aboutsummaryrefslogtreecommitdiff
path: root/docs
Commit message (Collapse)AuthorAge
* Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
| | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Merge pull request #11074 from vrothberg/auto-update-rollbackopenshift-ci[bot]2021-08-06
|\ | | | | auto-update: simple rollback
| * auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | | | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ \ | |/ |/| implement init containers in podman
| * implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #10973 from rhatdan/quotaopenshift-ci[bot]2021-08-04
|\ \ | | | | | | Support size options on builtin volumes
| * | Support size and inode options on builtin volumesDaniel J Walsh2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Since it is difficult to setup xfs quota Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982164 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | stats: add a interval parameter to cli and api stats streaming
| * | | stats: add a interval parameter to cli and api stream modeThomas Weber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman stats polled by default in a 1 sec period. This can put quite some load on a machine if you run many containers. The default value is now 5 seconds. You can change this interval with a new, optional, --interval, -i cli flag. The api request got also a interval query parameter for the same purpose. Additionally a unused const was removed. Api and cli will fail the request if a 0 or negative value is passed in. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | | | Merge pull request #11091 from Luap99/connect-disconnectopenshift-ci[bot]2021-08-03
|\ \ \ \ | | | | | | | | | | fix rootless port forwarding with network dis-/connect
| * | | | fix rootless port forwarding with network dis-/connectPaul Holzinger2021-08-03
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / | | image scp: fix typo in outputValentin Rothberg2021-08-03
|/ / / | | | | | | | | | | | | | | | | | | | | | s/Loaded images(s)/Loaded image(s)/ [NO TESTS NEEDED] (I think we should test the output at some point) Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10828 from cdoern/scpopenshift-ci[bot]2021-08-02
|\ \ \ | |_|/ |/| | Created image scp feature
| * | Created scp.go image_scp_test.go and podman-image-scp.1.mdcdoern2021-07-30
| |/ | | | | | | | | | | | | | | added functionality for image secure copying from local to remote. Also moved system connection add code around a bit so functions within that file can be used by scp. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11066 from infiniteregrets/cp-mdOpenShift Merge Robot2021-07-28
|\ \ | | | | | | [CI:DOCS] Update podman-cp manpage
| * | [CI:DOCS] Update podman-cp manpageMehul Arora2021-07-28
| | | | | | | | | | | | Signed-off-by: Mehul Arora <aroram18@mcmaster.ca>
* | | Merge pull request #10910 from ↵OpenShift Merge Robot2021-07-28
|\ \ \ | |/ / |/| | | | | | | | adrianreber/2021-07-12-checkpoint-restore-into-pod Add support for checkpoint/restore into and out of pods
| * | Support checkpoint/restore with podsAdrian Reber2021-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds support to checkpoint containers out of pods and restore container into pods. It is only possible to restore a container into a pod if it has been checkpointed out of pod. It is also not possible to restore a non pod container into a pod. The main reason this does not work is the PID namespace. If a non pod container is being restored in a pod with a shared PID namespace, at least one process in the restored container uses PID 1 which is already in use by the infrastructure container. If someone tries to restore container from a pod with a shared PID namespace without a shared PID namespace it will also fail because the resulting PID namespace will not have a PID 1. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | support container to container copyMehul Arora2021-07-27
|/ / | | | | | | | | | | | | | | | | Implement container to container copy. Previously data could only be copied from/to the host. Fixes: #7370 Co-authored-by: Mehul Arora <aroram18@mcmaster.ca> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10861 from jmguzik/until-prune-volume-cmdOpenShift Merge Robot2021-07-27
|\ \ | | | | | | Add prune until filter test for podman volume cli
| * | Add prune until filter test for podman volume cliJakub Guzik2021-07-26
| | | | | | | | | | | | | | | | | | | | | | | | This commit follows work started in #10756. Changes made in #11015 enabled cli support for volume prune --filter until. Adding e2e test closes #10579. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | refine dangling checksValentin Rothberg2021-07-26
|/ / | | | | | | | | | | | | | | | | | | | | | | | | By proxy by vendoring containers/common. Previously, a "dangling" image was an untagged image; just a described in the Docker docs. The definition of dangling has now been refined to an untagged image without children to be compatible with Docker. Further update a redundant image-prune test. Fixes: #10998 Fixes: #10832 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10996 from cdoern/untilLogOpenShift Merge Robot2021-07-24
|\ \ | | | | | | Implemented --until flag for Libpod's Container Logs
| * | Implemented --until flag for libpod's container logscdoern2021-07-22
| |/ | | | | | | | | | | | | compat containers/logs was missing actual usage of until query param. This led me to implement the until param for libpod's container logs as well. Added e2e tests. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11013 from hshiina/cgroupsv2OpenShift Merge Robot2021-07-22
|\ \ | | | | | | [CI:DOCS] Add notes to flags not supported on cgroups V2
| * | Add notes to flags not supported on cgroups V2Hironori Shiina2021-07-21
| | | | | | | | | | | | | | | | | | Clarify what flags are not supported on cgroups V2 in documentation. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | | Merge pull request #11015 from jmguzik/until-list-volumeOpenShift Merge Robot2021-07-22
|\ \ \ | | | | | | | | Add until filter to volume ls filters list
| * | | Add until filter to volume ls filters listJakub Guzik2021-07-22
| | |/ | |/| | | | | | | | | | | | | | | | As a conclusion of a discussion in #10861, until filter is added by this commit to volume ls filters. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #11008 from dpward/mainOpenShift Merge Robot2021-07-21
|\ \ \ | |_|/ |/| | [CI:DOCS] Fix GitHub URL to Podman logo
| * | [CI:DOCS] Fix GitHub URL to Podman logoDavid Ward2021-07-21
| |/ | | | | | | | | | | The Podman logo is not rendered on docs.podman.io with the current URL. Signed-off-by: David Ward <david.ward@ll.mit.edu>
* / [CI:DOCS] refine the runlabel man pageValentin Rothberg2021-07-20
|/ | | | | | | | | | | | * Write a description to outline the scope and mechanism of runlabel. * Describe the variables/attributes that we want to be used. * Do not describe the --optN or OPTN flags/variables since they are already hidden flags and date back to the Atomic days. * Update references to other man pages. * Remove unsupported variables (e.g., SUDO_*) which caused confusion. Fixes: #10799 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* systemd: require network*-online*.targetValentin Rothberg2021-07-16
| | | | | | | | | Require the network to be online in all (generated) systemd units to make sure that containers and Podman run only after the network has been fully configured. Fixes: #10655 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* --infra-name command line argumentJosé Guilherme Vanz2021-07-15
| | | | | | | | | Adds the new --infra-name command line argument allowing users to define the name of the infra container Issue #10794 Signed-off-by: José Guilherme Vanz <jvanz@jvanz.com>
* Merge pull request #10894 from cdoern/pidPodOpenShift Merge Robot2021-07-15
|\ | | | | podman pod create --pid flag
| * podman pod create --pid flagcdoern2021-07-15
| | | | | | | | | | | | | | | | added support for --pid flag. User can specify ns:file, pod, private, or host. container returns an error since you cannot point the ns of the pods infra container to a container outside of the pod. Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #10940 from tartina/doctypoOpenShift Merge Robot2021-07-15
|\ \ | | | | | | [CI:DOCS] Correct a typo in documentation
| * | Correct a typo in documentationGuido Aulisi2021-07-15
| | | | | | | | | | | | Signed-off-by: Guido Aulisi <guido.aulisi@gmail.com>
* | | auto-update: add --dry-runValentin Rothberg2021-07-15
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a --dry-run flag to `podman auto-update` which will look for new images but won't perform any pull or restart any service or container. The "UPDATED" column will now indicate the availability of a newer image via "pending". ``` $ podman auto-update --dry-run UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Fixes: #9949 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #10909 from rhatdan/docsOpenShift Merge Robot2021-07-14
|\ \ | | | | | | [CI:DOCS] Fix up documentation of the userns audit flag
| * | Fix up documentation of the userns audit flagDaniel J Walsh2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add reference to the `containers` user in the /etc/subuid and /etc/subgid files. Fixes: https://github.com/containers/podman/issues/10906 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | auto-update: make output more user friendlyValentin Rothberg2021-07-14
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rather raw and scarce output of `podman auto-update` has been a thorn in my eyes for a longer while. So far, Podman would only print updated systemd units, one per line, without further formatting. Motivated by issue #9949 which is asking for some more useful information in combination with a dry-run feature, I sat down and reflected which information may come in handy. Running `podman auto-update` will now look as follows: ``` $ podman auto-update Trying to pull [...] UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Also refactor the spaghetti code in the backend a bit to make it easier to digest and maintain. For easier testing and for the sake of consistency with other commands listing output, add a `--format` flag. The man page will get an overhaul in a follow up commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Restore headers of optional information in 'podman pod ps'Hironori Shiina2021-07-09
| | | | | | | | | | | | | | | | | | When optional information such as container IDs and names in pods, the headers are not displayed. This fix restored the headers. Documentation of this subcommand is also updated. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | Merge pull request #10892 from rugk/patch-2OpenShift Merge Robot2021-07-09
|\ \ | | | | | | [CI:DOCS] Mention new hostname for loopback IP
| * | Mention new hostname for loopback IPrugk2021-07-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hostname `host.containers.internal` is way easier to remember and should IMHO be preferred to be used, as it is: a) easier to remember than some random IP b) if the IP changes some time in the future the container will continue to work And explain hostname adding in more detail As per @mheon's suggestion. And explain hostname adding *reason* Also implies an suggestion for using the hostname instead. And port change from podman-create man page to podman-run, too Signed-off-by: rugk <rugk+git@posteo.de>
* | | Merge pull request #10872 from ebb-earl-co/rootless_tutorial_revisionOpenShift Merge Robot2021-07-09
|\ \ \ | | | | | | | | [CI:DOCS] Update docs/tutorials/rootless_tutorial.md:
| * | | Update docs/tutorials/rootless_tutorial.md:Colin Eberl Coe2021-07-08
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Change references of 'master' to 'main' in URLs e.g. https://github.com/containers/podman/blob/main/install.md * Wrap names of files or programs by '`' e.g. `dnf`, `containers.conf`, `/etc/subuid`, etc. * Change sentence with ambiguous subject to 'Root privileges are required to add or update entries within these files' * Link to kernel.org documentation for the `getpwent` command * Change sentence: 'Note that the values for each user must be unique ~and without any overlap~' * Make references to the Podman project upper-case instead of lower-case * Reorder sentence 'Update the `/etc/subuid` and `/etc/subgid` with fields for each user' to emphasize 'For each user' * Remove reference to asciiart demos and update README.md link Signed-off-by: Colin Eberl Coe <ebb-earl-co@pm.me>
* | | fix: logo not loading after barnch renamingrugk2021-07-09
| |/ |/| | | | | | | | | You've renamed your branch from master to main and thus this URL here did not work anymore and caused a glitch in displaying the image in the docs. Signed-off-by: rugk <rugk+git@posteo.de>
* | Replace old RESTful tutorial with updated READMEBrent Baude2021-07-07
|/ | | | | | | | | | | Remove outdated information on go bindings. Moved the tips for debugging into the REAME and tidied up relevant links. Fixes: #9334 [CI_DOCS] [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #10788 from infiniteregrets/multi-pullOpenShift Merge Robot2021-07-06
|\ | | | | support pulling multiple images sequentially in a single podman pull