user specified the correct name and the container is in storage we force them to specify --storage to remove it. This is a bad experience for the user. This change will just remove the container from storage. If the container is known by libpod, it will remove the container from libpod as well. The podman rm --storage option has been deprecated, and removed from docs. Also cleaned documented options that are not available to podman-remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7943 from baude/issue7807OpenShift Merge Robot2020-10-07
|\ | | | | prevent unpredictable results with network create|remove
| * prevent unpredictable results with network create|removebaude2020-10-07
| | | | | | | | | | | | | | | | | | | | due to a lack of "locking" on cni operations, we could get ourselves in trouble when doing rapid creation or removal of networks. added a simple file lock to deal with the collision and because it is not considered a performent path, use of the file lock should be ok. if proven otherwise in the future, some generic shared memory lock should be implemented for libpod and also used here. moved pkog/network to libpod/network because libpod is now being pulled into the package and it has therefore lost its generic nature. this will make it easier to absorb into libpod as we try to make the network closer to core operations. Fixes: #7807 Signed-off-by: baude <bbaude@redhat.com>
* | Attempt to turn on some more remote testsDaniel J Walsh2020-10-07
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7929 from kolyshkin/nits-errOpenShift Merge Robot2020-10-06
|\ | | | | Nits
| * Lowercase some errorsKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit is courtesy of ``` for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Error /\1"error /' $f; done for f in $(git ls-files *.go | grep -v ^vendor/); do \ sed -i 's/\(errors\..*\)"Failed to /\1"failed to /' $f; done ``` etc. Self-reviewed using `git diff --word-diff`, found no issues. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
| * Remove excessive error wrappingKir Kolyshkin2020-10-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In case os.Open[File], os.Mkdir[All], ioutil.ReadFile and the like fails, the error message already contains the file name and the operation that fails, so there is no need to wrap the error with something like "open %s failed". While at it - replace a few places with os.Open, ioutil.ReadAll with ioutil.ReadFile. - replace errors.Wrapf with errors.Wrap for cases where there are no %-style arguments. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | Support max_size logoptionsDaniel J Walsh2020-10-05
|/ | | | | | | | Docker supports log-opt max_size and so does conmon (ALthough poorly). Adding support for this allows users to at least make sure their containers logs do not become a DOS vector. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix podman-remote ps --ns brokenzhangguanzhang2020-10-04
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7856 from rhatdan/rootOpenShift Merge Robot2020-10-02
|\ | | | | podman-remote does not support most of the global flags
| * podman-remote does not support most of the global flagsDaniel J Walsh2020-10-02
| | | | | | | | | | | | | | podman-remote --help is showing a bunch of global flags that it does not support Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7199 from jwhonce/jira/run-898OpenShift Merge Robot2020-10-02
|\ \ | | | | | | Restore "table" --format from V1
| * | Restore "table" --format from V1Jhon Honce2020-10-02
| |/ | | | | | | | | | | | | | | | | | | | | | | | | * --format "table {{.field..." will print fields out in a table with headings. Table keyword is removed, spaces between fields are converted to tabs * Update parse.MatchesJSONFormat()'s regex to be more inclusive * Add report.Headers(), obtain all the field names to be used as column headers, a map of field name to column headers may be provided to override the field names * Update several commands to use new functions Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / --rm option shold conflicts with --restartzhangguanzhang2020-10-02
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Podman containers/pods prune should throw an error if user adds argsDaniel J Walsh2020-10-01
| | | | | | | We are not currently checking if a user accidently adds an argument to all podman * prune commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Volume prune should not pass down the force flagDaniel J Walsh2020-10-01
| | | | | | | | | podman volume prune -f Should just tell the prune command to not prompt for confirmation. It should not be passing the prune flag into the API. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix handling of remove of bogus volumes, networks and PodsDaniel J Walsh2020-09-29
| | | | | | | | | | | | In podman containers rm and podman images rm, the commands exit with error code 1 if the object does not exists. This PR implements similar functionality to volumes, networks, and Pods. Similarly if volumes or Networks are in use by other containers, and return exit code 2. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #7788 from IceCodeNew/patch-1OpenShift Merge Robot2020-09-29
|\ | | | | Updating on supported restart policy
| * Updating on supported restart policyIceCodeNew2020-09-27
| | | | | | | | Signed-off-by: IceCodeNew <32576256+IceCodeNew@users.noreply.github.com>
* | Merge pull request #7783 from ashley-cui/slirpOpenShift Merge Robot2020-09-29
|\ \ | | | | | | Add support for slirp network for pods
| * | Add support for slirp network for podsAshley Cui2020-09-25
| | | | | | | | | | | | | | | | | | flag --network=slirp4netns[options] for root and rootless pods Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Ignore containers.conf sysctl when namespaces set to hostDaniel J Walsh2020-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If user sets namespace to host, then default sysctls need to be ignored that are specific to that namespace. --net=host ignore sysctls that begin with net. --ipc=host ignore fs.mqueue --uts=host ignore kernel.domainname and kernel.hostname Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7786 from rhatdan/rootlessOpenShift Merge Robot2020-09-28
|\ \ \ | | | | | | | | Remove SkipIfRootless if possible, document other calls
| * | | Remove SkipIfRootless if possible, document other callsDaniel J Walsh2020-09-27
| | |/ | |/| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / | Properly handle podman run --pull commandDaniel J Walsh2020-09-27
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the --pull missing|always|never is ignored This PR implements this for local API. For remote we need to default to pullpolicy specified in the containers.conf file. Also fixed an issue when images were matching other images names based on prefix, causing images to always be pulled. I had named an image myfedora and when ever I pulled fedora, the system thought that it there were two images named fedora since it was checking for the name fedora as well as the prefix fedora. I changed it to check for fedora and the prefix /fedora, to prefent failures like I had. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7473 from giuseppe/honor-runtime-for-buildahOpenShift Merge Robot2020-09-24
|\ \ | | | | | | build: honor --runtime setting
| * | build: honor --runtime settingGiuseppe Scrivano2020-09-24
| | | | | | | | | | | | | | | | | | pass down to Buildah the --runtime setting. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #7753 from vrothberg/fix-7689OpenShift Merge Robot2020-09-24
|\ \ \ | |/ / |/| | remote stats
| * | stats: break out CLI optionsValentin Rothberg2020-09-24
| | | | | | | | | | | | | | | | | | | | | | | | Have a clear separation of concerns for the CLI-only options (and their logic) from the backend. The backend logic is now easier to understand (e.g., `stream` instead of `noStream`). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * | stats refactorValentin Rothberg2020-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactor the entities' stats API to simplify using it and reduce the risk of running into concurrency issues at the call sites. Further simplify the stats code by de-spaghetti-ing the logic and reducing duplicate code. `ContainerStats` now returns a data channel and an error. If the error is nil, callers can read from the channel. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Allow filtering on pod label valuesJordan Christiansen2020-09-23
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this change, filters of the form `podman pod ps --filter label=app=myapp` were not working. The results would include all pods that contained the app label with any value. Looking at the code, this makes sense. It appears that the second = and everything after it were getting truncated. Even though there was already a passing test that tested `podman pod ps --filter label=io.podman.test.label=value1`, the test failed with the above example with a label `app=myapp`. The new code works in both cases. Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | podman save: fix redirect of multi-imagesValentin Rothberg2020-09-22
| | | | | | | | | | | | | | | | Fix a bug when saving multi-image archives where the progress bars from copying images was accidentally written to the archive and hence corrupted it. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #7696 from jwhonce/wip/versionOpenShift Merge Robot2020-09-21
|\ \ | | | | | | Refactor version handling in cmd tree
| * | Refactor version handling in cmd treeJhon Honce2020-09-18
| | | | | | | | | | | | | | | | | | | | | * Move from simple string to semver objects * Change client API Version from '1' to 2.0.0 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Fix incorrect parsing of create/run --volumes-fromPaul Holzinger2020-09-20
|/ / | | | | | | | | | | | | | | | | Add a bunch of tests to ensure that --volumes-from works as expected. Also align the podman create and run man page. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7655 from vrothberg/fix-7628OpenShift Merge Robot2020-09-17
|\ \ | | | | | | --mount: support arbitrary mount-argument order
| * | --mount: support arbitrary mount-argument orderValentin Rothberg2020-09-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support an arbitrary order in which arguments are specified to the `--mount` flag. Previously, Podman expected `type=...` to come first which was breaking compatibility with Docker. Note that this is the ground work to default to "volume" (again Docker compat). However, this will require some further massaging as we have to assign a name. Fixes: #7628 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #7647 from jwhonce/issues/7543OpenShift Merge Robot2020-09-17
|\ \ \ | | | | | | | | Refactor remote pull to provide progress
| * | | Refactor remote pull to provide progressJhon Honce2020-09-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman and podman-remote do not exactly match as the lower layer code checks if the output is destined for a TTY before creating the progress bars. A future PR for containers/images could change this behavior. Fixes #7543 Tested with: $ (echo '# start'; podman-remote pull nginx ) 2>&1 | ts '[%Y-%m-%d %H:%M:%.S]' $ (echo '# start'; podman pull nginx ) 2>&1 | ts '[%Y-%m-%d %H:%M:%.S]' Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Merge pull request #7646 from edsantiago/version_optionsOpenShift Merge Robot2020-09-17
|\ \ \ | | | | | | | | podman version and --version: fix format, exit
| * | | podman version and --version: fix format, exitEd Santiago2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Three unrelated fixes to version output: * podman version --format json: was missing a newline * podman version --format TEMPLATE: had too many newlines * podman --version: would neither display version nor exit if followed by a subcommand ('podman --version ps') The first two were easy: I used my best tweezers to delicately pluck and transfer the misplaced \n and place it where needed. The third was a doozy of a rabbit hole. As best I can tell, a workaround was added in root.go to override cobra's built-in Version handling, apparently to avoid having cobra add "-v" as an alias for "--version". As best I can tell, cobra only does this if the "-v" shortcut is not already taken (at least as of Nov 2019: https://github.com/spf13/cobra/pull/996 ). Also as best I can tell that workaround is purely vestigial, and removing it is safe. I've manually tested "-v" in podman run, system df, and rm. I've run system tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | image list: return all associated namesValentin Rothberg2020-09-17
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Always return all associated names / repo tags of an image and fix a bug with malformed repo tags. Previously, Podman returned all names only with `--all` but this flag only instructs to list intermediate images and should not alter associated names. With `--all` Podman queried the repo tags of an image which splits all *tagged* names into repository and tag which is then reassembled to eventually be parsed again in the frontend. Lot's of redundant CPU heat and buggy as the reassembly didn't consider digests which ultimately broke parsing in the frontend. Fixes: #7651 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Fix podman pod create --infra-command and --infra-imageDaniel J Walsh2020-09-16
| |/ |/| | | | | | | | | | | | | Currently infr-command and --infra-image commands are ignored from the user. This PR instruments them and adds tests for each combination. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7624 from QiWang19/policy-optionOpenShift Merge Robot2020-09-16
|\ \ | | | | | | Supports import&run--signature-policy
| * | Supports import&run--signature-policyQi Wang2020-09-15
| | | | | | | | | | | | | | | | | | Enables podman create, pull, run, import to use --signature-policy option. Set it as hidden flag to be consistent with other commands. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #7636 from vrothberg/fix-7407OpenShift Merge Robot2020-09-16
|\ \ \ | |_|/ |/| | run/create: record raw image
| * | run/create: record raw imageValentin Rothberg2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Record the user-specified "raw" image name in the SpecGenerator, so we can pass it along to the config when creating a container. We need a separate field as the image name in the generator may be set to the ID of the previously pulled image - ultimately the cause of #7404. Reverting the image name from the ID to the user input would not work since "alpine" for pulling iterates over the search registries in the registries.conf but looking up "alpine" normalizes to "localhost/alpine". Recording the raw-image name directly in the generator was the best of the options I considered as no hidden magic from search registries or normalizations (that may or may not change in the future) can interfere. The auto-update backend enforces that the raw-image name is a fully-qualified reference, so we need to worry about that in the front end. Fixes: #7407 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Fix CI breakage due to PR collisionEd Santiago2020-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | PR #7633 disallowed "-l" (--latest) with container args. PR #7630 made changes to the "podman wait" command. The error message it issues is inconsistent (and incompatible) with the one required by the new BATS --help test. Fix that. This is entirely my fault. I was aware of #7630, and I was careful to check the output message format, but I was not careful enough (I trusted my eyes, not my code). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #7633 from edsantiago/minus_l_with_other_argsOpenShift Merge Robot2020-09-15
|\ \ \ | |_|/ |/| | Usability: prevent "-l" with arguments
| * | Usability: prevent "-l" with argumentsEd Santiago2020-09-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new system check confirming that "podman foo -l arg" throws an error; and fix lots of instances where code was not doing this check. I'll probably need to add something similar for --all but that can wait. Signed-off-by: Ed Santiago <santiago@redhat.com>