summaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* Add restart-sec option to systemd generateOndra Machacek2021-12-03
| | | | Signed-off-by: Ondra Machacek <omachace@redhat.com>
* Merge pull request #12445 from wilbeibi/mainOpenShift Merge Robot2021-12-02
|\ | | | | [CI:DOCS] Update doc to explictly mention using ed25519 in ssh keys
| * Update doc to explictly mention using ed25519 in ssh keysHongyi Shen2021-12-02
| | | | | | | | Signed-off-by: Hongyi Shen <wilbeibi@gmail.com>
* | Merge pull request #12469 from Luap99/ns-teardown-flakeOpenShift Merge Robot2021-12-02
|\ \ | | | | | | Fix possible rootless netns cleanup race
| * | Fix possible rootless netns cleanup racePaul Holzinger2021-12-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | rootlessNetNS.Cleanup() has an issue with how it detects if cleanup is needed, reading the container state is not good ebough because containers are first stopped and than cleanup will be called. So at one time two containers could wait for cleanup but the second one will fail because the first one triggered already the cleanup thus making rootless netns unavailable for the second container resulting in an teardown error. Instead of checking the container state we need to check the netns state. Secondly, podman unshare --rootless-netns should not do the cleanup. This causes more issues than it is worth fixing. Users also might want to use this to setup the namespace in a special way. If unshare also cleans this up right away we cannot do this. [NO NEW TESTS NEEDED] Fixes #12459 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12450 from giuseppe/compression-formatOpenShift Merge Robot2021-12-01
|\ \ \ | |/ / |/| | podman, push: expose --compression-format
| * | podman, push: expose --compression-formatGiuseppe Scrivano2021-12-01
| |/ | | | | | | | | | | support overriding the compression format at push time. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / systemd: replace multi-user with default.targetValentin Rothberg2021-11-30
|/ | | | | | | | | | Replace `multi-user.target` with `default.target` across the code base. It seems like the multi-user one is not available for (rootless) users on F35 anymore is causing issues in all kinds of ways, for instance, enabling the podman.service or generated systemd units. Fixes: #12438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* List /etc/containers/certs.d as default for --cert-pathDaniel J Walsh2021-11-29
| | | | | | Helps Document https://github.com/containers/podman/issues/10116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #12371 from jakub-dzon/env-config-mapsOpenShift Merge Robot2021-11-23
|\ | | | | Support env variables based on ConfigMaps sent in payload
| * Support env variables based on ConfigMaps sent in payloadJakub Dzon2021-11-23
| | | | | | | | | | | | Fixes #12363 Signed-off-by: Jakub Dzon <jdzon@redhat.com>
* | Merge pull request #12377 from markzhang1996/patch-1OpenShift Merge Robot2021-11-23
|\ \ | |/ |/| [CI:DOCS] Update basic_networking.md
| * Update basic_networking.mdMark Zhang2021-11-23
| | | | | | | | | | | | Correct a missing link in basic networking tutorial. Signed-off-by: Mark Zhang <markzhang1994@gmail.com>
* | generate systemd: add --start-timeout flagValentin Rothberg2021-11-23
| | | | | | | | | | | | | | | | | | Add a new flag to set the start timeout for a generated systemd unit. To make naming consistent, add a new --stop-timeout flag as well and let the previous --time map to it. Fixes: #11618 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #12301 from umohnani8/tableOpenShift Merge Robot2021-11-22
|\ \ | | | | | | Add note about volume with unprivileged container
| * | Add note about volume with unprivileged containerUrvashi Mohnani2021-11-21
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Add a note to the generated kube yaml if we detect a volume is being mounted. The note lets the user know what needs to be done to avoid permission denied error when trying to access the volume for an unprivileged container. Add the same note to the man pages. NO NEW TESTS NEEDED Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | [CI:DOCS] Update notes on java TZ in man pageUrvashi Mohnani2021-11-22
| | | | | | | | Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #12373 from TomSweeneyRedHat/dev/tsweeney/jdocOpenShift Merge Robot2021-11-22
|\ \ | | | | | | [CI:DOCS] Add java TZ note to run manpage
| * | [CI:DOCS] Add java TZ note to run manpageTomSweeneyRedHat2021-11-19
| |/ | | | | | | | | | | | | | | | | Add a note to show how to workaround the `--tz` option being ignored in the run command. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1984251 Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* / Use same runtime to restore a container as during checkpointingAdrian Reber2021-11-19
|/ | | | | | | | | | | | | | | | | | | | | | There are at least two runtimes that support checkpoint and restore: runc and crun. Although the checkpoints created by these are almost compatible, it is not (yet) possible to restore a checkpoint created with one runtime with the other runtime. To make checkpoint/restore usage more comfortable this adds code to look into the checkpoint archive during restore and to set the runtime to the one used during checkpointing. This also adds a check, if the user explicitly sets a runtime during restore, that the runtime is also the same as used during checkpointing. If a different runtime is selected than the one used during checkpointing the restore will fail early. If runc and crun will create compatible checkpoints in the future the check can be changed to treat crun and runc as compatible checkpoint/restore runtimes. Signed-off-by: Adrian Reber <areber@redhat.com>
* Merge pull request #12311 from of2x/patch-1OpenShift Merge Robot2021-11-19
|\ | | | | [CI:DOCS] upload a translation file
| * [CI:DOCS]upload a translation file二氟化氧2021-11-19
| | | | | | | | | | | | a tranlastion for the podman_tutorial.md Signed-off-by: sixways <lw.2675@qq.com>
* | Merge pull request #12354 from Luap99/exit-commandOpenShift Merge Robot2021-11-18
|\ \ | | | | | | Do not store the exit command in container config
| * | Do not store the exit command in container configPaul Holzinger2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is a problem with creating and storing the exit command when the container was created. It only contains the options the container was created with but NOT the options the container is started with. One example would be a CNI network config. If I start a container once, then change the cni config dir with `--cni-config-dir` ans start it a second time it will start successfully. However the exit command still contains the wrong `--cni-config-dir` because it was not updated. To fix this we do not want to store the exit command at all. Instead we create it every time the conmon process for the container is startet. This guarantees us that the container cleanup process is startet with the correct settings. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #12298 from giuseppe/idmapped-bind-mountsOpenShift Merge Robot2021-11-18
|\ \ \ | | | | | | | | volumes: add new option idmap
| * | | volumes: add new option idmapGiuseppe Scrivano2021-11-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pass down the "idmap" mount option to the OCI runtime. Needs: https://github.com/containers/crun/pull/780 Closes: https://github.com/containers/podman/issues/12154 [NO NEW TESTS NEEDED] there is no crun version yet that support the new feature. Test case (must run as root): podman run --rm -v foo:/foo alpine touch /foo/bar podman run --uidmap 0:1:1000 --rm -v foo:/foo:idmap alpine ls -l /foo total 0 -rw-r--r-- 1 root root 0 Nov 15 14:01 bar Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Add --file-locks checkpoint/restore optionRadostin Stoyanov2021-11-18
| |/ / |/| | | | | | | | | | | | | | | | | | | | CRIU supports checkpoint/restore of file locks. This feature is required to checkpoint/restore containers running applications such as MySQL. Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
* | | remote checkpoint/restore: more fixesValentin Rothberg2021-11-18
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support `checkpoint --pre-checkpoint` * Support `checkpoint --with-previous` * Disable `restore --import-previous` for the remote client since we had to send two files which in turn would require to tar them up and hence be a breaking change. Podman 4.0 would be the chance and I hope we'll find time before that to remote-restore prettier. Note that I did not run over swagger yet to check whether all parameters are actually documented due to time constraints. Fixes: #12334 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / Add --unsetenv & --unsetenv-all to remove def environment variablesDaniel J Walsh2021-11-15
|/ | | | | | | | | | | | | | | | Podman adds a few environment variables by default, and currently there is no way to get rid of them from your container. This option will allow you to specify which defaults you don't want. --unsetenv-all will remove all default environment variables. Default environment variables can come from podman builtin, containers.conf or from the container image. Fixes: https://github.com/containers/podman/issues/11836 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11076 from boaz0/closes_10275OpenShift Merge Robot2021-11-15
|\ | | | | Support template unit files in podman generate systemd
| * Support template unit files in podman generate systemdBoaz Shuster2021-10-22
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Update man pages for checkpoint/restore --print-statsAdrian Reber2021-11-15
| | | | | | | | | | | | | | This commit updates the man pages for checkpoint and restore to describe the '--print-stats' parameter. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #12270 from rhatdan/authOpenShift Merge Robot2021-11-13
|\ \ | | | | | | --authfile command line argument for image sign command.
| * | --authfile command line argument for image sign command.José Guilherme Vanz2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds the --authfile command line argument to allow users to use alternative authfile paths when signing images. Replaces: https://github.com/containers/podman/pull/10975 Fixes: https://github.com/containers/podman/issues/10866 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12224 from cdoern/scpOpenShift Merge Robot2021-11-12
|\ \ \ | |/ / |/| | Podman Image SCP transfer patch
| * | Podman Image SCP transfer patchcdoern2021-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixed syntax so that podman image scp transfer works with no user specified. This command can only be executed as root so to obtain the default user, I searched for the SUDO_USER environmental variable. If that is not found, we error out and inform the user to set this variable and make sure they are running as root Signed-off-by: cdoern <cdoern@redhat.com> Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
* | | Merge pull request #12193 from yahavi/patch-1OpenShift Merge Robot2021-11-11
|\ \ \ | | | | | | | | [CI:DOCS] Fix Zsh completion command documentation
| * | | Fix Zsh completion command documentationYahav Itzhak2021-11-09
| | | | | | | | | | | | | | | | Signed-off-by: yahavi <yahavi@jfrog.com>
* | | | Merge pull request #12258 from edsantiago/xref_manpages_see_alsoOpenShift Merge Robot2021-11-10
|\ \ \ \ | | | | | | | | | | [CI:DOCS] Add CI check for SEE ALSO in man pages
| * | | | [CI:DOCS] Add CI check for SEE ALSO in man pagesEd Santiago2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new CI check to confirm that links and references in SEE ALSO sections are properly formatted and that links are valid (at least in theory: we do no actual URL fetching to test for 404). The check is piggybacked into existing xref-helpmsgs-manpages script. It could conceivably be more elegant to write a separate tool for this purpose, but I don't wish to duplicate the logic for finding and reading markdown files. Script identified various problems, which I fix in this PR: . missing '**' (asterisks) around some references, or '**' in the wrong place. . links pointing to github.com/.../tree/ instead of /blob/ (github redirects those automatically, but I like consistency) . a few copy-paste errors, e.g. subgid linking to subuid. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Merge pull request #12255 from vrothberg/fix-11970OpenShift Merge Robot2021-11-10
|\ \ \ \ \ | |/ / / / |/| | | | podman load: support downloading files
| * | | | podman load: support downloading filesValentin Rothberg2021-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support downloading files, for instance via `podman load -i server.com/image.tar`. The specified URL is downloaded in the frontend and stored as a temp file that gets passed down to the backend. Also vendor in c/common@main to use the new `pkg/download`. Fixes: #11970 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Add links to all SEE ALSO sectionsDaniel J Walsh2021-11-10
|/ / / / | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Add links to podman build,run, create see alsoDaniel J Walsh2021-11-08
| | | | | | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12213 from flouthoc/system-connection-rm-allOpenShift Merge Robot2021-11-08
|\ \ \ \ | | | | | | | | | | system: Adds support for removing all named destination via `--all`
| * | | | system: Adds support for removing all named destination via --allAditya Rajan2021-11-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds support of dropping all named destination from system connections via `--all`. Closes: https://github.com/containers/podman/issues/12018 Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Merge pull request #11958 from cdoern/scpOpenShift Merge Robot2021-11-08
|\ \ \ \ | | |/ / | |/| | Podman Image SCP rootful to rootless transfer
| * | | Podman Image SCP rootful to rootless transfercdoern2021-11-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added functionality for users to transfer images from root storage to rootless storage without using sshd. This is done through rootful podman by running `sudo podman image scp root@localhost::image user@localhost:: the user is needed in order to find and use their uid/gid to exec a new process. added necessary tests, and functions for this implementation. Created new image function Transfer so that the underlying code is majorly removed from CLI Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Add some information about disabling SELinux when using system volumesDaniel J Walsh2021-11-06
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | A comment was made on internal mailing list about confusion on SELinux labeling of volumes. This PR makes it a little more clear about when you should or should not relabel. We need a similar comment in podman pod create, but it does not support --security-opt processing yet. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | rename rootless cni ns to rootless netnsPaul Holzinger2021-11-05
|/ / | | | | | | | | | | | | | | | | | | | | | | Since we want to use the rootless cni ns also for netavark we should pick a more generic name. The name is now "rootless network namespace" or short "rootless netns". The rename might cause some issues after the update but when the all containers are restarted or the host is rebooted it should work correctly. Signed-off-by: Paul Holzinger <pholzing@redhat.com>