summaryrefslogtreecommitdiff
path: root/docs/source/markdown
Commit message (Collapse)AuthorAge
* man pages: correct seccomp-policy labelValentin Rothberg2021-03-29
| | | | | | | | | The implementation uses `io.containers.seccomp.profile` while the docs mentioned `io.podman`. Correct the two references in the docs to reflect the implementation. Fixes: #9853 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Podman machine enhancementsbaude2021-03-27
| | | | | | | | | | | | | | | | | | | Podman machine remove is now called `rm`. Podman machine create now supports resizing the image to the value of --disk-size as provided. The default is to 10G. Added systemd unit file on guest via ignition that sends a Ready message to the host over a virtio-socket so that we know when the VM is booted and ready for use. Podman machine commands no longer require a VM name as an argument. A default VM name is defined and if no VM name is provided as a arg, the default will be used. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #9726 from tunacado/add_runroot_mount_require_to_systemd_genOpenShift Merge Robot2021-03-26
|\ | | | | Add RequiresMountsFor= to systemd generate
| * Add RequiresMountsFor= to systemd generateRobb Manes2021-03-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It is rare but possible that storage locations for the graphroot and the runroot are not mounted at boot time, and therefore might race when doing container operations. An example we've seen in the wild is that a slow tmpfs mount for the runroot would suddenly mount over /run, causing the container to lose all currently-running data, requiring a system refresh to get it back. This patch adds RequiresMountsFor= to the systemd.unit header to ensure the paths for both the graphroot and runroot are mounted prior to starting any generated unit files. Signed-off-by: Robb Manes <rmanes@redhat.com>
* | Rename podman machine create to init and clean upAshley Cui2021-03-25
| | | | | | | | | | | | | | | | | | | | Rename podman machine create to init because we're initing a VM, not really creating it Wire up CPUs flag Suppress QEMU GUI from popping up when not in debug mode [NO TESTS NEEDED] Signed-off-by: Ashley Cui <acui@redhat.com>
* | Improvements for machinebaude2021-03-25
| | | | | | | | | | | | clean up ci failures and add appropriate arch,os exclusion tags Signed-off-by: baude <bbaude@redhat.com>
* | Add --execute flag to podman machine sshAshley Cui2021-03-25
| | | | | | | | | | | | --execute, -e allows to execute a command through ssh Signed-off-by: Ashley Cui <acui@redhat.com>
* | introduce podman machinebaude2021-03-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman machine allows podman to create, manage, and interact with a vm running some form of linux (default is fcos). podman is then configured to be able to interact with the vm automatically. while this is usable on linux, the real push is to get this working on both current apple architectures in macos. Ashley Cui contributed to this PR and was a great help. [NO TESTS NEEDED] Signed-off-by: baude <bbaude@redhat.com>
* | Podman machine CLI and interface stubAshley Cui2021-03-25
| | | | | | | | | | | | | | | | | | | | Podman machine will be a mac-only command that manages the VM where containers are run. Currently, only the CLI is written and the interface function for the VM management is stub for future developement The podman machine cli is only built on mac builds. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #9749 from jwillikers/generate-kube-persistent-volume-claimOpenShift Merge Robot2021-03-23
|\ \ | | | | | | Generate Kubernetes PersistentVolumeClaims from named volumes
| * | Generate Kubernetes PersistentVolumeClaims from named volumesJordan Williams2021-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #5788 This commit adds support for named volumes in podman-generate-kube. Named volumes are output in the YAML as PersistentVolumeClaims. To avoid naming conflicts, the volume name is suffixed with "-pvc". This commit adds a corresponding suffix for host path mounts. Host path volumes are suffixed with "-host". Signed-off-by: Jordan Williams <jordan@jwillikers.com>
* | | [CI:DOCS] Add note to mappings for user/group userns in buildTomSweeneyRedHat2021-03-22
|/ / | | | | | | | | | | | | | | | | Add a note to the `--userns-uid-map` and `--userns-gid-map` options in the `podman build` man page. Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1930509 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* / Docs: removing secrets is safe for in-use secretsAshley Cui2021-03-16
|/ | | | | | | | Add docs explaining that it is safe to remove a secret that is in use by a container: secrets are copied and mounted into the container at creation Signed-off-by: Ashley Cui <acui@redhat.com>
* Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variablesDaniel J Walsh2021-03-10
| | | | | | | Also Switch to using CONTAINERS_REGISTRIES_CONF for registries.conf overrides. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Docs: Add docs to access APIs inside containerxcffl2021-03-10
| | | | Signed-off-by: xcffl <2216902+xcffl@users.noreply.github.com>
* podman cp: ignore EPERMs in rootless modeValentin Rothberg2021-03-09
| | | | | | | | | | | | Ignore permission errors when copying from a rootless container. TTY devices inside rootless containers are owned by the host's root user which is "nobody" inside the container's user namespace rendering us unable to even read them. Enable the integration test which was temporarily disabled for rootless users. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman-remote build does not support volumesDaniel J Walsh2021-03-08
| | | | | | | | Remove --volume option from podman-remote since it is not supported, also add information to podman-build man page indicating options not supported over remote connections. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [ci skip] Bad formatting fix in build documentationJakub Guzik2021-03-06
| | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* Merge pull request #9568 from wjt/podman-system-service-timeout-docsOpenShift Merge Robot2021-03-04
|\ | | | | [ci:docs] podman-system-service.1.md: fix timeout example
| * podman-system-service.1.md: fix timeout exampleWill Thompson2021-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | The rest of this document claims that the argument is called '--time', not '--timeout', and that the value is expressed in seconds. As currently written, the example (which ostensibly runs the API service for 5 seconds) uses the '--timeout' spelling (which actually does work, as an undocumented alias) and passes a value of '5000', which is more than an hour. Fix both. [NO TESTS NEEDED] as this is a simple documentation change. Signed-off-by: Will Thompson <wjt@endlessos.org>
* | Merge pull request #9536 from jmguzik/enable-cgroupsv2-sec-optsOpenShift Merge Robot2021-03-03
|\ \ | |/ |/| Enable cgroupsv2 rw mount via security-opt unmask
| * Add /sys/fs/cgroup as readonly path in docsJakub Guzik2021-03-03
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | podman-image-sign.1.md: typo fixSteve Phillips2021-02-27
|/ | | | | | identify -> identity Signed-off-by: Steve Phillips <steve@tryingtobeawesome.com>
* podman-system-connection.1.md: fix copy/paste errorKier Davis2021-02-24
| | | | Signed-off-by: Kier Davis <me@kierdavis.com>
* Add U volume flag to chown source volumesEduardo Vega2021-02-22
| | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* Merge pull request #9445 from jmguzik/no-header-info-for-systemd-generationOpenShift Merge Robot2021-02-22
|\ | | | | No header info for systemd generation
| * --no-header flag implementation for generate systemdJakub Guzik2021-02-22
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Allow podman play kube to read yaml file from stdinDaniel J Walsh2021-02-19
|/ | | | | | Fixes: https://github.com/containers/podman/issues/8996 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix typo podman run doc in flag -pid=mode "efault"paranlee2021-02-16
| | | | Signed-off-by: paranlee <paran.lee@mail.uk>
* Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ | | | | Implement Secrets
| * Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | add network prunebaude2021-02-06
|/ | | | | | | | | add the ability to prune unused cni networks. filters are not implemented but included both compat and podman api endpoints. Fixes :#8673 Signed-off-by: baude <bbaude@redhat.com>
* Makefile: make bin/* real targets!Ed Santiago2021-02-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backstory: every time you run 'make podman' or even just 'make', you get a full recompile. This is sub-ideal. Cause: I don't really know. It looks complicated. #5017 introduced a .PHONY for bin/podman, for reasons not explained in the PR. Then, much later, #5880 well- intentionedly but improperly tweaked the 'find' command used in defining SOURCES, adding a -prune but without the corresponding and required -print. Let's just say, it was an unfortunate cascade of events. This PR fixes the SOURCES definition and removes the highly-undesired .PHONY from podman & podman-remote, making it so you can type 'make' and, oh joy, not build anything if it's current. The way 'make' is supposed to work. Why fix this now? Because my PR (#9209) was failing in CI, in the Validate step: Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223. It failed even on Re-run, and only passed once I force-pushed the PR (with no changes, just a new commit SHA). I have no idea why bin/podman wasn't built, and I have zero interest in pursuing that right now, but the proper solution is to add bin/podman as a Makefile dependency for that particular test. So done. While I'm at it, fix what is pretty clearly a typo in a .PHONY And, finally, fix a go-md2man warning introduced in #9189 [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9174 from bitstrings/masterOpenShift Merge Robot2021-02-03
|\ | | | | Make slirp MTU configurable (network_cmd_options)
| * Make slirp MTU configurable (network_cmd_options)bitstrings2021-02-02
| | | | | | | | | | | | | | | | The mtu default value is currently forced to 65520. This let the user control it using the config key network_cmd_options, i.e.: network_cmd_options=["mtu=9000"] Signed-off-by: bitstrings <pino.silvaggio@gmail.com>
* | add macvlan as a supported network driverbaude2021-02-01
|/ | | | | | | | | | | | instead of using the --macvlan to indicate that you want to make a macvlan network, podman network create now honors the driver name of *macvlan*. Any options to macvlan, like the parent device, should be specified as a -o option. For example, -o parent=eth0. the --macvlan option was marked as deprecated in the man page but is still supported for the duration of 3.0. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #9144 from vrothberg/fix-9134OpenShift Merge Robot2021-01-29
|\ | | | | Revert "podman build --pull: use correct policy"
| * podman build --pull: refine help message and docsValentin Rothberg2021-01-28
| | | | | | | | | | | | | | Refine and correct the wording of the `--pull` flag in the help message and the docs. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Podman-remote push can support --formatDaniel J Walsh2021-01-29
| | | | | | | | | | | | | | | | Fix man page to document podman push --format fully. Also found that push was not handling the tlsverify so fixed this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
|/ | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8761 from ↵OpenShift Merge Robot2021-01-26
|\ | | | | | | | | ybelleguic/fix-man-page-on-overlayfs-in-rootless-mode [CI:DOCS] Fix man page for fuse-overlayfs config in rootless mode
| * Fix man page for fuse-overlayfs config in rootless modeYohan Belléguic2021-01-20
| | | | | | | | Signed-off-by: Yohan Belléguic <yohan.belleguic@arkea.com>
* | Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | disable dnsname when --internalbaude2021-01-25
| | | | | | | | | | | | | | | | when doing a network creation, the dnsname plugin should be disabled when the --internal bool is set. a warning is displayed if this happens and docs are updated. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9067 from Luap99/podman-manifest-existsOpenShift Merge Robot2021-01-23
|\ \ | | | | | | podman manifest exists
| * | podman manifest existsPaul Holzinger2021-01-22
| | | | | | | | | | | | | | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Add a notice to remove pod before starting servicexcffl2021-01-22
|/ / | | | | | | Signed-off-by: xcffl <2216902+xcffl@users.noreply.github.com>
* / podman volume existsPaul Holzinger2021-01-21
|/ | | | | | Add podman volume exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9021 from Luap99/podman-network-existsOpenShift Merge Robot2021-01-19
|\ | | | | podman network exists