summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ | | | | libpod/container_internal: Deprecate implicit hook directories
| * libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | create pod on the flybaude2018-12-03
| | | | | | | | | | | | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* | podman pod existsbaude2018-12-03
|/ | | | | | | | | like containers and images, users would benefit from being able to check if a pod exists in local storage. if the pod exists, the return code is 0. if the pod does not exists, the return code is 1. Any other return code indicates a real errors, such as permissions or runtime. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1317 from rhatdan/privilegedOpenShift Merge Robot2018-11-30
|\ | | | | Disable mount options when running --privileged
| * Disable mount options when running --privilegedDaniel J Walsh2018-11-28
| | | | | | | | | | | | | | | | We now default to setting storage options to "nodev", when running privileged containers, we need to turn this off so the processes can manipulate the image. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add pod short option to psbaude2018-11-30
| | | | | | | | | | | | podman ps has a flag --pod; simply adding a short option of -p Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1848 from adrianreber/masterOpenShift Merge Robot2018-11-28
|\ \ | | | | | | Add tcp-established to checkpoint/restore
| * | Add '--tcp-established' to checkpoint/restore man pageAdrian Reber2018-11-28
| |/ | | | | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* / network: allow slirp4netns mode also for root containersGiuseppe Scrivano2018-11-28
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* add podman container|image existsbaude2018-11-26
| | | | | | | | | | Add an exists subcommand to podman container and podman image that allows users to verify the existence of a container or image by ID or name. The return code can be 0 (success), 1 (failed to find), or 125 (failed to work with runtime). Issue #1845 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1860 from TomasTomecek/version-add-formatOpenShift Merge Robot2018-11-25
|\ | | | | implement --format for version command
| * implement --format for version commandTomas Tomecek2018-11-25
| | | | | | | | Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
* | podman_tutorial.md typos: arguement -> argument; missing 'a'Steve Phillips2018-11-24
|/ | | | Signed-off-by: Steve Phillips <steve@tryingtobeawesome.com>
* Merge pull request #1835 from adrianreber/masterOpenShift Merge Robot2018-11-21
|\ | | | | Added option to keep container running after checkpointing
| * Update checkpoint/restore man pagesAdrian Reber2018-11-20
| | | | | | | | | | | | | | | | This adds the '--leave-running, -R' to the container-checkpoint man page. As the information for '--all, -a' and '--latest, -l' was also still missing it is included in this commit. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Allow users to expose ports from the pod to the hostbaude2018-11-20
|/ | | | | | | | | | we need to allow users to expose ports to the host for the purposes of networking, like a webserver. the port exposure must be done at the time the pod is created. strictly speaking, the port exposure occurs on the infra container. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1803 from QiWang19/issuebuildah1051OpenShift Merge Robot2018-11-12
|\ | | | | Add space between num & unit in images output
| * Add space between num & unit in images outputQi Wang2018-11-12
| | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #1794 from jmtd/patch-1OpenShift Merge Robot2018-11-12
|\ \ | | | | | | remove $-prefix from (most) shell examples
| * | remove $-prefix from (most) shell examplesJonathan Dowland2018-11-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For the shell examples related to building and installing podman, remove the shell prompt indicator character '$'. This makes copying and pasting lines much easier. Retain the prompt indicator for the post-install shell examples, since they (often) mix shell commands and shell command output, so it serves a useful purpose to distinguish them. Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
* | | Merge pull request #1799 from xakraz/fixes/doc_containersOpenShift Merge Robot2018-11-12
|\ \ \ | | | | | | | | docs: Fix duplicated entry for pod-container-unmount
| * | | docs: Fix duplicated entry for pod-container-unmountXavier Krantz2018-11-11
| | |/ | |/| | | | | | | Signed-off-by: Xavier Krantz <xakraz@gmail.com>
* / | Better document rootless containersDaniel J Walsh2018-11-10
|/ / | | | | | | | | | | | | | | | | Need to return an error pointing user in right direction if rootless podman fails, because of no /etc/subuid or /etc/subgid files. Also fix up man pages to better describe rootless podman. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #1772 from baude/rmdelpausedOpenShift Merge Robot2018-11-09
|\ \ | | | | | | rm -f now removes a paused container
| * | rm -f now removes a paused containerbaude2018-11-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now can remove a paused container by sending it a kill signal while it is paused. We then unpause the container and it is immediately killed. Also, reworked how the parallelWorker results are handled to provide a more consistent approach to how each subcommand implements it. It also fixes a bug where if one container errors, the error message is duplicated when printed out. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #1726 from giuseppe/default-to-fuse-overlayfsOpenShift Merge Robot2018-11-09
|\ \ \ | |_|/ |/| | rootless: default to fuse-overlayfs when available
| * | rootless: default to fuse-overlayfs when availableGiuseppe Scrivano2018-11-08
| |/ | | | | | | | | | | | | | | | | If fuse-overlayfs is present, rootless containers default to use it. This can still be overriden either via the command line with --storage-driver or in the ~/.config/containers/storage.conf configuration file. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / podman_tutorial: cni build path has changedVincent Batts2018-11-08
|/ | | | Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* Touch up --log* options and daemons in man pagesTomSweeneyRedHat2018-11-07
| | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Make kill, pause, and unpause parallel.baude2018-11-01
| | | | | | | | | | | Operations like kill, pause, and unpause -- which can operation on one or more containers -- can greatly benefit from parallizing its main job (eq kill). In the case of pauseand unpause, an --all option as was added. pause --all will pause all **running** containers. And unpause --all will unpause all **paused** containers. Signed-off-by: baude <bbaude@redhat.com>
* Make restart parallel and add --allbaude2018-11-01
| | | | | | | | | | When attempting to restart many containers, we can benefit from making the restarts parallel. For convenience, two new options are added: --all attempts to restart all containers --run-only when used with --all will attempt to restart only running containers Signed-off-by: baude <bbaude@redhat.com>
* Explain the device format in man pagesQi Wang2018-10-23
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Fix man page to show info on storageDaniel J Walsh2018-10-22
| | | | | | Also fix lint errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix trivial missing markup in manpagePaul W. Frields2018-10-18
| | | | Signed-off-by: Paul W. Frields <stickster@gmail.com>
* Add support for pod commandsJhon Honce2018-10-12
| | | | | | | | | | | | | | * Add support for pod -- create, inspect, kill, pause, ps, rm, restart, start, stop, top, unpause * Update pylintrc to better reflect pep8 code standards * Fix various pylint reported errors * Refactor code that determines screen width to no longer require initializing curses. Improved start up time and pushing data blob down ssh tunnel. * Correct pod-create man page, cgroupparent not boolean * Abort integration tests if podman service fails to start Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Support auth file environment variable & add change to man pagesQi Wang2018-10-12
| | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* Merge pull request #1623 from mheon/static_ipOpenShift Merge Robot2018-10-11
|\ | | | | Add ability to specify static IPs with --ip flag
| * Update manpages for --ip flagMatthew Heon2018-10-11
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1621 from QiWang19/issue1615OpenShift Merge Robot2018-10-11
|\ \ | | | | | | Document --net as an alias of --network in podman run & create
| * | Document --net as an alias of --network in podman run & createQi Wang2018-10-11
| |/ | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* / fix runlabel functions based on QA feedbackbaude2018-10-11
|/ | | | Signed-off-by: baude <bbaude@redhat.com>
* tutorial: add checkpoint/restore to tutorialAdrian Reber2018-10-03
| | | | Signed-off-by: Adrian Reber <areber@redhat.com>
* docs: add checkpoint and restore man pagesAdrian Reber2018-10-03
| | | | | | | This adds the podman-container-checkpoint and podman-container-restore man pages. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #1528 from baude/runlabelOpenShift Merge Robot2018-10-02
|\ | | | | Add container runlabel command
| * Add container runlabel commandbaude2018-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | Execute the command as described by a container image. The value of the label is processed into a command by: 1. Ensuring the first argument of the command is podman. 2. Substituting any variables with those defined by the environment or otherwise. If no label exists in the container image, nothing is done. podman container runlabel LABEL IMAGE extra_args Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1562 from mheon/update_install_instructionsOpenShift Merge Robot2018-10-02
|\ \ | | | | | | Update docs to build a runc that works with systemd
| * | Update docs to build a runc that works with systemdMatthew Heon2018-10-01
| |/ | | | | | | | | | | | | | | | | | | | | Runc disables systemd cgroup support when build statically, so don't tell people to do that now that we're defaulting to systemd for cgroup management. Also, fix some error messages to use the proper ID() call for containers. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* / Add --all flag to podman killDaniel J Walsh2018-09-30
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add buildah version and distribution to infobaude2018-09-28
| | | | | | | | For the sake of debug and problem reporting, we would benefit from knowing what buildah version was vendored into podman. Also, knowing the distribution and distribution version would also be handy. Signed-off-by: baude <bbaude@redhat.com>