summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* pod infra container is started before a container in a pod is run, started, ↵Peter Hunt2019-02-15
| | | | | | | | | | or attached. Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod. Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix. Signed-off-by: Peter Hunt <pehunt@redhat.com>
* Merge pull request #2188 from TomSweeneyRedHat/dev/tsweeney/pullallOpenShift Merge Robot2019-02-15
|\ | | | | Add --all-tags to pull command
| * Add --all-tags to pull commandTomSweeneyRedHat2019-02-09
| | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Add --all-tags for the `podman pull` command so all tags of an image will be pulled, not just ':latest'. Emulates the change in Buildah https://github.com/containers/buildah/pull/1263 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | docs: mention the new OCI runtime configurationGiuseppe Scrivano2019-02-15
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #2333 from TomSweeneyRedHat/dev/tsweeney/helpexamplesOpenShift Merge Robot2019-02-15
|\ \ | | | | | | Add examples for Cobra
| * | Add examples for CobraTomSweeneyRedHat2019-02-14
| | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> First pass of entries for the Examples listed in the Cobra Help. Will add others in following PR's.
* | | Merge pull request #2320 from QiWang19/stdinPWOpenShift Merge Robot2019-02-14
|\ \ \ | | | | | | | | --password-stdin flag in `podman login`
| * | | --password-stdin flag in `podman login`Qi Wang2019-02-14
| | | | | | | | | | | | | | | | | | | | | | | | Support --password-stdin flag, reads a password from STDIN and pass it to `podman login`. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | Merge pull request #2151 from QiWang19/cpOpenShift Merge Robot2019-02-14
|\ \ \ \ | | | | | | | | | | 'podman cp' copy between host and container
| * | | | 'podman cp' copy between host and containerQi Wang2019-02-14
| |/ / / | | | | | | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | / / Fix volume handling in podmanDaniel J Walsh2019-02-14
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | iFix builtin volumes to work with podman volume Currently builtin volumes are not recored in podman volumes when they are created automatically. This patch fixes this. Remove container volumes when requested Currently the --volume option on podman remove does nothing. This will implement the changes needed to remove the volumes if the user requests it. When removing a volume make sure that no container uses the volume. Signed-off-by: Daniel J Walsh dwalsh@redhat.com Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2281 from rhatdan/deleteContainerOpenShift Merge Robot2019-02-11
|\ \ \ | |/ / |/| | Remove container from storage on --force
| * | Remove container from storage on --forceDaniel J Walsh2019-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we can get into a state where a container exists in storage but does not exist in libpod. If the user forces a removal of this container, then we should remove it from storage even if the container is owned by another tool. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #2306 from baude/podstatsgotemplateOpenShift Merge Robot2019-02-11
|\ \ \ | | | | | | | | Podman pod stats -- fix GO template output
| * | | Podman pod stats -- fix GO template outputbaude2019-02-10
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Go templates were not being processed or printed correctly for podman pod stats. Added the ability to do templates as well as honor the table identifier. Fixes #2258 Signed-off-by: baude <bbaude@redhat.com>
* / | Add troubleshooting information about running a rootless containers.Daniel J Walsh2019-02-10
|/ / | | | | | | | | | | | | Add a problem statement about shadow-utils and missing entries from /etc/subuid and /etc/subgid. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2280 from TomSweeneyRedHat/dev/tsweeney/trusty2OpenShift Merge Robot2019-02-09
|\ \ | |/ |/| Update image-trust man with further comments
| * Update image-trust man with further commentsTomSweeneyRedHat2019-02-08
| | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> After the last update, @mtrmac had some great suggestions which I've incorporated. I've updated the G:oogle doc and have added this PR in case it's easier to see the diffs. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2269 from rhatdan/selinuxOpenShift Merge Robot2019-02-07
|\ \ | |/ |/| Add documentation on running systemd on SELinux systems
| * Add documentation on running systemd on SELinux systemsDaniel J Walsh2019-02-06
| | | | | | | | | | | | | | | | Lots of users are attempting to run systemd within a container. They are being blocked from running SELinux systems since they need the container_manage_cgroup which is not enabled by default. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add podman system prune and info commandsDaniel J Walsh2019-02-05
|/ | | | | | | | | We are missing the equivalence of the docker system commands This patch set adds `podman system prune` and `podman system info` Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2196 from baude/toolboxDaniel J Walsh2019-02-05
|\ | | | | Changes to container runlabel for toolbox project
| * Changes to container runlabel for toolbox projectbaude2019-01-30
| | | | | | | | | | | | | | | | | | | | The toolbox project would benefit from a few changes to more closely resembe the original atomic cli project. Changes made are: * only pull image for container runlabel if the label exists in the image * if a container image does not have the desired label, exit with non-zero Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #2233 from TomSweeneyRedHat/dev/tsweeney/trustyOpenShift Merge Robot2019-02-02
|\ \ | | | | | | Touch up image-trust man
| * | Touch up image-trust manTomSweeneyRedHat2019-02-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> In #1899, @rhatdan asked me to try and tweak the verbiage a bit in the podman-images-trust man page. I've done so, or attempted to, and have also added a policy-json(5) link. Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | | Rework Podman descriptionTomSweeneyRedHat2019-02-01
|/ / | | | | | | | | | | | | | | | | | | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com> Rework the Podman Description. I'm starting off with the Podman man page to build consensus and we can then add to other places as appropriate. This partially addresses: #1636 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* | Merge pull request #2244 from rhatdan/versionOpenShift Merge Robot2019-01-30
|\ \ | | | | | | Add support for short option -f in podman version
| * | Add support for short option -f in podman versionDaniel J Walsh2019-01-30
| |/ | | | | | | | | | | docker version supports a short options -f for --format Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #2243 from rhatdan/sizeOpenShift Merge Robot2019-01-30
|\ \ | | | | | | Add support for short option -s in podman inspect
| * | Add support for short option -s in podman inspectDaniel J Walsh2019-01-30
| |/ | | | | | | | | | | docker inspect supports a short -s option for --size. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Add support for short option -fDaniel J Walsh2019-01-30
|/ | | | | | docker info supports a short -f option for --format. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman image prune -- implement all flagbaude2019-01-29
| | | | | | | | | | | we now, by default, only prune dangling images. if --all is passed, we prune dangling images AND images that do not have an associated containers. also went ahead and enabled the podman-remote image prune side of things. Fixes: #2192 Signed-off-by: baude <bbaude@redhat.com>
* tutorials: describe how to use podman in updates-testingKen Dreyer2019-01-25
| | | | Signed-off-by: Ken Dreyer <kdreyer@redhat.com>
* Merge pull request #2203 from 9034725985/patch-1OpenShift Merge Robot2019-01-23
|\ | | | | remove sudo
| * remove sudoKushal2019-01-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | just tested with podman 1.0.0 on fedora 29 we don't need sudo I tried this again and it seems like we DO need sudo? Maybe I misunderstood something but looks like I am unable to reproduce getting an IP address also it would be nice if creating a check point (which I belive means writing to disk) could be done without root but I guess it depends on where on disk I am writing? in any case, here is my new console output ```console [kus@asus-vivobook personal]$ cd libpod/ [kus@asus-vivobook libpod]$ git checkout patch-1 Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'. Switched to a new branch 'patch-1' [kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s Writing manifest to image destination Storing signatures 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\" "IPAddress": "", [kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\" [sudo] password for kus: no such container [kus@asus-vivobook libpod]$ podman logs --latest => sourcing 10-set-mpm.sh ... => sourcing 20-copy-config.sh ... => sourcing 40-ssl-certs.sh ... AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message [Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name [Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor [Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1 [Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations [Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND' [Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize [kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 USER PID PPID %CPU ELAPSED TTY TIME COMMAND default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND [kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 checkpointing a container requires root [kus@asus-vivobook libpod]$ podman stop --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 [kus@asus-vivobook libpod]$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin [kus@asus-vivobook libpod]$ podman rm --latest 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777 ``` original: ```console [kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ > -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ > -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ > registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s Writing manifest to image destination Storing signatures d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1 [kus@mcny ~]$ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage [kus@mcny ~]$ ``` Signed-off-by: Kushal <kushaldeveloper@gmail.com>
* | Update transfer.md and commands.md to add missing commands.Daniel J Walsh2019-01-21
|/ | | | | | These pages are a litte out of data. Add missing content. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add --latest and --all to podman mount/umountDaniel J Walsh2019-01-16
| | | | | | I find these useful for playing around with containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* oci: allow to define multiple OCI runtimesGiuseppe Scrivano2019-01-14
| | | | | | | | | | | | | | | | | | | | | | | | we can define multiple OCI runtimes that can be chosen with --runtime. in libpod.conf is possible to specify them with: [runtimes] foo = [ "/usr/bin/foo", "/usr/sbin/foo", ] bar = [ "/usr/bin/foo", "/usr/sbin/foo", ] If the argument to --runtime is an absolute path then it is used directly without any lookup in the configuration. Closes: https://github.com/containers/libpod/issues/1750 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix up image sign and trustDaniel J Walsh2019-01-09
| | | | | | | | Add completions Fix man pages fix code in sign to answer PR Comments. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #2040 from QiWang19/signimgOpenShift Merge Robot2019-01-09
|\ | | | | Support podman image sign
| * [WIP]Support podman image signQi Wang2019-01-08
| | | | | | | | | | | | Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/). Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #2103 from ↵OpenShift Merge Robot2019-01-09
|\ \ | | | | | | | | | | | | debarshiray/wip/debarshiray/man-page-order-long-short-options List the long variant of each option before its shorter counterpart
| * | List the long variant of each option before its shorter counterpartDebarshi Ray2019-01-09
| | | | | | | | | | | | | | | | | | This is the style followed in most of the other man pages. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | | hooks: Add pre-create hooks for runtime-config manipulationW. Trevor King2019-01-08
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There's been a lot of discussion over in [1] about how to support the NVIDIA folks and others who want to be able to create devices (possibly after having loaded kernel modules) and bind userspace libraries into the container. Currently that's happening in the middle of runc's create-time mount handling before the container pivots to its new root directory with runc's incorrectly-timed prestart hook trigger [2]. With this commit, we extend hooks with a 'precreate' stage to allow trusted parties to manipulate the config JSON before calling the runtime's 'create'. I'm recycling the existing Hook schema from pkg/hooks for this, because we'll want Timeout for reliability and When to avoid the expense of fork/exec when a given hook does not need to make config changes [3]. [1]: https://github.com/opencontainers/runc/pull/1811 [2]: https://github.com/opencontainers/runc/issues/1710 [3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059 Signed-off-by: W. Trevor King <wking@tremily.us>
* | Merge pull request #2097 from debarshiray/wip/debarshiray/podman-exec-workdirOpenShift Merge Robot2019-01-08
|\ \ | | | | | | Add a --workdir option to 'podman exec'
| * | Add a --workdir option to 'podman exec'Debarshi Ray2019-01-08
| |/ | | | | | | Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* / Default --sig-proxy to true for 'podman start --attach'Debarshi Ray2019-01-08
|/ | | | | | | | | | The --sig-proxy option in both 'podman attach' and 'podman run' default to true, and there's no reason for 'podman start --attach' to be any different. However, since it only makes sense to proxy signals when the container is attached, 'podman start --sig-proxy' will continue to error if --attach isn't used. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* Add the configuration file used to setup storage to podman infoDaniel J Walsh2019-01-07
| | | | | | | | | | Users have no idea what storage configuration file is used to setup storage, so adding this to podman info, should make it easier to discover. This requires a revendor of containers/storage Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add troubleshooting for sparse filesDaniel J Walsh2018-12-30
| | | | | | | | | | A common failure with people building container images is the creation of large sparse files, particularly useradd creating the lastlog file. This PR Documents the failures. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>