summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* Add troubleshooting information about running a rootless containers.Daniel J Walsh2019-02-10
| | | | | | | Add a problem statement about shadow-utils and missing entries from /etc/subuid and /etc/subgid. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2280 from TomSweeneyRedHat/dev/tsweeney/trusty2OpenShift Merge Robot2019-02-09
|\ | | | | Update image-trust man with further comments
| * Update image-trust man with further commentsTomSweeneyRedHat2019-02-08
| | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> After the last update, @mtrmac had some great suggestions which I've incorporated. I've updated the G:oogle doc and have added this PR in case it's easier to see the diffs. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2269 from rhatdan/selinuxOpenShift Merge Robot2019-02-07
|\ \ | |/ |/| Add documentation on running systemd on SELinux systems
| * Add documentation on running systemd on SELinux systemsDaniel J Walsh2019-02-06
| | | | | | | | | | | | | | | | Lots of users are attempting to run systemd within a container. They are being blocked from running SELinux systems since they need the container_manage_cgroup which is not enabled by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add podman system prune and info commandsDaniel J Walsh2019-02-05
|/ | | | | | | | | We are missing the equivalence of the docker system commands This patch set adds `podman system prune` and `podman system info` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2196 from baude/toolboxDaniel J Walsh2019-02-05
|\ | | | | Changes to container runlabel for toolbox project
| * Changes to container runlabel for toolbox projectbaude2019-01-30
| | | | | | | | | | | | | | | | | | | | The toolbox project would benefit from a few changes to more closely resembe the original atomic cli project. Changes made are: * only pull image for container runlabel if the label exists in the image * if a container image does not have the desired label, exit with non-zero Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2233 from TomSweeneyRedHat/dev/tsweeney/trustyOpenShift Merge Robot2019-02-02
|\ \ | | | | | | Touch up image-trust man
| * | Touch up image-trust manTomSweeneyRedHat2019-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> In #1899, @rhatdan asked me to try and tweak the verbiage a bit in the podman-images-trust man page. I've done so, or attempted to, and have also added a policy-json(5) link. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Rework Podman descriptionTomSweeneyRedHat2019-02-01
|/ / | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Rework the Podman Description. I'm starting off with the Podman man page to build consensus and we can then add to other places as appropriate. This partially addresses: #1636 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2244 from rhatdan/versionOpenShift Merge Robot2019-01-30
|\ \ | | | | | | Add support for short option -f in podman version
| * | Add support for short option -f in podman versionDaniel J Walsh2019-01-30
| |/ | | | | | | | | | | docker version supports a short options -f for --format Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2243 from rhatdan/sizeOpenShift Merge Robot2019-01-30
|\ \ | | | | | | Add support for short option -s in podman inspect
| * | Add support for short option -s in podman inspectDaniel J Walsh2019-01-30
| |/ | | | | | | | | | | docker inspect supports a short -s option for --size. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Add support for short option -fDaniel J Walsh2019-01-30
|/ | | | | | docker info supports a short -f option for --format. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman image prune -- implement all flagbaude2019-01-29
| | | | | | | | | | | we now, by default, only prune dangling images. if --all is passed, we prune dangling images AND images that do not have an associated containers. also went ahead and enabled the podman-remote image prune side of things. Fixes: #2192 Signed-off-by: baude <bbaude@redhat.com>
* tutorials: describe how to use podman in updates-testingKen Dreyer2019-01-25
| | | | Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
* Merge pull request #2203 from 9034725985/patch-1OpenShift Merge Robot2019-01-23
|\ | | | | remove sudo
| * remove sudoKushal2019-01-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | just tested with podman 1.0.0 on fedora 29 we don't need sudo I tried this again and it seems like we DO need sudo? Maybe I misunderstood something but looks like I am unable to reproduce getting an IP address also it would be nice if creating a check point (which I belive means writing to disk) could be done without root but I guess it depends on where on disk I am writing? in any case, here is my new console output ```console [kus@asus-vivobook personal]$ cd libpod/ [kus@asus-vivobook libpod]$ git checkout patch-1 Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'. Switched to a new branch 'patch-1' [kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s Writing manifest to image destination Storing signatures 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\" "IPAddress": "", [kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\" [sudo] password for kus: no such container [kus@asus-vivobook libpod]$ podman logs --latest => sourcing 10-set-mpm.sh ... => sourcing 20-copy-config.sh ... => sourcing 40-ssl-certs.sh ... AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name [Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor [Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1 [Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations [Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND' [Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize [kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 USER PID PPID %CPU ELAPSED TTY TIME COMMAND default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND [kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 checkpointing a container requires root [kus@asus-vivobook libpod]$ podman stop --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman rm --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 ``` original: ```console [kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s Writing manifest to image destination Storing signatures d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1 [kus@mcny ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage [kus@mcny ~]$ ``` Signed-off-by: Kushal <kushaldeveloper@gmail.com>
* | Update transfer.md and commands.md to add missing commands.Daniel J Walsh2019-01-21
|/ | | | | | These pages are a litte out of data. Add missing content. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix up image sign and trustDaniel J Walsh2019-01-09
| | | | | | | | Add completions Fix man pages fix code in sign to answer PR Comments. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2103 from ↵OpenShift Merge Robot2019-01-09
|\ \ | | | | | | | | | | | | debarshiray/wip/debarshiray/man-page-order-long-short-options List the long variant of each option before its shorter counterpart
| * | List the long variant of each option before its shorter counterpartDebarshi Ray2019-01-09
| | | | | | | | | | | | | | | | | | This is the style followed in most of the other man pages. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | hooks: Add pre-create hooks for runtime-config manipulationW. Trevor King2019-01-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's been a lot of discussion over in [1] about how to support the NVIDIA folks and others who want to be able to create devices (possibly after having loaded kernel modules) and bind userspace libraries into the container. Currently that's happening in the middle of runc's create-time mount handling before the container pivots to its new root directory with runc's incorrectly-timed prestart hook trigger [2]. With this commit, we extend hooks with a 'precreate' stage to allow trusted parties to manipulate the config JSON before calling the runtime's 'create'. I'm recycling the existing Hook schema from pkg/hooks for this, because we'll want Timeout for reliability and When to avoid the expense of fork/exec when a given hook does not need to make config changes [3]. [1]: https://github.com/opencontainers/runc/pull/1811 [2]: https://github.com/opencontainers/runc/issues/1710 [3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059 Signed-off-by: W. Trevor King <wking@tremily.us>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| |/ | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* / Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Add the configuration file used to setup storage to podman infoDaniel J Walsh2019-01-07
| | | | | | | | | | Users have no idea what storage configuration file is used to setup storage, so adding this to podman info, should make it easier to discover. This requires a revendor of containers/storage Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add troubleshooting for sparse filesDaniel J Walsh2018-12-30
| | | | | | | | | | A common failure with people building container images is the creation of large sparse files, particularly useradd creating the lastlog file. This PR Documents the failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Allow alias for list, ls, ps to workDaniel J Walsh2018-12-23
| | | | | | | | Allow multiple alias for listing containers and images. Also fix documentation for umount and unmount Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #1967 from baude/kubereplayOpenShift Merge Robot2018-12-20
|\ | | | | Add Play
| * Add Playbaude2018-12-19
| | | | | | | | | | | | | | podman play kube adds the ability for the user to recreate pods and containers from a Kubernetes YAML file in libpod. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1900 from vbatts/cni-config-instructionsOpenShift Merge Robot2018-12-20
|\ \ | | | | | | docs/tutorials: add a basic network config
| * | docs/tutorials: add a basic network configVincent Batts2018-12-17
| | | | | | | | | | | | Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
* | | Merge pull request #1899 from QiWang19/trustimgOpenShift Merge Robot2018-12-19
|\ \ \ | |_|/ |/| | Support podman image trust command
| * | Support podman image trust commandQi Wang2018-12-19
| | | | | | | | | | | | | | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #2021 from rhatdan/restartOpenShift Merge Robot2018-12-18
|\ \ \ | | | | | | | | Add information on --restart
| * | | Add information on --restartDaniel J Walsh2018-12-18
| |/ / | | | | | | | | | | | | | | | | | | We need to recommend that users use Systemd unit files if they want the container to restart automatically. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #1935 from deuscapturus/masterOpenShift Merge Robot2018-12-18
|\ \ \ | | | | | | | | add getlogin command
| * | | add --get-login command to podman-login.Theodore Cowan2018-12-17
| |/ / | | | | | | | | | | | | | | | | | | Returns user if user is logged-in to the registry. Returns error if not logged in with non-zero status code. Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
* / / generate service object inlinebaude2018-12-18
|/ / | | | | | | | | | | | | no longer require the service object be output to a different file; we should be doing this inline with the pods for user convenience. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1953 from baude/podstoptimeoutOpenShift Merge Robot2018-12-07
|\ \ | | | | | | add timeout to pod stop
| * | add timeout to pod stopbaude2018-12-07
| | | | | | | | | | | | | | | | | | | | | | | | like podman stop of containers, we should allow the user to specify a timeout override when stopping pods; otherwise they have to wait the full timeout time specified during the pod/container creation. Signed-off-by: baude <bbaude@redhat.com>