| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a workaround for the runc issue:
https://github.com/opencontainers/runc/issues/1247
If the source of a bind mount has any of nosuid, noexec or nodev, be
sure to propagate them to the bind mount so that when runc tries to
remount using MS_RDONLY, these options are also used.
Closes: https://github.com/containers/libpod/issues/2312
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Enable more podman-remote pod commands
|
| |
| |
| |
| |
| |
| | |
enable pod start, stop, and kill subcommands for the remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| | |
| | | |
make remote-client error messaging more robust
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
the remote-client is currently weak for carrying error messages
over the varlink interface and displaying something useful to users
and developers for the purposes of debug. this is a starting point
to improve that user experience.
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| | |
when joining an existing namespace, we were not maintaining the
current working directory, causing commands like export -o to fail
when they weren't referring to absolute paths.
Closes: https://github.com/containers/libpod/issues/2381
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
enable the remote client to be able to inspect a pod. also, bonus of
enabling the podman pod exists command which returns a 0 or 1 depending
on whether the given pod exists.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
enable the ability to load an image into remote storage
using the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|\
| |
| | |
enable podman-remote pod rm
|
| |
| |
| |
| |
| |
| | |
add the ability to delete a pod from the remote client.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
| |
Because the varlink server honors the socket activation protocol,
LISTEN_PID has to be adjusted with the new PID.
https://varlink.org/FAQ.html#how-does-socket-activation-work
Signed-off-by: Harald Hoyer <harald@redhat.com>
|
|
|
|
|
|
|
| |
Add the ability to save an image from the remote-host to the
remote-client.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Also add some argument checks to the Varlink function to avoid
referencing nil pointers, and complement the API.md descriptions.
The varlink endpoint can be tested via varlink CLI:
$ varlink call -m unix:/run/podman/io.podman/io.podman.SearchImages \
'{"query": "ruby", "limit": 0, "tlsVerify": false, "filter": {}}'
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Use an `image.SearchFilter` instead of a `[]string` in the SearchImages
API.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
|
| |
Refactor the image-search logic from cmd/podman/search.go to
libpod/image/search.go and update podman-search and the Varlink API to
use it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
| |
Add status for remote users and podman remote-client pull.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
Drop context.Context field from cli.Context
Signed-off-by: Sebastian Jug <sejug@redhat.com>
|
|\
| |
| | |
Add registry name to fields returned by varlink image search
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cockpit team wants to list the registry name where the image was
found.
Also fix up SearchImages code to check if the user specified a registry
in his call to use that rather then all the registries, This matches
podman search command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|/
|
|
|
|
|
|
|
|
| |
or attached.
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
|
|\
| |
| | |
Add tlsVerify bool to SearchImage for varlink
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Cockpit wants to be able to search images on systems without
tlsverify turned on.
tlsverify should be an optional parameter, if not set then we default
to the system defaults defined in /etc/containers/registries.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
volume prune
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
allow users to remotely prune volumes.
this is the last volume command for remote enablement. as such,
the volume commands are being folded back into main because they
are supported for both local and remote clients.
also, enable all volume tests that do not use containers
as containers are not enabled for the remote client yet.
Signed-off-by: baude <bbaude@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
podman-remote build
|
| |
| |
| |
| |
| |
| |
| | |
add the ability to build images using files local to the remote-client
but over a varlink interface to a "remote" server.
Signed-off-by: baude <bbaude@redhat.com>
|
|\ \
| |/
|/| |
Fix manual detach from containers to not wait for exit
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
At present, when manually detaching from an attached container
(using the detach hotkeys, default C-p C-q), Podman will still
wait for the container to exit to obtain its exit code (so we can
set Podman's exit code to match). This is correct in the case
where attach finished because the container exited, but very
wrong for the manual detach case.
As a result of this, we can no longer guarantee that the cleanup
and --rm functions will fire at the end of 'podman run' - we may
be exiting before we get that far. Cleanup is easy enough - we
swap to unconditionally using the cleanup processes we've used
for detached and rootless containers all along. To duplicate --rm
we need to also teach 'podman cleanup' to optionally remove
containers instead of cleaning them up.
(There is an argument for just using 'podman rm' instead of
'podman cleanup --rm', but cleanup does have different semantics
given that we only ever expect it to run when the container has
just exited. I think it might be useful to keep the two separate
for things like 'podman events'...)
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
add the ability to list and inspect volumes using the remote
client and varlink
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
enable podman-remote push so that users can push images from a
remote client.
change in push API to deal with the need to see output over the
varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
Also rename image result struct to `ImageSearchResult` and make `limit`
parameter optional.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| | |
Container more clearly describes what the type represents.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Image more clearly describes what the type represents.
Also, only include the image name in the `ImageNotFound` error returned
by `GetImage()`, not the full error message.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| | |
Not having the `Version` wrapper type makes it easier for clients to
work with the returned data.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is more consistent and eaiser to parse than the format that
golang's time.String() returns.
Fixes #2260
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
| |
| |
| |
| |
| |
| |
| |
| | |
There are other ways for developers to "ensure their varlink setup is
working", for example by calling `GetVersion()` or any call on the
org.varlink.service interface.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
|/
|
|
|
|
|
|
| |
Remove the `NotImplemented` type and comment out the methods that use
it. This way we can keep track of the methods that still need to be
implemented without committing them to stable API.
Signed-off-by: Lars Karlitski <lars@karlitski.net>
|
|
|
|
|
|
|
| |
add the ability to remove/delete volumes with the podman remote
client.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
| |
create a volume using the remote client over varlink
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
| |
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
| |
make sure "containers cleanup" uses the correct runtime if it was
overriden.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Fix handling of memory limits via varlink
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Currently handlin memory via varlink is hard coded to 0
Changing to
Memory: create.Resources.Memory,
MemoryReservation: create.Resources.Memory_reservation,
MemorySwap: create.Resources.Memory_swap,
MemorySwappiness: int(create.Resources.Memory_swappiness),
KernelMemory: create.Resources.Kernel_memory,
Allows callers to modify these memory settings.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
Unconditionally refresh storage options from config
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Due to our unconditionally setting some storage options, we
are not always reading storage options from storage.conf. This
can lead to some fields in the storage config (most notably extra
storage options) being ignored, despite being set in
storage.conf.
Resolve this by unconditionally refreshing our storage config
from storage.conf (this was previously only done for rootless
Podman)
Fixes #2217
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \ \
| |_|/
|/| | |
rootless: do not override /dev/pts if not needed
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
when running in rootless mode we were unconditionally overriding
/dev/pts to take ride of gid=5. This is not needed when multiple gids
are present in the namespace, which is always the case except when
running the tests suite with only one mapping. So change it to check
how many gids are present before overriding the default mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
addition of import and export for the podman-remote client. This includes
the ability to send and receive files between the remote-client and the
"podman" host using an upgraded varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
|