| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
| |
Support removing the entire pod when --depend is used on an infra
container. --all now implies --depend to properly support removing all
containers and not error out when hitting infra containers.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Podman Pod Create --sysctl support
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
added support for pod wide sysctls. The sysctls supported are the same as the continer run controls.
These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl
resolves #12747
Signed-off-by: cdoern <cdoern@redhat.com>
|
| |\ \
| | |
| | | |
remote events: convert TimeNano properly
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
e.TimeNano contains nanoseconds since epoch, not just the nanoseconds
after e.Time.
time.Unix supports nanoseconds > 999999999 and converts them to seconds,
so just passing e.TimeNano is enough.
Signed-off-by: Leah Neukirchen <leah@vuxu.org>
|
| |\ \ \
| | | |
| | | | |
Wait for podman stop to complete
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
if users run podman machine stop && podman machine ls, the status of the
machine in the subsequent ls command would running. now we wait for
everything to complete for stop so that scripting is more accurate.
Fixes: #12815
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Add --noout option to prevent the output of ids
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | | |
Fixes: https://github.com/containers/podman/issues/11515
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Relay --quiet to save & load commands, in both Rootless
and Rootful transfer functions.
Also, a little cleanup:
- remove unuseful SOURCE/DEST printfs
- refactor duplication in execMachine()
- fix Debug("Executing") statements to include the actual
command they're executing
[NO NEW TESTS NEEDED] : Tests are being slowly implemented in #12797
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This option causes Podman to not only remove the specified containers
but all of the containers that depend on the specified
containers.
Fixes: https://github.com/containers/podman/issues/10360
Also ran codespell on the code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
ignition: set `HTTP` proxy variable and `SSL_CERT_FILE` from `host` -> `machine`.
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman often has to run behind an http/https proxy, often in corporate environments.
This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store.
Copy the file referred to by SSL_CERT_FILE on the host into the podman machine's OS trust store, overriding the built-in single-file trust store certificate.
Also set the `SSL_FILE_CERT` on remote machine
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Podman often has to run behind an http/https proxy, often in corporate environments.
This proxy may or may not include SSL inspection capabilities, requiring a trusted SSL CA certificate to be added to a system's trust store.
Solve this by reading standard proxy variables (HTTP_PROXY HTTPS_PROXY NO_PROXY http_proxy https_proxy no_proxy) and injecting them into the machine at init.
[NO NEW TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| | |
Remove hard code use of the DefaultInfraImage and rely on
getting this from containers.conf.
Fixes: https://github.com/containers/podman/issues/12771
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
| |
If the pod yaml has env from secret and condifg map but they are optional
and the secret cannot be found, don't add the env key as well
as the env value will not be found. Matches behavior with k8s.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\
| |
| | |
Don't rename pod if container has the same name
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We enforce the naming scheme "<podname>-<containername>" here [1].
Therefore we must not rename the pod in case of a naming conflict
between pod name and container name. Not renaming the pod increases the
usability for the user and easies scripting based on the name. Otherwise
a user must set some label to reliable find a pod after creation. Or
have to implement the renaming logic in the script.
[1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140
Fixes #12722
Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
|
| |\ \
| | |
| | | |
fix healthcheck timeouts and ut8 coercion
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
this commit fixes two bugs and adds regression tests.
when getting healthcheck values from an image, if the image does not
have a timeout defined, this resulted in a 0 value for timeout. The
default as described in the man pages is 30s.
when inspecting a container with a healthcheck command, a customer
observed that the &, <, and > characters were being converted into a
unicode escape value. It turns out json marshalling will by default
coerce string values to ut8.
Fixes: bz2028408
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Implement virtfs volumes for podman machine
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use the same type of mounts for all the machine volumes.
The default could change in the future, depending on OS.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There are other mount types available, such as NFS or SMB,
or one could use reverse sshfs for better compatibility.
It could either be a global option, or it could perhaps be
overridden for each volume (like the container volumes).
Refactor the creation of the options string or array.
Allow specifying the volume as read-only, if desired.
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Allow using the built-in 9pfs feature of qemu,
mounting host directories into vm mountpoints.
The volumes are generic, the mounts are specific.
Wait for the machine to be "running", otherwise
the SSH function might throw an error instead.
Increase the default msize from 8 KiB to 128 KiB
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \ \
| |_|/
|/| | |
Fix HTTP credentials passing
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... now that they have no public users.
Also remove the HeaderAuthName type, we don't need the type-safety
so much for private constants, and using plain strings results in
less visual noise.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Having a parameter that modifies the provides types.SystemContext
seems rather unexpected and risky to have around - and the only
user of that is actually a no-op, others only provide a nil
SystemContext; so, remove that option and simplify (well, somewhat;
many callers now have extra &types.SystemContext{AuthFilePath}
boilerplate; at least that's consistent with that code carrying
a TODO to create a larger-scope SystemContext).
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... now that two of the three cases are the same.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Having a parameter that modifies the provides types.SystemContext
seems rather unexpected and risky to have around - and the only
user of that is actually a no-op; so, remove that option and simplify.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
which used to contain more context, but now are just
a pointless copy.
Should not change (test) behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Should not change (test) behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It is no longer used.
Split the existing tests into MakeXRegistryConfigHeader
and MakeXRegistryAuthHeader variants. For now we don't modify
the implementations at all, to make review simpler; cleanups
will follow.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All callers hard-code a header value, so this is actually shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... which can be called independently.
For now, there are no new callers, to test that the behavior
has not changed.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All callers hard-code a header value, so this is actually shorter.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... which can be called independently.
For now, there are no new callers, to test that the behavior
has not changed.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This shares the code, and makes getConfigCredentials
and getAuthCredentials side-effect free and possibly easier to test.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We'll share even more code here in the future.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... and have GetCredentials pass the values down to
getConfigCredentials and getAuthCredentials.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's possibly a bit more expensive, but semantically safer
because it does header normalization.
And we'll regain the cost by not looking up the value repeatedly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Use separate lines, and use the provided .String() API.
Should not change behaivor.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Both have a single caller, so there's no point in looking up
the header value twice.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In the "no input" case, return a constant instead of
continuing with the decode/convert path, converting empty data.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Don't create a single-element map only for the only caller
to laboriously extract an element of that map; just return
a single entry.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Almost every caller is using it only to wrap an error
in exactly the same way, so move that error context into GetCredentials
and simplify the users.
(The one other caller, build, was even wrapping the error incorrectly
talking about query parameters; so let it use the same text as the others.)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... to refer to auth file keys instead of servers and the like.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... as an end-to-end unit test of the header creation/parsing
code.
Leave the docker.io and docker.io/vendor test cases commented out,
because they are currently failing.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
