summaryrefslogtreecommitdiff
path: root/docs/source/markdown
Commit message (Collapse)AuthorAge
* Merge pull request #8955 from mheon/renameOpenShift Merge Robot2021-01-14
|\ | | | | Container Rename
| * Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Initial implementation of volume pluginsMatthew Heon2021-01-14
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add more information and examples on podman and pipesDaniel J Walsh2021-01-13
| | | | | | | | | Improve the documentation to help users to know proper way to use podman within a pipe. Helps Prevent: https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8957 from srcshelton/feature/issue-8945OpenShift Merge Robot2021-01-13
|\ | | | | Add 'MemUsageBytes' format option
| * Add 'MemUsageBytes' format optionStuart Shelton2021-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | Although storage is more human-readable when expressed in SI units, IEC/JEDEC (Bytes) units are more pertinent for memory-related values (and match the format of the --memory* command-line options). (To prevent possible compatibility issues, the default SI display is left unchanged) See https://github.com/containers/podman/issues/8945 Signed-off-by: Stuart Shelton <stuart@shelton.me>
* | Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
|/ | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8819 from chen-zhuohan/add-pre-checkpointOpenShift Merge Robot2021-01-12
|\ | | | | Add pre-checkpoint and restore with previous
| * add pre checkpointunknown2021-01-10
| | | | | | | | Signed-off-by: Zhuohan Chen <chen_zhuohan@163.com>
* | podman build --force-rm defaults to true in codeDaniel J Walsh2021-01-10
| | | | | | | | | | | | The man page and code should match for what is the default settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add Networks format placeholder to podman ps and pod psPaul Holzinger2021-01-09
| | | | | | | | | | | | | | `podman ps --format {{.Networks}}` will show all connected networks for this container. For `pod ps` it will show the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add network filter for podman ps and pod psPaul Holzinger2021-01-09
|/ | | | | | | Allow to filter on the network name or full id. For pod ps it will filter on the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8781 from rst0git/cr-volumesOpenShift Merge Robot2021-01-08
|\ | | | | Add support for checkpoint/restore of containers with volumes
| * Include named volumes in container migrationRadostin Stoyanov2021-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When migrating a container with associated volumes, the content of these volumes should be made available on the destination machine. This patch enables container checkpoint/restore with named volumes by including the content of volumes in checkpoint file. On restore, volumes associated with container are created and their content is restored. The --ignore-volumes option is introduced to disable this feature. Example: # podman container checkpoint --export checkpoint.tar.gz <container> The content of all volumes associated with the container are included in `checkpoint.tar.gz` # podman container checkpoint --export checkpoint.tar.gz --ignore-volumes <container> The content of volumes is not included in `checkpoint.tar.gz`. This is useful, for example, when the checkpoint/restore is performed on the same machine. # podman container restore --import checkpoint.tar.gz The associated volumes will be created and their content will be restored. Podman will exit with an error if volumes with the same name already exist on the system or the content of volumes is not included in checkpoint.tar.gz # podman container restore --ignore-volumes --import checkpoint.tar.gz Volumes associated with container must already exist. Podman will not create them or restore their content. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | Switch references of /var/run -> /runDaniel J Walsh2021-01-07
|/ | | | | | | | | | Systemd is now complaining or mentioning /var/run as a legacy directory. It has been many years where /var/run is a symlink to /run on all most distributions, make the change to the default. Partial fix for https://github.com/containers/podman/issues/8369 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add --cidfile to container killbaude2020-12-23
| | | | | | | | | Add the ability to read container ids from one or more files for the kill command. Fixes: #8443 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8787 from jsoref/spellingOpenShift Merge Robot2020-12-23
|\ | | | | Spelling
| * SpellingJosh Soref2020-12-22
| | | | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* | Document uid/gidmap are based on subuid/gid mappingTobias Boesch2020-12-23
| | | | | | | | | | | | * Closes #6123 Signed-off-by: Tobias Boesch <tobias.boesch@googlemail.com>
* | Merge pull request #8774 from cevich/events_file_docsDaniel J Walsh2020-12-23
|\ \ | | | | | | [CI:DOCS] Document location of backend events file
| * | Document location of backend events fileChris Evich2020-12-18
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #8804 from baude/issue8512Daniel J Walsh2020-12-23
|\ \ \ | |_|/ |/| | add pod filter for ps
| * | add pod filter for psbaude2020-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | adds the ability to filter containers based on the filter "pod". the value can be a pod name or its full or partial id. Fixes: #8512 Signed-off-by: baude <bbaude@redhat.com>
* | | Add Security information to podman infoDaniel J Walsh2020-12-22
|/ / | | | | | | | | | | | | | | When debugging issues, it would be helpful to know the security settings of the system running into the problem. Adding security info to `podman info` is also useful to users. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / remote copyValentin Rothberg2020-12-18
|/ | | | | | | | | | | | | | Implement `podman-remote cp` and break out the logic from the previously added `pkg/copy` into it's basic building blocks and move them up into the `ContainerEngine` interface and `cmd/podman`. The `--pause` and `--extract` flags are now deprecated and turned into nops. Note that this commit is vendoring a non-release version of Buildah to pull in updates to the copier package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8689 from bblenard/issue-8672-volume-pruneOpenShift Merge Robot2020-12-14
|\ | | | | Add volume prune --filter support
| * Add volume prune --filter supportBaron Lenardson2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for the `--filter` / `?filters` arguments on the `podman volume prune` subcommand. * Adds ParseFilterArgumentsIntoFilters helper for consistent Filter string slice handling * Adds `--filter` support to podman volume prune cli * Adds `?filters...` support to podman volume prune api * Updates apiv2 / e2e tests Closes #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | Merge pull request #7718 from QiWang19/sign-multi-archOpenShift Merge Robot2020-12-12
|\ \ | | | | | | Sign multi-arch images
| * | Sign multi-arch imagesQi Wang2020-12-11
| | | | | | | | | | | | | | | | | | | | | podman image sign handles muti-arch images. --all option to create signature for each manifest from the image manifest list. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Handle --rm when starting a containerDaniel J Walsh2020-12-11
|/ / | | | | | | | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8664 from rhatdan/pruneOpenShift Merge Robot2020-12-10
|\ \ | | | | | | Add --filter to podman system prune
| * | Add --filter to podman system pruneDaniel J Walsh2020-12-09
| |/ | | | | | | | | | | | | Also document the allowable filters in podman system prune, podman image prune and podman container prune. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8641 from umohnani8/playOpenShift Merge Robot2020-12-10
|\ \ | |/ |/| Do not pull if image domain is localhost
| * Do not pull if image domain is localhostUrvashi Mohnani2020-12-07
| | | | | | | | | | | | | | | | | | | | | | With podman play kube, podman would always attempt to pull if the image has the :latest tag. But this would fail if the image was built locally and given latest as the tag. Images build with podman and buildah have localhost as the domain, so check if the domain is localhost. If that is the case, then don't attempt a pull. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #8669 from giuseppe/unmask-also-cover-ro-pathsOpenShift Merge Robot2020-12-09
|\ \ | | | | | | security: honor systempaths=unconfined for ro paths
| * | security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8661 from rhatdan/codespellOpenShift Merge Robot2020-12-09
|\ \ \ | |/ / |/| | Fix spelling mistakes
| * | Fix spelling mistakesDaniel J Walsh2020-12-09
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8599 from rhatdan/pruneOpenShift Merge Robot2020-12-09
|\ \ \ | | | | | | | | Repeat system pruning until there is nothing removed
| * | | Repeat system pruning until there is nothing removedDaniel J Walsh2020-12-09
| |/ / | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / auto updates: document systemd unit and timerValentin Rothberg2020-12-09
|/ / | | | | | | | | Fixes: #8605 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ | | | | | | Add systempaths=unconfined option
| * | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ \ \ | | | | | | | | Implement pod-network-reload
| * | | Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ \ | |_|_|/ |/| | | generate kube on multiple containers
| * | | generate kube on multiple containersbaude2020-12-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* / | image sign using per user registries.dQi Wang2020-12-07
|/ / | | | | | | | | | | Support per user ~/.config/containers/registries.d to allow rootless image sign configurations. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8570 from vrothberg/run-950OpenShift Merge Robot2020-12-04
|\ \ | | | | | | rewrite container copy
| * | rewrite podman-cpValentin Rothberg2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>