| Commit message (Collapse) | Author | Age |
|\
| |
| | |
Implement Secrets
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Fix handling of --iidfile to happen on the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
add the ability to prune unused cni networks. filters are not implemented
but included both compat and podman api endpoints.
Fixes :#8673
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
implement remote API for --all and --ignore flags for podman stop
implement remote API for --all flags for podman stop
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
Podman-remote push can support --format
|
| |
| |
| |
| |
| |
| |
| |
| | |
Fix man page to document podman push --format fully.
Also found that push was not handling the tlsverify so fixed this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Cleanup bindings for image pull
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Remove bindings that are not handled over the API.
Leaving this one to not use image pull, since this would
break progress handling. We should revisit this in the
future.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Switch podman image push handlers to use abi
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change API Handlers to use the same functions that the
local podman uses.
At the same time:
Cleanup and pass proper bindings. Remove cli options from
podman-remote push. Cleanup manifest push.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
Fixup the bindings and the handling of the --external --por and --sort
flags.
The --storage option was renamed --external, make sure we use
external up and down the stack.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently podman implements --override-arch and --overide-os
But Podman has made these aliases for --arch and --os. No
reason to have to specify --override, since it is clear what
the user intends.
Currently if the user specifies an --override-arch field but the
image was previously pulled for a different Arch, podman run uses
the different arch. This PR also fixes this issue.
Fixes: https://github.com/containers/podman/issues/8001
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
| |
Add podman manifest exists command with remote support.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|\
| |
| | |
Podman volume exists
|
| |
| |
| |
| |
| |
| | |
Add podman volume exists command with remote support.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I found several problems with container remove
podman-remote rm --all
Was not handled
podman-remote rm --ignore
Was not handled
Return better errors when attempting to remove an --external container.
Currently we return the container does not exists, as opposed to container
is an external container that is being used.
This patch also consolidates the tunnel code to use the same code for
removing the container, as the local API, removing duplication of code
and potential problems.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
podman network exists
|
| |
| |
| |
| |
| |
| | |
Add podman network exists command with remote support.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|/
|
|
|
|
|
|
| |
It turns out an options was added to container exists so it makes sense
to have pods and container exists calls have an optional structure for
options.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Allow podman push to push manifest lists
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When doing a podman images, manifests lists look just like images, so
it is logical that users would assume that they can just podman push them
to a registry. The problem is we throw out weird errors when this happens
and users need to somehow figure out this is a manifest list rather then
an image, and frankly the user will not understand the difference.
This PR will make podman push just do the right thing, by failing over and
attempting to push the manifest if it fails to push the image.
Fix up handling of manifest push
Protocol should bring back a digest string, which can either be
printed or stored in a file.
We should not reimplement the manifest push setup code in the tunnel
code but take advantage of the api path, to make sure remote and local
work the same way.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
| |
Add bindings and podman-remote support for container rename.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basic theory: We remove the container, but *only from the DB*.
We leave it in c/storage, we leave the lock allocated, we leave
it running (if it is). Then we create an identical container with
an altered name, and add that back to the database. Theoretically
we now have a renamed container.
The advantage of this approach is that it doesn't just apply to
rename - we can use this to make *any* configuration change to a
container that does not alter its container ID.
Potential problems are numerous. This process is *THOROUGHLY*
non-atomic at present - if you `kill -9` Podman mid-rename things
will be in a bad place, for example. Also, we can't rename
containers that can't be removed normally - IE, containers with
dependencies (pod infra containers, for example).
The largest potential improvement will be to move the majority of
the work into the DB, with a `RecreateContainer()` method - that
will add atomicity, and let us remove the container without
worrying about depencies and similar issues.
Potential problems: long-running processes that edit the DB and
may have an older version of the configuration around. Most
notable example is `podman run --rm` - the removal command needed
to be manually edited to avoid this one. This begins to get at
the heart of me not wanting to do this in the first place...
This provides CLI and API implementations for frontend, but no
tunnel implementation. It will be added in a future release (just
held back for time now - we need this in 3.0 and are running low
on time).
This is honestly kind of horrifying, but I think it will work.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|
|
|
|
|
|
|
| |
when using the bindings to *only* make a connection, the binary was
rough 28MB. This PR reduces it down to 11. There is more work to do
but it will come in a secondary PR.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Docker does not support this, and it is confusing what to do if
the image has more then one tag. We are dropping support for this
in podman 3.0
Fixes: https://github.com/containers/podman/issues/7387
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds code to report the reclaimed space after a prune.
Reclaimed space from volumes, images, and containers is recorded
during the prune call in a PruneReport struct. These structs are
collected into a slice during a system prune and processed afterwards
to calculate the total reclaimed space.
Closes #8658
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Add the ability to read container ids from one or more files for the
kill command.
Fixes: #8443
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
| |
Signed-off-by: Josh Soref <jsoref@users.noreply.github.com>
|
|\
| |
| | |
Add volume filters to system prune
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change was missed in pull/8689. Now that volume pruneing supports
filters system pruneing can pass its filters down to the volume
pruneing. Additionally this change adds tests for the following components
* podman system prune subcommand with `--volumes` & `--filter` options
* apiv2 api tests for `/system/` and `/libpod/system` endpoints
Relates to #8453, #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
|/
|
|
|
|
|
| |
convert the golang container bindings to all use options so that changes
in the future are more managable.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
remote copy
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Implement `podman-remote cp` and break out the logic from the previously
added `pkg/copy` into it's basic building blocks and move them up into
the `ContainerEngine` interface and `cmd/podman`.
The `--pause` and `--extract` flags are now deprecated and turned into
nops.
Note that this commit is vendoring a non-release version of Buildah to
pull in updates to the copier package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|/
|
|
|
|
| |
add options to each pod binding for future wiggle room
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
manifest, system, info, volumes, play, and generate bindings are
updated to always have binding options.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Begin the migration of the image bindings for podman 3.0. this includes
the use of options for each binding. build was intentionally not
converted as I believe it needs more discussion before migration.
specifically, the build options themselves.
also noteworthly is that the remove image and remove images bindings
were merged into one. the remove images (or batch remove) has one
downside in that the errors return no longer adhere to http return
codes. this should be discussed and reimplemented in subsequent code.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
Add volume prune --filter support
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes #8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
|
|\ \
| | |
| | | |
Handle --rm when starting a container
|
| |/
| |
| |
| |
| |
| |
| | |
podman start should follow the same behaviour as podman run when removing a
container.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
| |
Make the ContainerLogsOptions support two io.Writers,
one for stdout and the other for stderr. The logline already
includes the information to which Writer it has to be written.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
|
|
|
|
|
|
|
| |
Add an API for parsing user input into a possibly specified container
and path. This allows for sharing the parsing code between the local
and the remote client (and bindings) in the future.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Implement pod-network-reload
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
add the ability to add multiple containers into a single k8s pod
instead of just one.
also fixed some bugs in the resulting yaml where an empty service
description was being added on error causing the k8s validation to fail.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add a new `pkg/copy` to centralize all container-copy related code.
* The new code is based on Buildah's `copier` package.
* The compat `/archive` endpoints use the new `copy` package.
* Update docs and an several new tests.
* Includes many fixes, most notably, the look-up of volumes and mounts.
Breaking changes:
* Podman is now expecting that container-destination paths exist.
Before, Podman created the paths if needed. Docker does not do
that and I believe Podman should not either as it's a recipe for
masking errors. These errors may be user induced (e.g., a path
typo), or internal typos (e.g., when the destination may be a
mistakenly unmounted volume). Let's keep the magic low for such
a security sensitive feature.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Remove varlink support from podman
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The goal is to improve errors when users use the wrong transport
in certain cases we stutter, in other cases we don't give enough
information.
Remove stutters when failing to pull remote images, because of
lack of support.
Fix errors returned by reference.Parse to wrap in image that was being
checked.
Fixes: https://github.com/containers/podman/issues/7116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|