aboutsummaryrefslogtreecommitdiff
path: root/cmd
Commit message (Collapse)AuthorAge
* kube play: sd-notify integrationValentin Rothberg2022-08-10
| | | | | | | | | | | | | | | | | Integrate sd-notify policies into `kube play`. The policies can be configured for all contianers via the `io.containers.sdnotify` annotation or for indidivual containers via the `io.containers.sdnotify/$name` annotation. The `kube play` process will wait for all containers to be ready by waiting for the individual `READY=1` messages which are received via the `pkg/systemd/notifyproxy` proxy mechanism. Also update the simple "container" sd-notify test as it did not fully test the expected behavior which became obvious when adding the new tests. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14926 from cdoern/generateSpecOpenShift Merge Robot2022-08-10
|\ | | | | podman generate spec
| * podman generate specCharlie Doern2022-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod and container creation API. supported flags are --verbose (default true) print output to the terminal --compact print the json output in a single line format to be piped to the API --filename put the output in a file --clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #15094 from cdoern/sshOpenShift Merge Robot2022-08-10
|\ \ | | | | | | podman ssh work, using new c/common interface
| * | podman ssh work, using new c/common interfaceCharlie Doern2022-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | implement new ssh interface into podman this completely redesigns the entire functionality of podman image scp, podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh have been moved to common as have native ssh/scp execs and the new usage of the sftp package. this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default. Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production. The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used. podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls. My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #15199 from baude/addapplehvOpenShift Merge Robot2022-08-09
|\ \ \ | |/ / |/| | Add interface for apple hypervisor
| * | Add interface for apple hypervisorBrent Baude2022-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The new apple silicon processesors (m1/m2) are capable of using a performent apple hypervisor (included in macos). Our "virtual providers" for podman machine are part of an interface design. This PR provides an implementation of the interface to begin the work for supporting the apple hypervisor. It is basically only a skeletal PR. The actual code for using the hypervisor and launching a machine will come as several new PRs following the inclusion of this one. There will likely be code reuse between the applehv and qemu code; but none of that code is being moved at this time. It will be moved "on demand" during development. [NO NEW TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #15246 from TomSweeneyRedHat/dev/tsweeney/buildah1.27.0OpenShift Merge Robot2022-08-09
|\ \ \ | | | | | | | | Bump to Buildah v1.27.0
| * | | build: implement --cache-to,--cache-from and --cache-ttlAditya R2022-08-09
| |/ / | | | | | | | | | | | | | | | | | | [NO NEW TESTS NEEDED] [NO TESTS NEEDED] Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #15134 from sstosh/improve-outputOpenShift Merge Robot2022-08-09
|\ \ \ | |/ / |/| | Output messages display rawInput
| * | Output messages display rawInputToshiki Sonoda2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `init`, `checkpint/restore` and `cleanup` command now display output messages which is rawInput instead of a container ID. Example: ``` $ podman init <container name> <container name> $ podman init <short container ID> <short container ID> ``` Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | cmd: refuse --userns if a mapping is specifiedGiuseppe Scrivano2022-08-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | if an explicit mapping is specified, do not accept `--userns` since it overriden to "private". Closes: https://github.com/containers/podman/issues/15233 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #15093 from karthikelango137/rmiNoPrune1openshift-ci[bot]2022-08-05
|\ \ \ | | | | | | | | remove image podman no prune
| * | | remove image podman no pruneKarthik Elango2022-08-04
| | |/ | |/| | | | | | | Signed-off-by: Karthik Elango <kelango@redhat.com>
* | | Merge pull request #15092 from karthikelango137/startFilteropenshift-ci[bot]2022-08-05
|\ \ \ | |/ / |/| | start --filter flag changes
| * | start filter flag changesKarthik Elango2022-08-04
| |/ | | | | | | | | | | Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy Signed-off-by: Karthik Elango <kelango@redhat.com>
* | podman info: hide `--debug`Valentin Rothberg2022-08-04
| | | | | | | | | | | | | | | | | | It's a NOP since Podman v2.0 (#5738). [NO NEW TESTS NEEDED] - does not change behavior. Fixes: #15185 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #15084 from sstosh/rm-filteropenshift-ci[bot]2022-08-03
|\ \ | | | | | | Add rm --filter option
| * | Add rm --filter optionToshiki Sonoda2022-07-30
| | | | | | | | | | | | | | | | | | --filter : remove the filtered container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | add "podman kube down" commandNiall Crowe2022-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "podman kube down" reads in a structured file of Kubernetes YAML and removes pods based on the Kubernetes kind described in the YAML, similiar to "podman play kube --down". Users will still be able to use "podman play kube --down" and "podman kube play --down" to perform the same function. Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | | switch from "kube/play" endpoint to "play/kube" endpoint.Niall Crowe2022-08-02
| |/ |/| | | | | | | | | | | | | | | When podman kube play was added the endpoint for the kube play/play kube commands was switched from the "play kube" endpoint to the new "kube play" endpoint. This caused issues with the remote client, requiring the need to use the "play kube" endpoint again in order to avoid these issues. Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | Merge pull request #15108 from mtrmac/sigstore-signOpenShift Merge Robot2022-08-01
|\ \ | | | | | | Sigstore sign
| * | Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Hide podman manifest push --sign-by on remoteMiloslav Trmač2022-07-30
| | | | | | | | | | | | | | | | | | ... because it is documented to be ignored. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Use signByFlagName instead of copy&pasting the stringMiloslav Trmač2022-07-30
| |/ | | | | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* / Add flag "--compression-format" to "podman manifest push" both in ↵Romain Geissler2022-07-30
|/ | | | | | | | | local/remote mode. Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push". Closes #15109. Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
* Merge pull request #15066 from sstosh/checkpoint-samenameOpenShift Merge Robot2022-07-27
|\ | | | | Fix: Restore a container which name is equal to a image name
| * Fix: Restore a container which name is equal to a image nameToshiki Sonoda2022-07-27
| | | | | | | | | | | | | | | | If there is a match for both container and image, we restore the container. Fixes: https://github.com/containers/podman/issues/15055 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | When removing objects specifying --force,podman should exit with 0Daniel J Walsh2022-07-26
| | | | | | | | | | | | | | | | | | | | | | | | This Patch will cause podman COMMAND rm --force bogus not fail This is how Docker works, so Podman should follow this to allow existing scripts to convert from Docker to Podman. Fixes: #14612 Oprignal version of this patch came from wufan 1991849113@qq.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | pod create --share none should not create infraCharlie Doern2022-07-25
|/ | | | | | | | | | | for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Merge pull request #15039 from Luap99/cni-docOpenShift Merge Robot2022-07-22
|\ | | | | [CI:DOCS] docs: remove CNI word where it is not applicable
| * docs: remove CNI word where it is not applicablePaul Holzinger2022-07-22
| | | | | | | | | | | | | | | | | | | | Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14967 from sstosh/pause-optionOpenShift Merge Robot2022-07-22
|\ \ | |/ |/| Add pause/unpause --latest, --cidfile, --filter
| * Add pause/unpause --latest, --cidfile, --filterToshiki Sonoda2022-07-20
| | | | | | | | | | | | | | | | --latest : pause/unpause the latest container. --filter : pause/unpause the filtered container. --cidfile : Read container ID from the specified file and pause/unpause the container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Merge pull request #15010 from Luap99/machine-e2eOpenShift Merge Robot2022-07-22
|\ \ | | | | | | enable linter for pkg/machine/e2e
| * | pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
| * | fix some pkg/machine/e2e test to read stderrPaul Holzinger2022-07-21
| |/ | | | | | | | | | | Also fix the machine ssh code order to provide a better error message. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / resource limits for podsCharlie Doern2022-07-21
|/ | | | | | | | | | | | | | | | | | added the following flags and handling for podman pod create --memory-swap --cpuset-mems --device-read-bps --device-write-bps --blkio-weight --blkio-weight-device --cpu-shares given the new backend for systemd in c/common, all of these can now be exposed to pod create. most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here as well! Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Remove return error from "containers.pause"Toshiki Sonoda2022-07-19
| | | | | | | | | When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`. Podman does not need to return error from `containers.pause` because of duplicate. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-18
| | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #14932 from jakecorrenti/pull-all-tags-shorthandopenshift-ci[bot]2022-07-15
|\ | | | | Podman pull --all-tags shorthand option
| * Podman pull --all-tags shorthand optionJake Correnti2022-07-14
| | | | | | | | | | | | | | I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | Podman stop --filter flagKarthik Elango2022-07-14
| | | | | | | | | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* | Merge pull request #14923 from rhatdan/eventsopenshift-ci[bot]2022-07-14
|\ \ | |/ |/| Add podman events -f to be alias for --filter
| * Add podman events -f to be alias for --filterDaniel J Walsh2022-07-13
| | | | | | | | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add "podman kube play" cmdNiall Crowe2022-07-13
|/ | | | | | | | | | | The "podman kube play" command is designed to be a replacement for the "podman play kube" command. It performs the same function as "play kube" while also still working with the same flags and options. The "podman play kube" command is still functional as an alias of "kube play". Closes #12475 Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14904 from giuseppe/move-to-subcgroup-in-a-containeropenshift-ci[bot]2022-07-13
|\ | | | | abi: create new cgroup when running in a container
| * podman: always call into SetupRootlessGiuseppe Scrivano2022-07-13
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * podman: move MaybeMoveToSubCgroup to utils/Giuseppe Scrivano2022-07-13
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Docker uses "-c" to mean "--cpu-shares" in create and runDaniel J Walsh2022-07-12
|/ | | | | | | Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>