| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
[NO NEW TESTS NEEDED]
Fixes: https://github.com/containers/podman/issues/15925
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changes since 2022-09-09:
- man page: add --skip-unused-stages (buildah 4249)
- man page: bring in new Note for --cache-ttl (4248)
- system tests: de-stutter (4205)
- (internal): in skip() applier: escape asterisk, otherwise
the "bud with --dns* flags" sed expression never applies.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Replace deprecated ioutil
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Package `io/ioutil` was deprecated in golang 1.16, preventing podman from
building under Fedora 37. Fortunately, functionality identical
replacements are provided by the packages `io` and `os`. Replace all
usage of all `io/ioutil` symbols with appropriate substitutions
according to the golang docs.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |\ \
| |/
|/| |
Add labels to secrets
|
| | |
| |
| |
| |
| |
| |
| | |
Add --label/-l label flag to secret create, and show labels when
inspecting secrets. Also allow labeling secrets via libpod/compat API.
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |\ \
| | |
| | | |
remote: checkpoint --export prints a rawInput or an error on remote
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This commit fixes `container checkpoint --export`
to print a rawInput or an error.
Fixes: #15743
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Docker compatibility: cap the memory limit reported by the cgroup to
the maximum available memory.
Closes: https://github.com/containers/podman/issues/15765
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/ /
| |
| |
| |
| |
| | |
and make sure it is not set for cgroup v2
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| |/
|/| |
Ensure that the DF endpoint updated volume refcount
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The field was already exposed already in the `system df` output
so this just required a bit of plumbing and testing.
As part of this, fix `podman systemd df` volume in-use logic.
Previously, volumes were only considered to be in use if the
container using them was running. This does not match Docker's
behavior, where a volume is considered in use as long as a
container exists that uses the volume, even if said container is
not running.
Fixes #15720
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |\ \
| | |
| | | |
Fix stutters
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman adds an Error: to every error message. So starting an error
message with "error" ends up being reported to the user as
Error: error ...
This patch removes the stutter.
Also ioutil.ReadFile errors report the Path, so wrapping the err message
with the path causes a stutter.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
| |
`os.ReadDir` was added in Go 1.16 as part of the deprecation of `ioutil`
package. It is a more efficient implementation than `ioutil.ReadDir`.
Reference: https://pkg.go.dev/io/ioutil#ReadDir
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerStopLibpod "all" query doesn't exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\
| |
| | |
Add generate systemd -e/--env option
|
| | |
| |
| |
| |
| |
| |
| |
| | |
-e/--env option sets environment variables to the systemd unit files.
Fixes: #15523
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |/
|
|
|
|
|
|
|
|
|
| |
* ContainerKillLibpod "signal" query default is SIGKILL.
* ContainerListLibpod "namespace" query is failed to show.
* SecretListLibpod parameters is duplicated.
* SecretList parameters is duplicated.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
podman update allows users to change the cgroup configuration of an existing container using the already defined resource limits flags
from podman create/run. The supported flags in crun are:
this command is also now supported in the libpod api via the /libpod/containers/<CID>/update endpoint where
the resource limits are passed inthe request body and follow the OCI resource spec format
–memory
–cpus
–cpuset-cpus
–cpuset-mems
–memory-swap
–memory-reservation
–cpu-shares
–cpu-quota
–cpu-period
–blkio-weight
–cpu-rt-period
–cpu-rt-runtime
-device-read-bps
-device-write-bps
-device-read-iops
-device-write-iops
-memory-swappiness
-blkio-weight-device
resolves #15067
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`podman-remote` and Libpod API does not supports build with
`--userns=auto` since `IDMappingOptions` were not implemented for API
and bindings, following PR implements passing `IDMappingOptions` via
bindings to API.
Closes: https://github.com/containers/podman/issues/15476
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Change only the compat API, so we don't force a breaking change
on Libpod API users.
Partial fix for #15485
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |\
| | |
| | | |
run,create: add support for `--env-merge` for preprocessing default environment variables
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Request object has its own context which must be used during a request
lifetime instead of just context.Background()
[NO NEW TESTS NEEDED]
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| | |
Refactor ImagesPull the same way the ImagesPush and ManifestPush are
done.
[NO NEW TESTS NEEDED]
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| | |\
| | |
| | | |
sort hc.Binds returned from compat api
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Josh Patterson <josh.patterson@securityonionsolutions.com>
|
| |\
| |
| | |
Add "podman kube generate" command
|
| | |
| |
| |
| |
| |
| |
| |
| | |
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| |\ \
| | |
| | | |
remote manifest push: show copy progress
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`podman-remote manifest push` has shown absolutely no progress at all.
Fix that by doing the same as the remote-push code does.
Like remote-push, `quiet` parameter is true by default for backwards
compatibility.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
|
| |\ \
| |/
|/| |
fix LogConfig type for libpod API
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
our native API was consuming the docker compat type for the API since the two have the exact same name. Fix this by renaming
LogConfig to LogConfigLibpod
resolves #15138
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |/
|
|
|
|
|
| |
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
| |
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When podman kube play was added the endpoint for the kube play/play kube
commands was switched from the "play kube" endpoint to the new "kube play"
endpoint. This caused issues with the remote client, requiring the need
to use the "play kube" endpoint again in order to avoid these issues.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
local/remote mode.
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes #15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
|
| |
|
|
| |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |\
| |
| | |
API: libpod/create use correct default umask
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure containers created via API have the correct umask from
containers.conf set.
Fixes #15036
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| |/
|/| |
compat api: allow default bridge name for networks
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix some network option parsing logic to use constants.
Always use the isolate option since this is what docker does.
Remove the icc option, this is different from isolate and it is not
implemented.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Docker uses "bridge" as default network name so some tools expect this
to work with network list or inspect. To fix this we change "bridge" to
the podman default ("podman") name.
Fixes #14983
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
Compat API: unify pull/push and add missing progress info
|
