| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add systempaths=unconfined option
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the systempaths=unconfined option to --security-opt
to match the docker options for unmasking all the paths
that are masked by default.
Add the mask and unmask options to the podman create doc.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
Implement pod-network-reload
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our users are missing certain warning messages that would
make debugging issues with Podman easier.
For example if you do a podman build with a Containerfile
that contains the SHELL directive, the Derective is silently
ignored.
If you run with the log-level warn you get a warning message explainging
what happened.
$ podman build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
--> 7a207be102a
7a207be102aa8993eceb32802e6ceb9d2603ceed9dee0fee341df63e6300882e
$ podman --log-level=warn build --no-cache -f /tmp/Containerfile1 /tmp/
STEP 1: FROM ubi8
STEP 2: SHELL ["/bin/bash", "-c"]
STEP 3: COMMIT
WARN[0000] SHELL is not supported for OCI image format, [/bin/bash -c] will be ignored. Must use `docker` format
--> 7bd96fd25b9
7bd96fd25b9f755d8a045e31187e406cf889dcf3799357ec906e90767613e95f
These messages will no longer be lost, when we default to WARNing level.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
Add mask and unmask option to --security-opt
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the mask and unmask option to the --security-opt flag
to allow users to specify paths to mask and unmask in the
container. If unmask=ALL, this will unmask all the paths we
mask by default.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
Fix `podman images...` missing headers in table templates
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
when formatting mount options into a string for the compat container create, the options need to be comma delimited.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Add support for network ids
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| |
| | |
The `ancestor` option was missing an equal sign. Therefore
the completion did not work as expected.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \
| | |
| | | |
Add support for --platform
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For docker compatibility we need to support --platform
flag.
podman create --platform
podman run --platform
podman pull --platform
Since we have --override-os and --override-arch already
this can be done just by modifying the client to split
the --platform call into os and arch and then pass those
options to the server side.
Fixes: https://github.com/containers/podman/issues/6244
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
podman network label support
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config
https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| | | | |
| | | | | |
Revert the custom cobra vendor
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Vendor in the latest cobra release v1.1.1
This will hurt the completion experience but is required for
proper packaging, see: #8528.
The best solution is to keep the current scripts since they
work fine with cobra v1.1.1.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |_|_|/
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
the volumes provided is seemingly useless representing what volumes
should be added to a container. instead, the host config bindings should
be used as they acurately describe the src/dest and options for
bindings.
Signed-off-by: baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Remove varlink support from podman
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|/ /
|/| | | |
Handle ps container created field as a time.Time
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In the current code we were translating the created time
from a time.Time to a unix epoch, this was leading to a loss
of precession, and some unexpected results where the sorting
order of containers was misordered because of the precession loss.
If we pass around created as time.Time, we do not loose the precission.
Fixes: https://github.com/containers/podman/issues/8414
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
As described in issue #8507 this commit contains a breaking
change which is not wanted in v2.2.
We can discuss later if we want this in 3.0 or not.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The volume src path should not be validated in specgen since
the remote client also uses that part and the path must only
exists on the server. This now fails later and only on the
server and not the client.
I don't think I can add a test for this because the CI runs
server and client always on the same vm.
Fixes #8473
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |
| |
| |
| |
| |
| | |
Fix the container archive description in podman save/load docs that may lead to misusing the save/load instead of import/export for containers.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \
| | |
| | | |
Implement shell completion for podman top
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes #8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\ \
| | |
| | | |
more shell completion improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If we return `ShellCompDirectiveError` to the shell the shell will
provide path completion. In none of that cases we want path completion
so it will be better to return `ShellCompDirectiveNoFileComp` instead
and log the error in case we need it.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* podman image ls --filter
* podman network ls --filter
* podman volume ls --filter
* podman network connect/disconnect
* podman events --filter
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| | | |
| | | | |
APIv2 - wrong command and args for created container
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
use nil instead of empty string as default value for entrypoint in ContainerCLIOpts -
empty string signifies user wants to override image entry point value
Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
|
| |\ \ \ \
| | | | |
| | | | | |
Add podman container ps command
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This command exists in docker and is also in our documentation.
Also remove mentions of `podman ls` or `podman list`. These
commands do not exists in podman or docker.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \
| | | | |
| | | | | |
Allow containers to --restart on-failure with --rm
|
| | | |_|/
| |/| |
| | | |
| | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
[CI:DOCS] clarify ps(1) fallback of `podman top`
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman top falls back to executing ps(1) inside the container in the
presence of ps-specific flags. Clarify that a bit more to help users
resolve issues when, for instance, ps(1) isn't installed in the
container.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Enable remote shell completion without a running endpoint
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The problem is that we always unconditionally setup up the
`ContainerEngine/ImageEngine`. This requires an running
endpoint. Most completions (e.g. flag names) do not need
them and should not fail. This commit makes sure we only
setup the engines as needed in the completions.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \
| | |
| | | |
Allow multiple --network flags for podman run/create
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We allow a container to be connected to several cni networks
but only if they are listed comma sperated. This is not intuitive
for users especially since the flag parsing allows multiple string
flags but only would take the last value. see: spf13/pflag#72
Also get rid of the extra parsing logic for pods. The invalid options
are already handled by `pkg/specgen`.
A test is added to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
The word "name" appears to have been missed in the help output for:
podman pod create --help
This patch fixes that
Signed-off-by: Benjamin Porter <FreedomBen@users.noreply.github.com>
|
| |\ \
| | |
| | | |
Document containers.conf settings for remote connections
|
