| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
People who use docker scripts with Podman see failures
if they use disable-content-trust flag. This flag already
existed for podman build, adding it to pull/push/create/run.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
Add support -v for overlay volume mounts in podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\
| |
| | |
allow switching of port-forward approaches in rootless/using slirp4netns
|
| | |
| |
| |
| | |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Podman is committed to inclusivity, a core value of open source. Historically, there have been technology terms that are problematic and divisive, and should be changed. We are currently taking time to audit our repository in order to eliminate such terminology, and replace it with more inclusive terms. We are starting where we can, with our own code, comments, and documentation. However, such terms may be used in dependencies, and must be used in our repositories at the current moment for compatibility. Podman will change these terms in our repo as soon as new and better terminology is available to us via our dependencies.
For more information: https://www.redhat.com/en/blog/making-open-source-more-inclusive-eradicating-problematic-language?sc_cid=701600000011gf0AAA
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |/
|
|
|
|
|
|
| |
When running "podman pod create --share user" the errors appears:
Error: User sharing functionality not supported on pod level
Fix docs and remove 'user' from shareable parameters.
Signed-off-by: Sagi Shnaidman <sshnaidm@redhat.com>
|
| |
|
|
|
|
| |
This also pulls in latest runc and containers/common
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
--sdnotify container|conmon|ignore
With "conmon", we send the MAINPID, and clear the NOTIFY_SOCKET so the OCI
runtime doesn't pass it into the container. We also advertise "ready" when the
OCI runtime finishes to advertise the service as ready.
With "container", we send the MAINPID, and leave the NOTIFY_SOCKET so the OCI
runtime passes it into the container for initialization, and let the container advertise further metadata.
This is the default, which is closest to the behavior podman has done in the past.
The "ignore" option removes NOTIFY_SOCKET from the environment, so neither podman nor
any child processes will talk to systemd.
This removes the need for hardcoded CID and PID files in the command line, and
the PIDFile directive, as the pid is advertised directly through sd-notify.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
|
| |\
| |
| | |
Add --tz flag to create, run
|
| | |
| |
| |
| |
| |
| |
| | |
--tz flag sets timezone inside container
Can be set to IANA timezone as well as `local` to match host machine
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
Set engine env from common config
|
| | |/
| |
| |
| |
| |
| |
| | |
Set the env that is used by Podman.
related issue containers/common#31
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Clarify in the help message and the man page that auto updates only work
with systemd units that are similar to the ones from `generate systemd
--new`. Units that merely start/stop a container do not work as they
will use the same image.
Fixes: #6793
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
docs: recommend alternatives to podman inspect
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman inspect is problematic because there can be naming clashes. Also,
it only inspects a couple of types of objects and the docs for it didn't
help discover that several more types could be inspected as well.
To address both concerns, we deprecate `podman inspect` and update the
docs to point to to the recommend alternatives.
Issue: #6756
Signed-off-by: Mark Stosberg <mark@rideamigos.com>
|
| |/
|
|
|
|
|
|
| |
This makes it clear that we target compatibility with a specific
Docker version (v1.40), but do not reject other versions. It also
adds a link to documentation on the Podman-specific API.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Allow empty host port in --publish flag
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes #6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| |/
|/| |
podman: add new cgroup mode split
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When running under systemd there is no need to create yet another
cgroup for the container.
With conmon-delegated the current cgroup will be split in two sub
cgroups:
- supervisor
- container
The supervisor cgroup will hold conmon and the podman process, while
the container cgroup is used by the OCI runtime (using the cgroupfs
backend).
Closes: https://github.com/containers/libpod/issues/6400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functionality in hack/man-page-checker: start cross-
referencing the man page 'Synopsis' line against the
output of 'podman foo --help'. This is part 1, flag/option
consistency. Part 2 (arg consistency) is too big and will
have to wait for later.
flag/option consistency means: if 'podman foo --help'
includes the string '[flags]' in the Usage message,
make sure the man page includes '[*options*]' in its
Synopsis line, and vice-versa. This found several
inconsistencies, which I've fixed.
While doing this I realized that Cobra automatically
includes a 'Flags:' subsection in its --help output
for all subcommands that have defined flags. This
is great - it lets us cross-check against the
usage synopsis, and make sure that '[flags]' is
present or absent as needed, without fear of
human screwups. If a flag-less subcommand ever
gets extended with flags, but the developer forgets
to add '[flags]' and remove DisableFlagsInUseLine,
we now have a test that will catch that. (This,
too, caught two instances which I fixed).
I don't actually know if the new man-page-checker
functionality will work in CI: I vaguely recall that
it might run before 'make podman' does; and also
vaguely recall that some steps were taken to remedy
that.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Throw an error if a specified tag does not exist. Also make sure that
the user input is normalized as we already do for `podman tag`.
To prevent regressions, add a set of end-to-end and systemd tests.
Last but not least, update the docs and add bash completions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
| |
Signed-off-by: Peter Oliver <git@mavit.org.uk>
|
| |
|
|
|
|
|
|
|
| |
* Implement command
* Refactor podman-remote to pull from containers.conf by default
* podman-remote defaults to --remote being true
* Write podman-system-connection.1.md
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |\
| |
| | |
Add --preservefds to podman run
|
| | |
| |
| |
| |
| |
| | |
Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
files.
s/po/pod
Signed-off-by: Gavin Campbell <gavin@gavincampbell.dev>
|
| |/
|
|
| |
Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
|
| |
|
|
|
|
|
|
| |
Fix renaming bug in remote-docs.sh
Remove mentions of 'remote' in windows and mac dos
Remove podman-remote.conf.5
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\
| |
| | |
Do not share container log driver for exec
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the container uses journald logging, we don't want to
automatically use the same driver for its exec sessions. If we do
we will pollute the journal (particularly in the case of
healthchecks) with large amounts of undesired logs. Instead,
force exec sessions logs to file for now; we can add a log-driver
flag later (we'll probably want to add a `podman logs` command
that reads exec session logs at the same time).
As part of this, add support for the new 'none' logs driver in
Conmon. It will be the default log driver for exec sessions, and
can be optionally selected for containers.
Great thanks to Joe Gooch (mrwizard@dok.org) for adding support
to Conmon for a null log driver, and wiring it in here.
Fixes #6555
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We initially believed that implementing this required support for
restarting containers after reboot, but this is not the case.
The unless-stopped restart policy acts identically to the always
restart policy except in cases related to reboot (which we do not
support yet), but it does not require that support for us to
implement it.
Changes themselves are quite simple, we need a new restart policy
constant, we need to remove existing checks that block creation
of containers when unless-stopped was used, and we need to update
the manpages.
Fixes #6508
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
| |
* Remove varlink references from the man pages
* Fix signature for extractTarFile()
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a `--replace` flag to the `pod create` command. If another pod with
the same name already exists, it will be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a pod may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Note that the `--replace` flag does not require the `--name` flag to be
set, so it can be set unconditionally in `podman generate systemd`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a `--replace` flag to the `container {create,run}` commands.
If another container with the same name already exists, it will
be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a container may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
update document login see config.json as valid
|
| | |
| |
| |
| |
| |
| | |
Update the document, pointing out podman credentials from $HOME/.docker/config.json can be used by Podman.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Create a new template for generating a pod unit file. Eventually, this
allows for treating and extending pod and container generation
seprately.
The `--new` flag now also works on pods.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add an `--infra-conmon-pidfile` flag to `podman-pod-create` to write the
infra container's conmon process ID to a specified path. Several
container sub-commands already support `--conmon-pidfile` which is
especially helpful to allow for systemd to access and track the conmon
processes. This allows for easily tracking the conmon process of a
pod's infra container.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Allow containers to join an existing pod via the `--pod-id-file` which
is already supported by a number of `podman-pod` subcommands. Also add
tests to make sure it's working and to prevent future regressions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Support the `--pod-id-file` flag in the rm, start and stop pod commands.
This completes the already support flag in pod-create and is another
prerequisite for generating generic systemd unit files for pods.
Also add completions, docs and tests.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Unless `--since` or `--until` is specified, `podman events` will stream
new events. Clarify this behavior in the `--help` message and man page
to avoid confusion.
Fixes: #6536
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
| |
this is step 1 to self-discovery of remote ssh connections. we add a remotesocket struct to info to detect what the socket path might be.
Co-authored-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* podman --remote ssh://<user>:<password>@<host>:<port><path>
* podman --remote ssh://<user>:<password>@<host>:<port><path> \
--identity <path> --passphrase <phrase>
* ssh-add <key>
podman --remote ssh://<user>@<host><path>
* Fix `podman help` to run even if podman missing components
* Prompt for passphrase on stdin IFF key is protected and passphrase
not given via any other configuration
* cobra flags do not support optional value flags therefore refactored
--remote to be a boolean and --url will now contain the URI to Podman
service
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Originally, we did not allow this, and the manpage reflects that.
We added support with 1.7.0, but did not update the manpage. Fix
the manpages so they are once again accurate.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Add support for `readonly` option to --mount
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This is just an alias to the `ro` option, but it's already in the
manpages (and Docker) so we might as well add support for it.
Fixes #6379
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
