| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new service reaper package. Podman currently does not reap all
child processes. The slirp4netns and rootlesskit processes are not
reaped. The is not a problem for local podman since the podman process
dies before the other processes and then init will reap them for us.
However with podman system service it is possible that the podman
process is still alive after slirp died. In this case podman has to reap
it or the slirp process will be a zombie until the service is stopped.
The service reaper will listen in an extra goroutine on SIGCHLD. Once it
receives this signal it will try to reap all pids that were added with
`AddPID()`. While I would like to just reap all children this is not
possible because many parts of the code use `os/exec` with `cmd.Wait()`.
If we reap before `cmd.Wait()` things can break, so reaping everything
is not an option.
[NO TESTS NEEDED]
Fixes #9777
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
| |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Since Podman create/run can support this, so should play.
Fixes: https://github.com/containers/podman/issues/10807
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
reset: remove external containers on podman system reset
|
| | |
| |
| |
| |
| |
| | |
[NO TESTS NEEDED]
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
|
| |\ \
| | |
| | |
| | |
| | | |
containers/dependabot/go_modules/github.com/containers/storage-1.32.4
Bump github.com/containers/storage from 1.32.3 to 1.32.4
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5)
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
* Add support for the tcp and unix schemes in connection URLs.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/
|
|
|
|
| |
Sort system connection ls by name, making the output deterministic. Previously, we were just iterating through a map, which caused CI flakes.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\
| |
| | |
read secret config from config file if no user data.
|
| | |
| |
| |
| | |
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
feat: read secret config from config file if the user hasn't entered
explicit config values
feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values
fix: show driver options in `podman secret inspect`
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
|
| |\ \
| | |
| | | |
remove `pkg/registries`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Pull the trigger on the `pkg/registries` package which acted as a proxy
for `c/image/pkg/sysregistriesv2`. Callers should be using the packages
from c/image directly, if needed at all.
Also make use of libimage's SystemContext() method which returns a copy
of a system context, further reducing the risk of unintentionally
altering global data.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
[NO TESTS NEEDED] Swap private and shared mount relabel options
|
| | |/
| |
| |
| | |
Signed-off-by: Xabier Napal <xabiernapal@pm.me>
|
| |\ \
| | |
| | | |
[NO TESTS NEEDED] Suggestions for typos/ incorrect commands for Podman CLI
|
| | |/
| |
| |
| | |
Signed-off-by: Mehul Arora <aroram18@mcmaster.ca>
|
| |/
|
|
|
|
|
|
| |
Fix a bug in `podman-cp` to forbid copying directories to files.
Previously, the directory was copied to the parent directory of the file
which is wrong.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Add --format to connection list
|
| | |
| |
| |
| |
| |
| | |
Add support for the --format option to podman system connection list.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
Podman Pod Create --cpus and --cpuset-cpus flags
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added logic and handling for two new Podman pod create Flags.
--cpus specifies the total number of cores on which the pod can execute, this
is a combination of the period and quota for the CPU.
--cpuset-cpus is a string value which determines of these available cores,
how many we will truly execute on.
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| |\ \
| | |
| | | |
Podman Stats additional features
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
added Avg Cpu calculation and CPU up time to podman stats. Adding different feature sets in different PRs, CPU first.
resolves #9258
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Much to my regret, there is a number of images in the wild with invalid
platforms breaking the platform checks in libimage that want to make
sure that a local image is matching the expected platform.
Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora
image. We really shouldn't use the local one in this case and pull down
the arm64 one.
The strict platform checks in libimage in combination with invalid
platforms in images surfaced in Podman being able to pull an image but
failing to look it up in subsequent presence checks. A `podman run`
would hence pull such an image but fail to create the container.
Support images with invalid platforms by vendoring the latest HEAD from
containers/common. Also remove the partially implemented pull-policy
logic from Podman and let libimage handle that entirely. However,
whenever --arch, --os or --platform are specified, the pull policy will
be forced to "newer". This way, we pessimistically assume that the
local image has an invalid platform and we reach out to the registry.
If there's a newer image (i.e., one with a different digest), we'll pull
it down.
Please note that most of the logic has either already been implemented
in libimage or been moved down which allows for removing some clutter
from Podman.
[NO TESTS NEEDED] since c/common has new tests. Podman can rely on the
existing tests.
Fixes: #10648
Fixes: #10682
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
It affects all transports; and without --format, we try several manifest formats.
[NO TESTS NEEDED]
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactor podman commands that have drifted from using
c/common report pkg. Report pkg is needed to implement
go template functions.
Removed obsolete code from podman which exists in c/common.
Latest template library added default newlines and method to
remove them. Incorporated needed changes in c/common PR below.
Depends on https://github.com/containers/common/pull/624
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Image prune --filter is fully implemented in the api, http api
yet not connected with the cli execution. User trying to use
filters does not see the effect. This commit adds glue code to enable
possiblity of using --filter in prune in the cli execution.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| |\
| |
| | |
Fix compat create with NetworkMode=default
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The rework of namespace handling for rootless CNI broke this, as
CNI networks were being computed incorrectly. Fix handling of
CNI networks for the Compat Create REST API for containers, and
add a test so we don't regress again.
Fixes #10569
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \
| | |
| | | |
Add --publish to container restore
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Restored containers, until now, had the same port mappings as the
original started container. This commit adds the parameter '--publish'
to 'podman container restore' with the same semantic as during
create/run.
With this change it is possible to create a copy from a container with a
'--publish' rule and replace the original '--publish' setting with a new
one.
# podman run -p 2345:8080 container
# podman container checkpoint -l --export=dump.tar
# podman container restore -p 5432:8080 --import=dump.tar
The restored container will now listen on localhost:5432 instead of
localhost:2345 as the original created container.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The checkpoint archive compression was hardcoded to `archive.Gzip`.
There have been requests to make the used compression algorithm
selectable. There was especially the request to not compress the
checkpoint archive to be able to create faster checkpoints when not
compressing it.
This also changes the default from `gzip` to `zstd`. This change should
not break anything as the restore code path automatically handles
whatever compression the user provides during restore.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
|
|
|
|
| |
[NO TESTS NEEDED]
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Using the gvproxy application on the host, we can now port forward from
the machine vm on the host. It requires that 'gvproxy' be installed in
an executable location. gvproxy can be found in the
containers/gvisor-tap-vsock github repo.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[NO TESTS NEEDED]
This commit cleans up two issues:
* Most commands support all EngineModes so default to that. Let
outlayers declare their intent.
* Use cobra.Annotations to set supported EngineMode. This simplies
instantiating commands as there is now one method to communicate a
commands requirements rather than two.
* Combined aliased commands into one file
* Fixed aliased commands where Args field did not match
* Updated examples in README.md for writing commands
* Remove redundant flag DisableFlagsInUseLine in cobra.Command
initialization.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the containers.conf field "NetNS" is set to "Bridge" and the
"RootlessNetworking" field is set to "cni", Podman will now
handle rootless in the same way it does root - all containers
will be joined to a default CNI network, instead of exclusively
using slirp4netns.
If no CNI default network config is present for the user, one
will be auto-generated (this also works for root, but it won't be
nearly as common there since the package should already ship a
config).
I eventually hope to remove the "NetNS=Bridge" bit from
containers.conf, but let's get something in for Brent to work
with.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
|
|
|
|
|
| |
- Add log message for --gpus flag
- Add test
Signed-off-by: Sebastian Jug <seb@stianj.ug>
|
| |
|
|
|
|
| |
This is mainly to match command line of Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Support uid,gid,mode options for secrets
|
| | |
| |
| |
| |
| |
| |
| | |
Support UID, GID, Mode options for mount type secrets. Also, change
default secret permissions to 444 so all users can read secret.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Several shell completion fixes
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- fix network filters
- add prune filters
- pod create --share support comma separated namespaces
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
image prune: remove unused images only with `--all`
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a regression in `podman image prune` where unused images were
accidentally removed even when `--all=false`. Extend and partially
rewrite the e2e tests to make sure we're not regressing again in the
future.
Fixing the aforementioned issue revealed another issue in the default
prune filter. While prune should remove all "dangling" images (i.e.,
those without tag), it removed only "intermediate" ones; dangling images
without children. Remove the mistaken comment from the libimage
migration.
Also clarify the help message and man page.
Fixes: #10350
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Allow podman network reload to be run as rootless user. While it is
unlikely that the iptable rules are flushed inside the rootless cni
namespace, it could still happen. Also fix podman network reload --all
to ignore errors when a container does not have the bridge network mode,
e.g. slirp4netns.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Add support for cli network prune --filter flag
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
|
