summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/tunnel
Commit message (Collapse)AuthorAge
* podman start: remove containers configured for auto removalValentin Rothberg2021-07-16
| | | | | | | | | Make sure that containers configured for auto removal (e.g., via `podman create --rm`) are removed in `podman start` if starting the container failed. Fixes: #10935 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* auto-update: make output more user friendlyValentin Rothberg2021-07-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rather raw and scarce output of `podman auto-update` has been a thorn in my eyes for a longer while. So far, Podman would only print updated systemd units, one per line, without further formatting. Motivated by issue #9949 which is asking for some more useful information in combination with a dry-run feature, I sat down and reflected which information may come in handy. Running `podman auto-update` will now look as follows: ``` $ podman auto-update Trying to pull [...] UNIT CONTAINER IMAGE POLICY UPDATED container-test.service 08fd34e533fd (test) localhost:5000/busybox registry false ``` Also refactor the spaghetti code in the backend a bit to make it easier to digest and maintain. For easier testing and for the sake of consistency with other commands listing output, add a `--format` flag. The man page will get an overhaul in a follow up commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10836 from Luap99/diffOpenShift Merge Robot2021-07-03
|\ | | | | podman diff accept two images or containers
| * podman diff accept two images or containersPaul Holzinger2021-07-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, make podman diff accept optionally a second argument. This allows the user to specify a second image/container to compare the first with. If it is not set the parent layer will be used as before. Second, podman container diff should only use containers and podman image diff should only use images. Previously, podman container diff would use the image when both an image and container with this name exists. To make this work two new parameters have been added to the api. If they are not used the previous behaviour is used. The same applies to the bindings. Fixes #10649 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Implement --archive flag for podman cpMatej Vasek2021-07-01
|/ | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* reset: remove external containers on podman system resetflouthoc2021-06-30
| | | | | | [NO TESTS NEEDED] Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* make DriverOpts name consistent.Tino Rusch2021-06-25
| | | | Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* read secret config from config file if no user data.Tino Rusch2021-06-24
| | | | | | | | | | | | feat: read secret config from config file if the user hasn't entered explicit config values feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret create command to allow overriding the default values fix: show driver options in `podman secret inspect` Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
* create: support images with invalid platformValentin Rothberg2021-06-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Much to my regret, there is a number of images in the wild with invalid platforms breaking the platform checks in libimage that want to make sure that a local image is matching the expected platform. Imagine a `podman run --arch=arm64 fedora` with a local amd64 fedora image. We really shouldn't use the local one in this case and pull down the arm64 one. The strict platform checks in libimage in combination with invalid platforms in images surfaced in Podman being able to pull an image but failing to look it up in subsequent presence checks. A `podman run` would hence pull such an image but fail to create the container. Support images with invalid platforms by vendoring the latest HEAD from containers/common. Also remove the partially implemented pull-policy logic from Podman and let libimage handle that entirely. However, whenever --arch, --os or --platform are specified, the pull policy will be forced to "newer". This way, we pessimistically assume that the local image has an invalid platform and we reach out to the registry. If there's a newer image (i.e., one with a different digest), we'll pull it down. Please note that most of the logic has either already been implemented in libimage or been moved down which allows for removing some clutter from Podman. [NO TESTS NEEDED] since c/common has new tests. Podman can rely on the existing tests. Fixes: #10648 Fixes: #10682 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Restart all containers with restart-policy=always on bootBoaz Shuster2021-06-13
| | | | | | | * Add podman-restart systemd unit file and add it to podman RPM package * Fix podman start to filter all containers + unit test Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Drop container does not exist on removal to debugfDaniel J Walsh2021-05-21
| | | | | | | | | | | | | | | | We have race conditions where a container can be removed by two different processes when running podman --remove rm. It can be cleaned up in the API or by the conmon executing podman container cleanup. When we fail to remove a container that does not exists we should not be printing errors or warnings, we should just debug the fact. [NO TESTS NEEDED] Since this is a race condition it is difficult to test. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for podman manifest rm commandDaniel J Walsh2021-05-19
| | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add restart-policy to container filters & --filter to podman startBoaz Shuster2021-05-06
| | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ | | | | add --mac-address to podman play kube
| * add --mac-address to podman play kubePaul Holzinger2021-05-04
| | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | is this a bug?Boaz Shuster2021-05-04
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Add --all to podman startBoaz Shuster2021-05-03
|/ | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Co-authored-by: Ed Santiago <santiago@redhat.com>
* add --ip to podman play kubePaul Holzinger2021-04-16
| | | | | | | | | | Add a new --ip flag to podman play kube. This is used to specify a static IP address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #8442 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9988 from jmguzik/prune-filters-bindings-netOpenShift Merge Robot2021-04-12
|\ | | | | Add network prune filters support to bindings
| * Add network prune filters support to bindingsJakub Guzik2021-04-10
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | podman unshare: add --rootless-cni to join the nsPaul Holzinger2021-04-07
|/ | | | | | | | | | Add a new --rootless-cni option to podman unshare to also join the rootless-cni network namespace. This is useful if you want to connect to a rootless container via IP address. This is only possible from the rootless-cni namespace and not from the host namespace. This option also helps to debug problems in the rootless-cni namespace. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #9445 from jmguzik/no-header-info-for-systemd-generationOpenShift Merge Robot2021-02-22
|\ | | | | No header info for systemd generation
| * --no-header flag implementation for generate systemdJakub Guzik2021-02-22
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | bump go module to v3Valentin Rothberg2021-02-22
|/ | | | | | | | | We missed bumping the go module, so let's do it now :) * Automated go code with github.com/sirkon/go-imports-rename * Manually via `vgrep podman/v2` the rest Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* podman kill should report rawInput not container idDaniel J Walsh2021-02-16
| | | | | | | Docker always reports back the users input, not the full id, we should do the same. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* When stopping a container, print rawInputDaniel J Walsh2021-02-16
| | | | | | | | | | | When we stop a container we are printing the full id, this does not match Docker behaviour or the start behavior. We should be printing the users rawInput when we successfully stop the container. Fixes: https://github.com/containers/podman/issues/9386 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable whitespace linterPaul Holzinger2021-02-11
| | | | | | | | Use the whitespace linter and fix the reported problems. [NO TESTS NEEDED] Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ | | | | Implement Secrets
| * Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | Bump containers/buildah to v1.19.4Daniel J Walsh2021-02-08
| | | | | | | | | | | | Fix handling of --iidfile to happen on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add network prunebaude2021-02-06
|/ | | | | | | | | add the ability to prune unused cni networks. filters are not implemented but included both compat and podman api endpoints. Fixes :#8673 Signed-off-by: baude <bbaude@redhat.com>
* Switch podman stop/kill/wait handlers to use abiDaniel J Walsh2021-01-29
| | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: implement remote API for --all and --ignore flags for podman stop implement remote API for --all flags for podman stop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9149 from rhatdan/docsOpenShift Merge Robot2021-01-29
|\ | | | | Podman-remote push can support --format
| * Podman-remote push can support --formatDaniel J Walsh2021-01-29
| | | | | | | | | | | | | | | | Fix man page to document podman push --format fully. Also found that push was not handling the tlsverify so fixed this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9133 from rhatdan/pull1OpenShift Merge Robot2021-01-29
|\ \ | |/ |/| Cleanup bindings for image pull
| * Cleanup bindings for image pullDaniel J Walsh2021-01-27
| | | | | | | | | | | | | | | | | | | | Remove bindings that are not handled over the API. Leaving this one to not use image pull, since this would break progress handling. We should revisit this in the future. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9115 from rhatdan/pullOpenShift Merge Robot2021-01-28
|\ \ | |/ |/| Switch podman image push handlers to use abi
| * Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman-remote ps --external --pod --sort do not work.Daniel J Walsh2021-01-27
|/ | | | | | | | | | Fixup the bindings and the handling of the --external --por and --sort flags. The --storage option was renamed --external, make sure we use external up and down the stack. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman manifest existsPaul Holzinger2021-01-22
| | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9027 from Luap99/podman-volume-existsOpenShift Merge Robot2021-01-21
|\ | | | | Podman volume exists
| * podman volume existsPaul Holzinger2021-01-21
| | | | | | | | | | | | Add podman volume exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Fix handling of container removeDaniel J Walsh2021-01-20
|/ | | | | | | | | | | | | | | | | | | | I found several problems with container remove podman-remote rm --all Was not handled podman-remote rm --ignore Was not handled Return better errors when attempting to remove an --external container. Currently we return the container does not exists, as opposed to container is an external container that is being used. This patch also consolidates the tunnel code to use the same code for removing the container, as the local API, removing duplication of code and potential problems. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9021 from Luap99/podman-network-existsOpenShift Merge Robot2021-01-19
|\ | | | | podman network exists
| * podman network existsPaul Holzinger2021-01-19
| | | | | | | | | | | | Add podman network exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add binding options for container|pod existsbaude2021-01-18
|/ | | | | | | | It turns out an options was added to container exists so it makes sense to have pods and container exists calls have an optional structure for options. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8942 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ | | | | Allow podman push to push manifest lists