summaryrefslogtreecommitdiff
path: root/docs/source/markdown
Commit message (Collapse)AuthorAge
* systemd: replace multi-user with default.targetValentin Rothberg2021-11-30
| | | | | | | | | | Replace `multi-user.target` with `default.target` across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* List /etc/containers/certs.d as default for --cert-pathDaniel J Walsh2021-11-29
| | | | | | Helps Document https://github.com/containers/podman/issues/10116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Support env variables based on ConfigMaps sent in payloadJakub Dzon2021-11-23
| | | | | | Fixes #12363 Signed-off-by: Jakub Dzon <jdzon@redhat.com>
* generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #12301 from umohnani8/tableOpenShift Merge Robot2021-11-22
|\ | | | | Add note about volume with unprivileged container
| * Add note about volume with unprivileged containerUrvashi Mohnani2021-11-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Add a note to the generated kube yaml if we detect a volume is being mounted. The note lets the user know what needs to be done to avoid permission denied error when trying to access the volume for an unprivileged container. Add the same note to the man pages. NO NEW TESTS NEEDED Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | [CI:DOCS] Update notes on java TZ in man pageUrvashi Mohnani2021-11-22
| | | | | | | | Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #12373 from TomSweeneyRedHat/dev/tsweeney/jdocOpenShift Merge Robot2021-11-22
|\ \ | | | | | | [CI:DOCS] Add java TZ note to run manpage
| * | [CI:DOCS] Add java TZ note to run manpageTomSweeneyRedHat2021-11-19
| |/ | | | | | | | | | | | | | | | | Add a note to show how to workaround the `--tz` option being ignored in the run command. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1984251 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* / Use same runtime to restore a container as during checkpointingAdrian Reber2021-11-19
|/ | | | | | | | | | | | | | | | | | | | | | There are at least two runtimes that support checkpoint and restore: runc and crun. Although the checkpoints created by these are almost compatible, it is not (yet) possible to restore a checkpoint created with one runtime with the other runtime. To make checkpoint/restore usage more comfortable this adds code to look into the checkpoint archive during restore and to set the runtime to the one used during checkpointing. This also adds a check, if the user explicitly sets a runtime during restore, that the runtime is also the same as used during checkpointing. If a different runtime is selected than the one used during checkpointing the restore will fail early. If runc and crun will create compatible checkpoints in the future the check can be changed to treat crun and runc as compatible checkpoint/restore runtimes. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #12354 from Luap99/exit-commandOpenShift Merge Robot2021-11-18
|\ | | | | Do not store the exit command in container config
| * Do not store the exit command in container configPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12298 from giuseppe/idmapped-bind-mountsOpenShift Merge Robot2021-11-18
|\ \ | | | | | | volumes: add new option idmap
| * | volumes: add new option idmapGiuseppe Scrivano2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pass down the "idmap" mount option to the OCI runtime. Needs: https://github.com/containers/crun/pull/780 Closes: https://github.com/containers/podman/issues/12154 [NO NEW TESTS NEEDED] there is no crun version yet that support the new feature. Test case (must run as root): podman run --rm -v foo:/foo alpine touch /foo/bar podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo total 0 -rw-r--r-- 1 root root 0 Nov 15 14:01 bar Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Add --file-locks checkpoint/restore optionRadostin Stoyanov2021-11-18
| |/ |/| | | | | | | | | | | | | CRIU supports checkpoint/restore of file locks. This feature is required to checkpoint/restore containers running applications such as MySQL. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | remote checkpoint/restore: more fixesValentin Rothberg2021-11-18
|/ | | | | | | | | | | | | | | | | * Support `checkpoint --pre-checkpoint` * Support `checkpoint --with-previous` * Disable `restore --import-previous` for the remote client since we had to send two files which in turn would require to tar them up and hence be a breaking change. Podman 4.0 would be the chance and I hope we'll find time before that to remote-restore prettier. Note that I did not run over swagger yet to check whether all parameters are actually documented due to time constraints. Fixes: #12334 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
| | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11076 from boaz0/closes_10275OpenShift Merge Robot2021-11-15
|\ | | | | Support template unit files in podman generate systemd
| * Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Update man pages for checkpoint/restore --print-statsAdrian Reber2021-11-15
| | | | | | | | | | | | | | This commit updates the man pages for checkpoint and restore to describe the '--print-stats' parameter. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ \ | | | | | | --authfile command line argument for image sign command.
| * | --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12224 from cdoern/scpOpenShift Merge Robot2021-11-12
|\ \ \ | |/ / |/| | Podman Image SCP transfer patch
| * | Podman Image SCP transfer patchcdoern2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed syntax so that podman image scp transfer works with no user specified. This command can only be executed as root so to obtain the default user, I searched for the SUDO_USER environmental variable. If that is not found, we error out and inform the user to set this variable and make sure they are running as root Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #12193 from yahavi/patch-1OpenShift Merge Robot2021-11-11
|\ \ \ | | | | | | | | [CI:DOCS] Fix Zsh completion command documentation
| * | | Fix Zsh completion command documentationYahav Itzhak2021-11-09
| | | | | | | | | | | | | | | | Signed-off-by: yahavi <yahavi@jfrog.com>
* | | | Merge pull request #12258 from edsantiago/xref_manpages_see_alsoOpenShift Merge Robot2021-11-10
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add CI check for SEE ALSO in man pages
| * | | | [CI:DOCS] Add CI check for SEE ALSO in man pagesEd Santiago2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new CI check to confirm that links and references in SEE ALSO sections are properly formatted and that links are valid (at least in theory: we do no actual URL fetching to test for 404). The check is piggybacked into existing xref-helpmsgs-manpages script. It could conceivably be more elegant to write a separate tool for this purpose, but I don't wish to duplicate the logic for finding and reading markdown files. Script identified various problems, which I fix in this PR: . missing '**' (asterisks) around some references, or '**' in the wrong place. . links pointing to github.com/.../tree/ instead of /blob/ (github redirects those automatically, but I like consistency) . a few copy-paste errors, e.g. subgid linking to subuid. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #12255 from vrothberg/fix-11970OpenShift Merge Robot2021-11-10
|\ \ \ \ \ | |/ / / / |/| | | | podman load: support downloading files
| * | | | podman load: support downloading filesValentin Rothberg2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support downloading files, for instance via `podman load -i server.com/image.tar`. The specified URL is downloaded in the frontend and stored as a temp file that gets passed down to the backend. Also vendor in c/common@main to use the new `pkg/download`. Fixes: #11970 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Add links to all SEE ALSO sectionsDaniel J Walsh2021-11-10
|/ / / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Add links to podman build,run, create see alsoDaniel J Walsh2021-11-08
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12213 from flouthoc/system-connection-rm-allOpenShift Merge Robot2021-11-08
|\ \ \ \ | | | | | | | | | | system: Adds support for removing all named destination via `--all`
| * | | | system: Adds support for removing all named destination via --allAditya Rajan2021-11-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support of dropping all named destination from system connections via `--all`. Closes: https://github.com/containers/podman/issues/12018 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #11958 from cdoern/scpOpenShift Merge Robot2021-11-08
|\ \ \ \ | | |/ / | |/| | Podman Image SCP rootful to rootless transfer
| * | | Podman Image SCP rootful to rootless transfercdoern2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added functionality for users to transfer images from root storage to rootless storage without using sshd. This is done through rootful podman by running `sudo podman image scp root@localhost::image user@localhost:: the user is needed in order to find and use their uid/gid to exec a new process. added necessary tests, and functions for this implementation. Created new image function Transfer so that the underlying code is majorly removed from CLI Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Add some information about disabling SELinux when using system volumesDaniel J Walsh2021-11-06
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | A comment was made on internal mailing list about confusion on SELinux labeling of volumes. This PR makes it a little more clear about when you should or should not relabel. We need a similar comment in podman pod create, but it does not support --security-opt processing yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | rename rootless cni ns to rootless netnsPaul Holzinger2021-11-05
|/ / | | | | | | | | | | | | | | | | | | | | | | Since we want to use the rootless cni ns also for netavark we should pick a more generic name. The name is now "rootless network namespace" or short "rootless netns". The rename might cause some issues after the update but when the all containers are restarted or the host is rebooted it should work correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #12119 from ashley-cui/updatesOpenShift Merge Robot2021-10-30
|\ \ | | | | | | [CI:DOCS] Add information on how podman machine is updated
| * | Add information on how podman machine is updatedAshley Cui2021-10-28
| | | | | | | | | | | | | | | | | | | | | Update documentation on how the default podman machine distribution, FCOS, is updated. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Fix pause usage exampleGiacomo Sanchietti2021-10-29
| | | | | | | | | | | | | | | | | | The page contains a wrong 'stop' command example. Signed-off-by: Giacomo Sanchietti <giacomo.sanchietti@nethesis.it>
* | | volumes: allow more options for devptsGiuseppe Scrivano2021-10-28
|/ / | | | | | | | | | | | | | | allow to pass down more options that are supported by the kernel. Discussion here: https://github.com/containers/toolbox/issues/568 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | pod create: remove need for pause imageValentin Rothberg2021-10-26
| | | | | | | | | | | | | | | | | | So far, the infra containers of pods required pulling down an image rendering pods not usable in disconnected environments. Instead, build an image locally which uses local pause binary. Fixes: #10354 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Add support to play kube for --log-optDaniel J Walsh2021-10-25
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11727 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Replace 'an user' => 'a user'Stefan Weil2021-10-24
| | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de>
* | Merge pull request #12061 from dancerj/typoOpenShift Merge Robot2021-10-22
|\ \ | | | | | | [CI:DOCS] fuse-overlay probably means fuse-overlayfs.
| * | fuse-overlay probably means fuse-overlayfs.Junichi Uekawa2021-10-22
| | | | | | | | | | | | | | | | | | fuse-overlayfs is usually the package name. Signed-off-by: Junichi Uekawa <dancer@debian.org>
* | | Merge pull request #12021 from rhatdan/kubeOpenShift Merge Robot2021-10-22
|\ \ \ | |/ / |/| | Generate Kube should not print default structs
| * | Generate Kube should not print default structsDaniel J Walsh2021-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If podman uses Workdir="/" or the workdir specified in the image, it should not add it to the yaml. If Podman find environment variables in the image, they should not get added to the yaml. If the container or pod do not have changes to SELinux we should not print seLinuxOpt{} If the container or pod do not change any dns options the yaml should not have a dnsOption={} If the container is not privileged it should not have privileged=false in the yaml. Fixes: https://github.com/containers/podman/issues/11995 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Remove --kernel-memory optionsDaniel J Walsh2021-10-21
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Kernel memory option has been depracated in runtime-spec, It is believed that it will not work properly on certain kernels. runc ignores it. This PR removes documentation of the flag and also prints a warning if a user uses it. [NO NEW TESTS NEEDED] Helps Fix: https://github.com/containers/podman/issues/12045 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>