summaryrefslogtreecommitdiff
path: root/pkg/domain/infra/tunnel
Commit message (Collapse)AuthorAge
* Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ | | | | Implement Secrets
| * Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | Bump containers/buildah to v1.19.4Daniel J Walsh2021-02-08
| | | | | | | | | | | | Fix handling of --iidfile to happen on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | add network prunebaude2021-02-06
|/ | | | | | | | | add the ability to prune unused cni networks. filters are not implemented but included both compat and podman api endpoints. Fixes :#8673 Signed-off-by: baude <bbaude@redhat.com>
* Switch podman stop/kill/wait handlers to use abiDaniel J Walsh2021-01-29
| | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: implement remote API for --all and --ignore flags for podman stop implement remote API for --all flags for podman stop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9149 from rhatdan/docsOpenShift Merge Robot2021-01-29
|\ | | | | Podman-remote push can support --format
| * Podman-remote push can support --formatDaniel J Walsh2021-01-29
| | | | | | | | | | | | | | | | Fix man page to document podman push --format fully. Also found that push was not handling the tlsverify so fixed this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9133 from rhatdan/pull1OpenShift Merge Robot2021-01-29
|\ \ | |/ |/| Cleanup bindings for image pull
| * Cleanup bindings for image pullDaniel J Walsh2021-01-27
| | | | | | | | | | | | | | | | | | | | Remove bindings that are not handled over the API. Leaving this one to not use image pull, since this would break progress handling. We should revisit this in the future. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9115 from rhatdan/pullOpenShift Merge Robot2021-01-28
|\ \ | |/ |/| Switch podman image push handlers to use abi
| * Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman-remote ps --external --pod --sort do not work.Daniel J Walsh2021-01-27
|/ | | | | | | | | | Fixup the bindings and the handling of the --external --por and --sort flags. The --storage option was renamed --external, make sure we use external up and down the stack. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix --arch and --os flags to work correctlyDaniel J Walsh2021-01-25
| | | | | | | | | | | | | | | Currently podman implements --override-arch and --overide-os But Podman has made these aliases for --arch and --os. No reason to have to specify --override, since it is clear what the user intends. Currently if the user specifies an --override-arch field but the image was previously pulled for a different Arch, podman run uses the different arch. This PR also fixes this issue. Fixes: https://github.com/containers/podman/issues/8001 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* podman manifest existsPaul Holzinger2021-01-22
| | | | | | Add podman manifest exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9027 from Luap99/podman-volume-existsOpenShift Merge Robot2021-01-21
|\ | | | | Podman volume exists
| * podman volume existsPaul Holzinger2021-01-21
| | | | | | | | | | | | Add podman volume exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Fix handling of container removeDaniel J Walsh2021-01-20
|/ | | | | | | | | | | | | | | | | | | | I found several problems with container remove podman-remote rm --all Was not handled podman-remote rm --ignore Was not handled Return better errors when attempting to remove an --external container. Currently we return the container does not exists, as opposed to container is an external container that is being used. This patch also consolidates the tunnel code to use the same code for removing the container, as the local API, removing duplication of code and potential problems. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9021 from Luap99/podman-network-existsOpenShift Merge Robot2021-01-19
|\ | | | | podman network exists
| * podman network existsPaul Holzinger2021-01-19
| | | | | | | | | | | | Add podman network exists command with remote support. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Add binding options for container|pod existsbaude2021-01-18
|/ | | | | | | | It turns out an options was added to container exists so it makes sense to have pods and container exists calls have an optional structure for options. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8942 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ | | | | Allow podman push to push manifest lists
| * Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Container rename bindingsPaul Holzinger2021-01-15
|/ | | | | | Add bindings and podman-remote support for container rename. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* Reduce general binding binary sizebaude2021-01-13
| | | | | | | | when using the bindings to *only* make a connection, the binary was rough 28MB. This PR reduces it down to 11. There is more work to do but it will come in a secondary PR. Signed-off-by: baude <bbaude@redhat.com>
* Remove the ability to use [name:tag] in podman load commandDaniel J Walsh2021-01-12
| | | | | | | | | | Docker does not support this, and it is confusing what to do if the image has more then one tag. We are dropping support for this in podman 3.0 Fixes: https://github.com/containers/podman/issues/7387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Rework pruning to report reclaimed spaceBaron Lenardson2020-12-30
| | | | | | | | | | | | This change adds code to report the reclaimed space after a prune. Reclaimed space from volumes, images, and containers is recorded during the prune call in a PruneReport struct. These structs are collected into a slice during a system prune and processed afterwards to calculate the total reclaimed space. Closes #8658 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* add --cidfile to container killbaude2020-12-23
| | | | | | | | | Add the ability to read container ids from one or more files for the kill command. Fixes: #8443 Signed-off-by: baude <bbaude@redhat.com>
* SpellingJosh Soref2020-12-22
| | | | Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
* Merge pull request #8724 from bblenard/support-volume-filters-in-system-pruneOpenShift Merge Robot2020-12-22
|\ | | | | Add volume filters to system prune
| * Add volume filters to system pruneBaron Lenardson2020-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | This change was missed in pull/8689. Now that volume pruneing supports filters system pruneing can pass its filters down to the volume pruneing. Additionally this change adds tests for the following components * podman system prune subcommand with `--volumes` & `--filter` options * apiv2 api tests for `/system/` and `/libpod/system` endpoints Relates to #8453, #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | podman v3 container bindingsbaude2020-12-21
|/ | | | | | | convert the golang container bindings to all use options so that changes in the future are more managable. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8747 from vrothberg/run-950OpenShift Merge Robot2020-12-18
|\ | | | | remote copy
| * remote copyValentin Rothberg2020-12-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement `podman-remote cp` and break out the logic from the previously added `pkg/copy` into it's basic building blocks and move them up into the `ContainerEngine` interface and `cmd/podman`. The `--pause` and `--extract` flags are now deprecated and turned into nops. Note that this commit is vendoring a non-release version of Buildah to pull in updates to the copier package. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman v3 pod bindingsbaude2020-12-17
|/ | | | | | add options to each pod binding for future wiggle room Signed-off-by: baude <bbaude@redhat.com>
* misc bindings to podman v3baude2020-12-17
| | | | | | | manifest, system, info, volumes, play, and generate bindings are updated to always have binding options. Signed-off-by: baude <bbaude@redhat.com>
* Podman image bindings for 3.0baude2020-12-15
| | | | | | | | | | | | | | Begin the migration of the image bindings for podman 3.0. this includes the use of options for each binding. build was intentionally not converted as I believe it needs more discussion before migration. specifically, the build options themselves. also noteworthly is that the remove image and remove images bindings were merged into one. the remove images (or batch remove) has one downside in that the errors return no longer adhere to http return codes. this should be discussed and reimplemented in subsequent code. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #8689 from bblenard/issue-8672-volume-pruneOpenShift Merge Robot2020-12-14
|\ | | | | Add volume prune --filter support
| * Add volume prune --filter supportBaron Lenardson2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for the `--filter` / `?filters` arguments on the `podman volume prune` subcommand. * Adds ParseFilterArgumentsIntoFilters helper for consistent Filter string slice handling * Adds `--filter` support to podman volume prune cli * Adds `?filters...` support to podman volume prune api * Updates apiv2 / e2e tests Closes #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | Merge pull request #8688 from rhatdan/startOpenShift Merge Robot2020-12-11
|\ \ | | | | | | Handle --rm when starting a container
| * | Handle --rm when starting a containerDaniel J Walsh2020-12-11
| |/ | | | | | | | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / podman logs honor stderr correctlyPaul Holzinger2020-12-10
|/ | | | | | | | Make the ContainerLogsOptions support two io.Writers, one for stdout and the other for stderr. The logline already includes the information to which Writer it has to be written. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* pkg/copy: add parsing APIValentin Rothberg2020-12-09
| | | | | | | | Add an API for parsing user input into a possibly specified container and path. This allows for sharing the parsing code between the local and the remote client (and bindings) in the future. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ | | | | Implement pod-network-reload
| * Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | generate kube on multiple containersbaude2020-12-07
| | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | rewrite podman-cpValentin Rothberg2020-12-04
|/ | | | | | | | | | | | | | | | | | | | | | | | * Add a new `pkg/copy` to centralize all container-copy related code. * The new code is based on Buildah's `copier` package. * The compat `/archive` endpoints use the new `copy` package. * Update docs and an several new tests. * Includes many fixes, most notably, the look-up of volumes and mounts. Breaking changes: * Podman is now expecting that container-destination paths exist. Before, Podman created the paths if needed. Docker does not do that and I believe Podman should not either as it's a recipe for masking errors. These errors may be user induced (e.g., a path typo), or internal typos (e.g., when the destination may be a mistakenly unmounted volume). Let's keep the magic low for such a security sensitive feature. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #8400 from rhatdan/varlinkOpenShift Merge Robot2020-12-01
|\ | | | | Remove varlink support from podman
| * Remove varlink support from PodmanDaniel J Walsh2020-11-26
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Document docker transport is the only supported remote transportDaniel J Walsh2020-11-29
|/ | | | | | | | | | | | | | | | The goal is to improve errors when users use the wrong transport in certain cases we stutter, in other cases we don't give enough information. Remove stutters when failing to pull remote images, because of lack of support. Fix errors returned by reference.Parse to wrap in image that was being checked. Fixes: https://github.com/containers/podman/issues/7116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>