summaryrefslogtreecommitdiff
path: root/docs/source/markdown
Commit message (Collapse)AuthorAge
* Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* Makefile: make bin/* real targets!Ed Santiago2021-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backstory: every time you run 'make podman' or even just 'make', you get a full recompile. This is sub-ideal. Cause: I don't really know. It looks complicated. #5017 introduced a .PHONY for bin/podman, for reasons not explained in the PR. Then, much later, #5880 well- intentionedly but improperly tweaked the 'find' command used in defining SOURCES, adding a -prune but without the corresponding and required -print. Let's just say, it was an unfortunate cascade of events. This PR fixes the SOURCES definition and removes the highly-undesired .PHONY from podman & podman-remote, making it so you can type 'make' and, oh joy, not build anything if it's current. The way 'make' is supposed to work. Why fix this now? Because my PR (#9209) was failing in CI, in the Validate step: Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223. It failed even on Re-run, and only passed once I force-pushed the PR (with no changes, just a new commit SHA). I have no idea why bin/podman wasn't built, and I have zero interest in pursuing that right now, but the proper solution is to add bin/podman as a Makefile dependency for that particular test. So done. While I'm at it, fix what is pretty clearly a typo in a .PHONY And, finally, fix a go-md2man warning introduced in #9189 [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9174 from bitstrings/masterOpenShift Merge Robot2021-02-03
|\ | | | | Make slirp MTU configurable (network_cmd_options)
| * Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | | | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* | add macvlan as a supported network driverbaude2021-02-01
|/ | | | | | | | | | | | instead of using the --macvlan to indicate that you want to make a macvlan network, podman network create now honors the driver name of *macvlan*. Any options to macvlan, like the parent device, should be specified as a -o option. For example, -o parent=eth0. the --macvlan option was marked as deprecated in the man page but is still supported for the duration of 3.0. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #9144 from vrothberg/fix-9134OpenShift Merge Robot2021-01-29
|\ | | | | Revert "podman build --pull: use correct policy"
| * podman build --pull: refine help message and docsValentin Rothberg2021-01-28
| | | | | | | | | | | | | | Refine and correct the wording of the `--pull` flag in the help message and the docs. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Podman-remote push can support --formatDaniel J Walsh2021-01-29
| | | | | | | | | | | | | | | | Fix man page to document podman push --format fully. Also found that push was not handling the tlsverify so fixed this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
|/ | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8761 from ↵OpenShift Merge Robot2021-01-26
|\ | | | | | | | | ybelleguic/fix-man-page-on-overlayfs-in-rootless-mode [CI:DOCS] Fix man page for fuse-overlayfs config in rootless mode
| * Fix man page for fuse-overlayfs config in rootless modeYohan Belléguic2021-01-20
| | | | | | | | Signed-off-by: Yohan Belléguic <yohan.belleguic@arkea.com>
* | Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | disable dnsname when --internalbaude2021-01-25
| | | | | | | | | | | | | | | | when doing a network creation, the dnsname plugin should be disabled when the --internal bool is set. a warning is displayed if this happens and docs are updated. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9067 from Luap99/podman-manifest-existsOpenShift Merge Robot2021-01-23
|\ \ | | | | | | podman manifest exists
| * | podman manifest existsPaul Holzinger2021-01-22
| | | | | | | | | | | | | | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Add a notice to remove pod before starting servicexcffl2021-01-22
|/ / | | | | | | Signed-off-by: xcffl <2216902+xcffl@users.noreply.github.com>
* / podman volume existsPaul Holzinger2021-01-21
|/ | | | | | Add podman volume exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9021 from Luap99/podman-network-existsOpenShift Merge Robot2021-01-19
|\ | | | | podman network exists
| * podman network existsPaul Holzinger2021-01-19
| | | | | | | | | | | | Add podman network exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | [CI:DOCS] fix go-md2man HTMLSpan warningsEd Santiago2021-01-19
|/ | | | | | | | | | | | | | | | | I'm tired of seeing these every time I run 'make': WARNING: go-md2man does not handle node type HTMLSpan Cause: left-angle-brackets ( < ) in document source Solution: 1) backquote-escape those that need to be shown, usually ones referring to an argument or email address; or 2) Actual HTML ( <sup> and <a> ) which are meant to be shown in generated HTML docs but can't be shown in man pages, we filter out via a sed expression. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #8942 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ | | | | Allow podman push to push manifest lists
| * Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8982 from Luap99/container-rename-bindingsOpenShift Merge Robot2021-01-15
|\ \ | |/ |/| Container rename bindings
| * Fix missing podman-container-rename man page linkPaul Holzinger2021-01-15
| | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Bump to containers/buildah 1.9.2Daniel J Walsh2021-01-15
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8955 from mheon/renameOpenShift Merge Robot2021-01-14
|\ | | | | Container Rename
| * Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Initial implementation of volume pluginsMatthew Heon2021-01-14
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add more information and examples on podman and pipesDaniel J Walsh2021-01-13
| | | | | | | | | Improve the documentation to help users to know proper way to use podman within a pipe. Helps Prevent: https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8957 from srcshelton/feature/issue-8945OpenShift Merge Robot2021-01-13
|\ | | | | Add 'MemUsageBytes' format option
| * Add 'MemUsageBytes' format optionStuart Shelton2021-01-12
| | | | | | | | | | | | | | | | | | | | | | | | | | Although storage is more human-readable when expressed in SI units, IEC/JEDEC (Bytes) units are more pertinent for memory-related values (and match the format of the --memory* command-line options). (To prevent possible compatibility issues, the default SI display is left unchanged) See https://github.com/containers/podman/issues/8945 Signed-off-by: Stuart Shelton <stuart@shelton.me>
* | Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
|/ | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8819 from chen-zhuohan/add-pre-checkpointOpenShift Merge Robot2021-01-12
|\ | | | | Add pre-checkpoint and restore with previous
| * add pre checkpointunknown2021-01-10
| | | | | | | | Signed-off-by: Zhuohan Chen <chen_zhuohan@163.com>
* | podman build --force-rm defaults to true in codeDaniel J Walsh2021-01-10
| | | | | | | | | | | | The man page and code should match for what is the default settings. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add Networks format placeholder to podman ps and pod psPaul Holzinger2021-01-09
| | | | | | | | | | | | | | `podman ps --format {{.Networks}}` will show all connected networks for this container. For `pod ps` it will show the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add network filter for podman ps and pod psPaul Holzinger2021-01-09
|/ | | | | | | Allow to filter on the network name or full id. For pod ps it will filter on the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8781 from rst0git/cr-volumesOpenShift Merge Robot2021-01-08
|\ | | | | Add support for checkpoint/restore of containers with volumes
| * Include named volumes in container migrationRadostin Stoyanov2021-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When migrating a container with associated volumes, the content of these volumes should be made available on the destination machine. This patch enables container checkpoint/restore with named volumes by including the content of volumes in checkpoint file. On restore, volumes associated with container are created and their content is restored. The --ignore-volumes option is introduced to disable this feature. Example: # podman container checkpoint --export checkpoint.tar.gz <container> The content of all volumes associated with the container are included in `checkpoint.tar.gz` # podman container checkpoint --export checkpoint.tar.gz --ignore-volumes <container> The content of volumes is not included in `checkpoint.tar.gz`. This is useful, for example, when the checkpoint/restore is performed on the same machine. # podman container restore --import checkpoint.tar.gz The associated volumes will be created and their content will be restored. Podman will exit with an error if volumes with the same name already exist on the system or the content of volumes is not included in checkpoint.tar.gz # podman container restore --ignore-volumes --import checkpoint.tar.gz Volumes associated with container must already exist. Podman will not create them or restore their content. Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | Switch references of /var/run -> /runDaniel J Walsh2021-01-07
|/ | | | | | | | | | Systemd is now complaining or mentioning /var/run as a legacy directory. It has been many years where /var/run is a symlink to /run on all most distributions, make the change to the default. Partial fix for https://github.com/containers/podman/issues/8369 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add --cidfile to container killbaude2020-12-23
| | | | | | | | | Add the ability to read container ids from one or more files for the kill command. Fixes: #8443 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8787 from jsoref/spellingOpenShift Merge Robot2020-12-23
|\ | | | | Spelling
| * SpellingJosh Soref2020-12-22
| | | | | | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* | Document uid/gidmap are based on subuid/gid mappingTobias Boesch2020-12-23
| | | | | | | | | | | | * Closes #6123 Signed-off-by: Tobias Boesch <tobias.boesch@googlemail.com>
* | Merge pull request #8774 from cevich/events_file_docsDaniel J Walsh2020-12-23
|\ \ | | | | | | [CI:DOCS] Document location of backend events file
| * | Document location of backend events fileChris Evich2020-12-18
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #8804 from baude/issue8512Daniel J Walsh2020-12-23
|\ \ \ | |_|/ |/| | add pod filter for ps
| * | add pod filter for psbaude2020-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | adds the ability to filter containers based on the filter "pod". the value can be a pod name or its full or partial id. Fixes: #8512 Signed-off-by: baude <bbaude@redhat.com>
* | | Add Security information to podman infoDaniel J Walsh2020-12-22
|/ / | | | | | | | | | | | | | | When debugging issues, it would be helpful to know the security settings of the system running into the problem. Adding security info to `podman info` is also useful to users. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / remote copyValentin Rothberg2020-12-18
|/ | | | | | | | | | | | | | Implement `podman-remote cp` and break out the logic from the previously added `pkg/copy` into it's basic building blocks and move them up into the `ContainerEngine` interface and `cmd/podman`. The `--pause` and `--extract` flags are now deprecated and turned into nops. Note that this commit is vendoring a non-release version of Buildah to pull in updates to the copier package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>