summaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* Merge pull request #10591 from mheon/fix_10569OpenShift Merge Robot2021-06-08
|\ | | | | Fix compat create with NetworkMode=default
| * Fix compat create with NetworkMode=defaultMatthew Heon2021-06-07
| | | | | | | | | | | | | | | | | | | | | | The rework of namespace handling for rootless CNI broke this, as CNI networks were being computed incorrectly. Fix handling of CNI networks for the Compat Create REST API for containers, and add a test so we don't regress again. Fixes #10569 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #10381 from adrianreber/2021-05-18-publishOpenShift Merge Robot2021-06-07
|\ \ | | | | | | Add --publish to container restore
| * | Allow changing of port forward rules on restoreAdrian Reber2021-06-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restored containers, until now, had the same port mappings as the original started container. This commit adds the parameter '--publish' to 'podman container restore' with the same semantic as during create/run. With this change it is possible to create a copy from a container with a '--publish' rule and replace the original '--publish' setting with a new one. # podman run -p 2345:8080 container # podman container checkpoint -l --export=dump.tar # podman container restore -p 5432:8080 --import=dump.tar The restored container will now listen on localhost:5432 instead of localhost:2345 as the original created container. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Add parameter to specify checkpoint archive compressionAdrian Reber2021-06-07
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | The checkpoint archive compression was hardcoded to `archive.Gzip`. There have been requests to make the used compression algorithm selectable. There was especially the request to not compress the checkpoint archive to be able to create faster checkpoints when not compressing it. This also changes the default from `gzip` to `zstd`. This change should not break anything as the restore code path automatically handles whatever compression the user provides during restore. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Add CORS supportBoaz Shuster2021-06-04
|/ | | | | | [NO TESTS NEEDED] Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Enable port forwarding on hostBrent Baude2021-06-01
| | | | | | | | | | | Using the gvproxy application on the host, we can now port forward from the machine vm on the host. It requires that 'gvproxy' be installed in an executable location. gvproxy can be found in the containers/gvisor-tap-vsock github repo. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* [Techinal Debt] Cleanup ABI vs. Tunnel CLI commandsJhon Honce2021-05-27
| | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] This commit cleans up two issues: * Most commands support all EngineModes so default to that. Let outlayers declare their intent. * Use cobra.Annotations to set supported EngineMode. This simplies instantiating commands as there is now one method to communicate a commands requirements rather than two. * Combined aliased commands into one file * Fixed aliased commands where Args field did not match * Updated examples in README.md for writing commands * Remove redundant flag DisableFlagsInUseLine in cobra.Command initialization. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add the option of Rootless CNI networking by defaultMatthew Heon2021-05-26
| | | | | | | | | | | | | | | | | | | When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns. If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config). I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Add podman run --gpus flag for compatibilitySebastian Jug2021-05-25
| | | | | | | - Add log message for --gpus flag - Add test Signed-off-by: Sebastian Jug <seb@stianj.ug>
* Add support for podman manifest rm commandDaniel J Walsh2021-05-19
| | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ | | | | Support uid,gid,mode options for secrets
| * Support uid,gid,mode options for secretsAshley Cui2021-05-17
| | | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10328 from Luap99/completionsOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Several shell completion fixes
| * | Several shell completion fixesPaul Holzinger2021-05-17
| |/ | | | | | | | | | | | | | | | | | | - fix network filters - add prune filters - pod create --share support comma separated namespaces [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ | | | | | | image prune: remove unused images only with `--all`
| * | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman network reload add rootless supportPaul Holzinger2021-05-17
|/ | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10254 from jmguzik/prune-filter-cliOpenShift Merge Robot2021-05-14
|\ | | | | Add support for cli network prune --filter flag
| * Add support for cli network prune --filter flagJakub Guzik2021-05-12
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
| * Move filter parsing to common utilsJakub Guzik2021-05-12
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Add host.serviceIsRemote to podman info resultsJhon Honce2021-05-10
|/ | | | | | | | | | | | | | | | Developers asked for a deterministic field to verify if podman is running via API or linked directly to libpod library. $ podman info --format '{{.Host.ServiceIsRemote}}' false $ podman-remote info --format '{{.Host.ServiceIsRemote}}' true $ podman --remote info --format '{{.Host.ServiceIsRemote}}' true * docs/conf.py formatted via black Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ | | | | Add support for environment variable secrets
| * Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #9689 from boaz0/boaz-1OpenShift Merge Robot2021-05-06
|\ \ | | | | | | add restart-policy to container filters & --filter to podman start
| * | Add restart-policy to container filters & --filter to podman startBoaz Shuster2021-05-06
| | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | Merge pull request #10246 from zhangguanzhang/compose-static-ipOpenShift Merge Robot2021-05-06
|\ \ \ | |/ / |/| | Fixes docker-compose cannot set static ip when use ipam
| * | Fixes docker-compose cannot set static ip when use ipamzhangguanzhang2021-05-06
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | codespell cleanupDaniel J Walsh2021-05-05
|/ / | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ \ | | | | | | Add filepath glob support to --security-opt unmask
| * | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10220 from giuseppe/rm-volatileOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | podman: set volatile storage flag for --rm containers
| * | | podman: set volatile storage flag for --rm containersGiuseppe Scrivano2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volatile containers are a storage optimization that disables *sync() syscalls for the container rootfs. If a container is created with --rm, then automatically set the volatile storage flag as anyway the container won't persist after a reboot or machine crash. [NO TESTS NEEDED] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ \ | | | | | | | | | | add --mac-address to podman play kube
| * | | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | / / migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add --all to podman startBoaz Shuster2021-05-03
|/ / | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Co-authored-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10170 from ashley-cui/machineoneOpenShift Merge Robot2021-04-29
|\ \ | | | | | | [NO TESTS NEEDED] Check if another VM is running on machine start
| * | Check if another VM is running on machine startAshley Cui2021-04-28
| |/ | | | | | | | | | | | | | | Only one VM can be up at a time. If another VM is running, or the current VM is running, error out on a podman machine start [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* / Add podman run --timeout optionDaniel J Walsh2021-04-23
|/ | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Parse slirp4netns net options with compat apiPaul Holzinger2021-04-23
| | | | | | | | | Parse the slirp4netns network options when called via compat api. The options must be extracted from the NetworkMode string. Fixes #10110 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10099 from Luap99/format-completionOpenShift Merge Robot2021-04-22
|\ | | | | Add go template shell completion for --format
| * Add go template shell completion for --formatPaul Holzinger2021-04-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The --format flags accepts go template strings. I use this often but I consistently forget the field names. This commit adds a way to provide shell completion for the --format flag. It works by automatically receiving the field names with the reflect package from the given struct. This requires almost no maintenance since this ensures that we always use the correct field names. This also works for nested structs. ``` $ podman ps --format "{{.P" {{.Pid}} {{.PIDNS}} {{.Pod}} {{.PodName}} {{.Ports}} ``` NOTE: This only works when you use quotes otherwise the shell does not provide completions. Also this does not work for fish at the moment. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9495 from rhatdan/groupsOpenShift Merge Robot2021-04-22
|\ \ | |/ |/| Add '--group-add keep-groups': supplementary groups into container
| * Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10088 from rhatdan/no-headersOpenShift Merge Robot2021-04-21
|\ \ | |/ |/| Add --noheading flag to all list commands
| * Add --noheading flag to all list commandsDaniel J Walsh2021-04-21
| | | | | | | | | | | | | | | | | | | | Currently we have only podman images list --noheading. This PR Adds this option to volumes, containers, pods, networks, machines, and secrets. Fixes: https://github.com/containers/podman/issues/10065 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman-remote should show podman.sock infoDaniel J Walsh2021-04-20
|/ | | | | | | | Currently podman-remote info does not show socket information. Fixes: https://github.com/containers/podman/issues/10077 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10041 from chenk008/add_pidfile_flagOpenShift Merge Robot2021-04-19
|\ | | | | Add flag "--pidfile" for podman create/run