aboutsummaryrefslogtreecommitdiff
path: root/pkg/domain
Commit message (Collapse)AuthorAge
* Merge pull request #15108 from mtrmac/sigstore-signOpenShift Merge Robot2022-08-01
|\ | | | | Sigstore sign
| * Add support for creating sigstore signatures, and providing passphrasesMiloslav Trmač2022-07-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Allow creating sigstore signatures via --sign-by-sigstore-private-key . Like existing --sign-by, it does not work remote (in this case because we would have to copy the private key to the server). - Allow passing a passphrase (which is mandatory for sigstore private keys) via --sign-passphrase-file; if it is not provided, prompt interactively. - Also, use that passphrase for --sign-by as well, allowing non-interactive GPG use. (But --sign-passphrase-file can only be used with _one of_ --sign-by and --sign-by-sigstore-private-key.) Note that unlike the existing code, (podman build) does not yet implement sigstore (I'm not sure why it needs to, it seems not to push images?) because Buildah does not expose the feature yet. Also, (podman image sign) was not extended to support sigstore. The test for this follows existing (podman image sign) tests and doesn't work rootless; that could be improved by exposing a registries.d override option. The test for push is getting large; I didn't want to start yet another registry container, but that would be an alternative. In the future, Ginkgo's Ordered/BeforeAll would allow starting a registry once and using it for two tests. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | Add flag "--compression-format" to "podman manifest push" both in ↵Romain Geissler2022-07-30
|/ | | | | | | | | local/remote mode. Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push". Closes #15109. Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
* With --rm option remove container if podman run failsDaniel J Walsh2022-07-28
| | | | | | Fixes https://github.com/containers/podman/issues/15049 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #15034 from sstosh/manifest-push-rmOpenShift Merge Robot2022-07-27
|\ | | | | Fix: manifest push --rm removes a correct manifest list
| * Fix: manifest push --rm removes a correct manifest listToshiki Sonoda2022-07-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug is reproduced when we execute the following command: 1. podman manifest add <manifest list> <images exist on local storage> 2. podman manifest push --rm <manifest list> dir:<directory> If pushing succeeds, it is expected to remove only a manifest list. However, manifest list remains on local storage and images are removed. This commit fixes `podman manifest push --rm` to remove only a manifest list. And, supports `manifest push --rm option` in remote environment, like host environment. Fixes: https://github.com/containers/podman/issues/15033 Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | prune filter handlingCharlie Doern2022-07-25
|/ | | | | | | | | network and container prune could not handle the label!=... filter. vendor in c/common to fix this and add some podman level handling to make everything run smoothly resolves #14182 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Merge pull request #14967 from sstosh/pause-optionOpenShift Merge Robot2022-07-22
|\ | | | | Add pause/unpause --latest, --cidfile, --filter
| * Add pause/unpause --latest, --cidfile, --filterToshiki Sonoda2022-07-20
| | | | | | | | | | | | | | | | --latest : pause/unpause the latest container. --filter : pause/unpause the filtered container. --cidfile : Read container ID from the specified file and pause/unpause the container. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | Merge pull request #14567 from cdoern/secretsOpenShift Merge Robot2022-07-22
|\ \ | | | | | | Implement kubernetes secret handling for podman play kube
| * | kube secret handling for podman play kubecdoern2022-07-20
| |/ | | | | | | | | | | | | | | | | | | | | add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file. Kubernetes secrets have a different structure than podman and therefore have to be handeled differently. In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets to come! resolves #12396 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #15010 from Luap99/machine-e2eOpenShift Merge Robot2022-07-22
|\ \ | | | | | | enable linter for pkg/machine/e2e
| * | pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | remote push: show copy progressValentin Rothberg2022-07-21
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman-remote push` has shown absolutely no progress at all. Fix that by doing essentially the same as the remote-pull code does. The get-free-out-of-jail-card for backwards compatibility is to let the `quiet` parameter default to true. Since the --quioet flag wasn't working before either, older Podman clients do not set it. Also add regression tests to make sure we won't regress again. Fixes: #11554 Fixes: #14971 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14977 from umohnani8/initOpenShift Merge Robot2022-07-20
|\ \ | |/ |/| Update init ctr default for play kube
| * Update init ctr default for play kubeUrvashi Mohnani2022-07-20
| | | | | | | | | | | | | | | | | | Update the init container type default to once instead of always to match k8s behavior. Add a new annotation that can be used to change the init ctr type in the kube yaml. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | "pod pause/unpause/stop" append "report.Errs" to "reports"Toshiki Sonoda2022-07-19
|/ | | | | | | | | | There is a possibility that podman does not output expected error message. (e.g. When pause rootless cgroups v1 container on host) This problem is solved by appending `report.Errs` to `reports` before `continue`. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* Podman stop --filter flagKarthik Elango2022-07-14
| | | | | | | Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango <kelango@redhat.com>
* Add "podman kube play" cmdNiall Crowe2022-07-13
| | | | | | | | | | | The "podman kube play" command is designed to be a replacement for the "podman play kube" command. It performs the same function as "play kube" while also still working with the same flags and options. The "podman play kube" command is still functional as an alias of "kube play". Closes #12475 Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* abi: create new cgroup when running in a containerGiuseppe Scrivano2022-07-13
| | | | | | | | | | | if podman is running in the root cgroup, it will create a new subcgroup and move itself there. [NO NEW TESTS NEEDED] it needs nested podman Closes: https://github.com/containers/podman/issues/14884 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* podman: always call into SetupRootlessGiuseppe Scrivano2022-07-13
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #14181 from umohnani8/kube-hostnameopenshift-ci[bot]2022-07-11
|\ | | | | Add ports and hostname correctly in kube yaml
| * Add ports and hostname correctly in kube yamlUrvashi Mohnani2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | If a pod is created without net sharing, allow adding separate ports for each container to the kube yaml and also set the pod level hostname correctly if the uts namespace is not being shared. Add a warning if the default namespace sharing options have been modified by the user. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | Merge pull request #14826 from sstosh/net-pruneopenshift-ci[bot]2022-07-11
|\ \ | | | | | | Refactored networkPrune function
| * | Refactored networkPrune functionToshiki Sonoda2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Refactored the networkPrune function to improve readability. This commit changes the `networkPrune` function to use the `PrintNetworkPruneResults` function. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | | Merge pull request #14818 from rhatdan/waitopenshift-ci[bot]2022-07-11
|\ \ \ | | | | | | | | podman wait can take multiple conditions
| * | | podman wait can take multiple conditionsDaniel J Walsh2022-07-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman wait should not be defaulting to just stopped. By default wait API waits for stopped and exited. We should not override this on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #14839 from saschagrunert/errors-pkgopenshift-ci[bot]2022-07-08
|\ \ \ \ | |/ / / |/| | | pkg: switch to golang native error wrapping
| * | | pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* / / pkg/machine/e2e: do not import from cmd/podmanPaul Holzinger2022-07-07
|/ / | | | | | | | | | | | | | | | | | | | | It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* / use c/common code for resize and CopyDetachablePaul Holzinger2022-07-06
|/ | | | | | | | | Since conmon-rs also uses this code we moved it to c/common. Now podman should has this also to prevent duplication. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #14370 from umohnani8/todoopenshift-ci[bot]2022-07-05
|\ | | | | Fix podman pod unpause TODO
| * Fix podman pod unpaue TODOUrvashi Mohnani2022-07-05
| | | | | | | | | | | | | | | | | | | | | | Update the podman pod unpause to only show the paused containers with autocomplete. Fix a typo in the help command. Update the unpause function to only attempt an unpause on pasued pods instead of all the pods. Update the tests accordingly. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | libpod: switch to golang native error wrappingSascha Grunert2022-07-05
|/ | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* Merge pull request #14789 from saschagrunert/libpod-errorsopenshift-ci[bot]2022-07-05
|\ | | | | libpod/runtime: switch to golang native error wrapping
| * libpod/runtime: switch to golang native error wrappingSascha Grunert2022-07-04
| | | | | | | | | | | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* | Merge pull request #14449 from cdoern/podVolumesopenshift-ci[bot]2022-07-01
|\ \ | |/ |/| podman volume create --opt=o=timeout...
| * podman volume create --opt=o=timeout...cdoern2022-06-09
| | | | | | | | | | | | | | add an option to configure the driver timeout when creating a volume. The default is 5 seconds but this value is too small for some custom drivers. Signed-off-by: cdoern <cdoern@redhat.com>
* | api,images: add support for LookupManifest to Image remove APIAditya R2022-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | ImagesBatchRemoval and ImageRemoval now honors and accepts `LookupManifest` parameter which further tells libimage to resolve to manifest list if it exists instead of actual image. Following PR also makes `podman-remote manifest rm` functional which was broken till now. Closes: https://github.com/containers/podman/issues/14763 Signed-off-by: Aditya R <arajan@redhat.com>
* | Merge pull request #14740 from flouthoc/bindings-remove-manifestopenshift-ci[bot]2022-06-29
|\ \ | | | | | | bindings: Add support for `Delete` for deleting manifest list from local storage.
| * | bindings: Add support for Delete in pkg/bingings/manifestAditya R2022-06-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bindings already support `Remove` which removes a manifest from the list following function adds support for removing entire manifest for local storage. Similar functionality can be also used indirectly by using `Remove` defined in image bindings Signed-off-by: Aditya R <arajan@redhat.com>
* | | Merge pull request #14755 from cdoern/systemopenshift-ci[bot]2022-06-28
|\ \ \ | | | | | | | | fix volume reporting in system df
| * | | fix volume reporting in system dfCharlie Doern2022-06-28
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | currently, podman system df incorrectly calculates the reclaimable storage for volumes, using a cumulative reclaimable variable that is incremented and placed into each report entry causing values to rise above 100%. Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does. resolves #13516 Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | podman image scp remote support & podman image scp taggingcdoern2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | | Merge pull request #14741 from giuseppe/pod-ps-no-raceopenshift-ci[bot]2022-06-28
|\ \ \ | | | | | | | | pod: ps does not race with rm
| * | | pod: ps does not race with rmGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the "pod ps" command first retrieves the list of all pods, then iterates over the list to inspect each pod. This introduce a race since a pod could be deleted in the meanwhile by another process. Solve it by ignoring the define.ErrNoSuchPod error. Closes: https://github.com/containers/podman/issues/14736 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | pods: move code to a new functionGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | it is a preparatory change for the next commit. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Use Regexp in volume ls --filter nameBoaz Shuster2022-06-27
| | | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | | | Merge pull request #14713 from Luap99/volume-pluginopenshift-ci[bot]2022-06-27
|\ \ \ \ | | | | | | | | | | add podman volume reload to sync volume plugins
| * | | | add podman volume reload to sync volume pluginsPaul Holzinger2022-06-23
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Libpod requires that all volumes are stored in the libpod db. Because volume plugins can be created outside of podman, it will not show all available plugins. This podman volume reload command allows users to sync the libpod db with their external volume plugins. All new volumes from the plugin are also created in the libpod db and when a volume from the db no longer exists it will be removed if possible. There are some problems: - naming conflicts, in this case we only use the first volume we found. This is not deterministic. - race conditions, we have no control over the volume plugins. It is possible that the volumes changed while we run this command. Fixes #14207 Signed-off-by: Paul Holzinger <pholzing@redhat.com>