summaryrefslogtreecommitdiff
path: root/docs/source
Commit message (Collapse)AuthorAge
* Merge pull request #11513 from Luap99/unshareOpenShift Merge Robot2021-09-11
|\ | | | | podman unshare keep exit code
| * podman unshare keep exit codePaul Holzinger2021-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In case the command inside the podman unshare env failed podman unshare always exits with 125 and prints `Error: exit status 125`. This is a bad user experience and makes it difficult to use in scripts which could expect certain exit codes. This commit makes sure podman unshare uses the same exit code as the command and does not print the useless `exit status X` message. Also to match podman run/exec it should return 126 for EPERM and 127 for ENOENT. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11323 from umohnani8/initOpenShift Merge Robot2021-09-10
|\ \ | | | | | | Add init containers to generate and play kube
| * | Add init containers to generate and play kubeUrvashi Mohnani2021-09-10
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Kubernetes has a concept of init containers that run and exit before the regular containers in a pod are started. We added init containers to podman pods as well. This patch adds support for generating init containers in the kube yaml when a pod we are converting had init containers. When playing a kube yaml, it detects an init container and creates such a container in podman accordingly. Note, only init containers created with the init type set to "always" will be generated as the "once" option deletes the init container after it has run and exited. Play kube will always creates init containers with the "always" init container type. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* / Fix missing args in name in exampleShion Tanaka2021-09-10
|/ | | | Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
* Merge pull request #11492 from rhatdan/manOpenShift Merge Robot2021-09-09
|\ | | | | [CI:DOCS] Fix spacing on --userns options in docs
| * Fix spacing on --userns options in docsDaniel J Walsh2021-09-08
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add logDriver to podman infoDaniel J Walsh2021-09-08
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11468 from Luap99/play-kube-slirpOpenShift Merge Robot2021-09-08
|\ | | | | fix play kube --network options
| * fix play kube --network optionsPaul Holzinger2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | Commit 092902b45555 introduced advanced network options for podman play kube. However this never worked because it unconditionally set the network mode to bridge after it parsed the network option. Added a test to ensure the correct mode is set. Truly fixes #10807 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11427 from flouthoc/kube-pod-logsOpenShift Merge Robot2021-09-07
|\ \ | |/ |/| kube: Add support for `podman pod logs`.
| * kube: Add support for podman pod logsAditya Rajan2021-09-05
| | | | | | | | | | | | | | | | | | | | | | Following PR adds support for `kubectl` like `pod logs` to podman. Usage `podman pod logs <podIDorName` gives a stream of logs for all the containers within the pod with **containername** as a field. Just like **`kubectl`** also supports `podman pod logs -c ctrIDorName podIDorName` to limit the log stream to any of the specificied container which belongs to pod. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | network create: add warning for deprecated macvlan flagPaul Holzinger2021-09-07
|/ | | | | | | | | | | | The macvlan driver is not deprecated, only the --macvlan flag is. Remove the flag from the man page since it is deprecated and add a warning to podman network create if it is used. [NO TESTS NEEDED] Fixes #11400 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11368 from giuseppe/fix-man-formatDaniel J Walsh2021-09-01
|\ | | | | [CI:DOCS] fix indentation for userns modes
| * docs: fix indentation for userns modesGiuseppe Scrivano2021-08-31
| | | | | | | | | | | | Closes: https://github.com/containers/podman/issues/11364 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | generate systemd: clarify limitations of `--new`Valentin Rothberg2021-09-01
| | | | | | | | | | | | | | | | | | | | | | | | | | `generate systemd --new` is looking at the "create command" of the container/pod which is simply the os.Args at creation time. It does not work on containers or pods created via the REST API since the create command is not set. `--new` does work on such containers and pods since there is no reliable way to reverse-map their configs to command-line arguments of podman. Fixes: #11370 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | [CI:DOCS] podman cp: highlight globbing and multi-file copyValentin Rothberg2021-08-31
|/ | | | | | | | | | | | `podman cp` does not allow for globbing or filtering copied data in any form. `docker cp` does not either, so Podman remains compatible. Due to a number of requests, highlight how users can effectively achieve that by means of chaining with tools such as xargs(1) or find(1), or by making use of `podman mount`. Closes: #11346 Closes: #11194 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* InfraContainer Reworkcdoern2021-08-26
| | | | | | | | | | InfraContainer should go through the same creation process as regular containers. This change was from the cmd level down, involving new container CLI opts and specgen creating functions. What now happens is that both container and pod cli options are populated in cmd and used to create a podSpecgen and a containerSpecgen. The process then goes as follows FillOutSpecGen (infra) -> MapSpec (podOpts -> infraOpts) -> PodCreate -> MakePod -> createPodOptions -> NewPod -> CompleteSpec (infra) -> MakeContainer -> NewContainer -> newContainer -> AddInfra (to pod state) Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #11298 from baude/kubeupdownOpenShift Merge Robot2021-08-26
|\ | | | | teardown play kube
| * teardown play kubeBrent Baude2021-08-24
| | | | | | | | | | | | | | | | | | add the ability for play kube to tear down based on the yaml used to play it. it is indicated by --down in the play kube command. volumes are NOT deleted during the teardown. pods and their containers are stopped and removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11318 from jmguzik/volume-ls-prune-docsOpenShift Merge Robot2021-08-26
|\ \ | | | | | | [CI:DOCS] Add filter params description to volume list/prune docs
| * | Add filter params description to volume list/prune docsJakub Guzik2021-08-26
| |/ | | | | | | | | | | | | Description adjusted to the standard seen in other man pages. [CI:DOCS] Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #11208 from ashley-cui/streamsOpenShift Merge Robot2021-08-26
|\ \ | | | | | | [NO TESTS NEEDED] Allow setting of machine stream and image path from containers.conf
| * | Allow setting of machine stream and image path from containers.confAshley Cui2021-08-24
| |/ | | | | | | | | | | Default is "testing" Signed-off-by: Ashley Cui <acui@redhat.com>
* / volumes: Add volume import to allow importing contents on tar into volumeflouthoc2021-08-26
|/ | | | | | | Following feature makes sure that users can load contents of external tarball into the podman volumes. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #11290 from flouthoc/volume-exportOpenShift Merge Robot2021-08-23
|\ | | | | volumes: Add support for `volume export` which allows exporting content to external path.
| * volumes: Add support for exporting volumes to external tarflouthoc2021-08-23
| | | | | | | | | | | | | | Adds support for transferring data between systems and backing up systems. Use cases: recover from disasters or move data between machines. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11205 from Shivkumar13/shivkumar-tls-fixOpenShift Merge Robot2021-08-23
|\ \ | |/ |/| Support for --tls-verify flag in podman-run & podman-create
| * Support for --tls-verify flag in podman run & podman createShivkumar132021-08-21
| | | | | | | | Signed-off-by: Shivkumar13 <sople@redhat.com>
* | Add ability to build images in play kubeBrent Baude2021-08-18
| | | | | | | | | | | | | | | | When playing a kube YAML file, it can be desirable to be able to build an image on the fly. This is good for development of an image and YAML files and somewhat mocks what compose does. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | rename oneshot initcontainers to onceBrent Baude2021-08-12
| | | | | | | | | | | | | | | | | | | | after the init containers pr merged, it was suggested to use `once` instead of `oneshot` containers as it is more aligned with other terminiology used similarily. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Run codespell to fix spellingDaniel J Walsh2021-08-11
| | | | | | | | | | | | [NO TESTS NEEDED] Just fixing spelling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #11173 from jmguzik/pod-ps-until-filteropenshift-ci[bot]2021-08-11
|\ \ | |/ |/| Add until filter to podman pod ps
| * Add until filter to podman pod psJakub Guzik2021-08-10
| | | | | | | | | | | | | | | | This commit adds additional until filter to podman pod ps (ls/list). Additionally, it also adds descriptions for podman pod ps filters available via http api. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #11177 from Luap99/source-ipopenshift-ci[bot]2021-08-10
|\ \ | | | | | | [CI:DOCS] Document source ip for the rootlesskit port handler
| * | Document source ip for the rootlesskit port handlerPaul Holzinger2021-08-10
| |/ | | | | | | | | | | | | | | Also add some missing options to podman pod create. Fixes #10884 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #10589 from umohnani8/pod-usernsopenshift-ci[bot]2021-08-10
|\ \ | |/ |/| Add support for pod inside of user namespace.
| * Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Alias build to buildx, so it won't failDaniel J Walsh2021-08-09
|/ | | | | | Add hidden --load and --progress flag as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11074 from vrothberg/auto-update-rollbackopenshift-ci[bot]2021-08-06
|\ | | | | auto-update: simple rollback
| * auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | | | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ \ | |/ |/| implement init containers in podman
| * implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10973 from rhatdan/quotaopenshift-ci[bot]2021-08-04
|\ \ | | | | | | Support size options on builtin volumes
| * | Support size and inode options on builtin volumesDaniel J Walsh2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Since it is difficult to setup xfs quota Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | stats: add a interval parameter to cli and api stats streaming
| * | | stats: add a interval parameter to cli and api stream modeThomas Weber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman stats polled by default in a 1 sec period. This can put quite some load on a machine if you run many containers. The default value is now 5 seconds. You can change this interval with a new, optional, --interval, -i cli flag. The api request got also a interval query parameter for the same purpose. Additionally a unused const was removed. Api and cli will fail the request if a 0 or negative value is passed in. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | | | Merge pull request #11091 from Luap99/connect-disconnectopenshift-ci[bot]2021-08-03
|\ \ \ \ | | | | | | | | | | fix rootless port forwarding with network dis-/connect
| * | | | fix rootless port forwarding with network dis-/connectPaul Holzinger2021-08-03
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>