| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new command, 'podman network reload', to reload the
networks of existing containers, forcing recreation of firewall
rules after e.g. `firewall-cmd --reload` wipes them out.
Under the hood, this works by calling CNI to tear down the
existing network, then recreate it using identical settings. We
request that CNI preserve the old IP and MAC address in most
cases (where the container only had 1 IP/MAC), but there will be
some downtime inherent to the teardown/bring-up approach. The
architecture of CNI doesn't really make doing this without
downtime easy (or maybe even possible...).
At present, this only works for root Podman, and only locally.
I don't think there is much of a point to adding remote support
(this is very much a local debugging command), but I think adding
rootless support (to kill/recreate slirp4netns) could be
valuable.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Drop name argument from Load API
|
| | |
| |
| |
| |
| |
| |
| | |
Not pass the name argument to Load API. Specify in the document the usage of the optional argument is tagging an additional image.
Close #7337
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \
| | |
| | | |
target is not tag
|
| | |/
| |
| |
| |
| |
| | |
remove mistaken use of target being used for tag
Signed-off-by: baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The network ID is not stored. It is just the sha256 hash from
the network name. There is a risk of a potential hash collision.
However it's very unlikely and even if we hit this it will
complain that more than network with this ID exists.
The main benefit is that the compat api can have proper
network ID support. Also this adds the support for
`podman network ls --format "{{.ID}}"` and `--filter id=<ID>`.
It also ensures that we can do network rm <ID> and network
inspect <ID>.
Since we use a hash this commit is backwards compatible even for
already existing networks.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\
| |
| | |
Do not use "true" after "syslog" in exit commands
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of being interpreted as an argument to the boolean flag,
the 'true' is being intepreted as the Podman command to be run -
so we're trying to run `podman true`, which does not exist. This
causes the cleanup command to fail when `--log-level=debug` is
set, so containers are not cleaned up or removed.
This problem is easily reproduced with any command combining the
`--rm`, `-d`, and `--log-level=debug` flags - the command will
execute and exit, but the container will not be removed.
Separate, but worth looking into later: the errors we get on
trying `podman true` with any flags are terrible - if you just
type `podman true` you get a quite sane "Unrecognized command"
error, but if you try `podman true --rm` you get an "unknown flag
--rm" error - which makes very little sense given the command
itself doesn't exist.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
| |\ \
| | |
| | | |
Fix potential race condition in testing
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The It("podman wait to pause|unpause condition"... test is
flaking every so often when a messages is sent in the second
function to a channel. It is my believe that in between the time
the first function sends a message to the channel and before it closes
the channel the second errChan=make() has happened. This would mean that
the fist function closes the second errChan, and then when the second
function sends a message to the second errChan, it fails and blows up with
the error you are seeing.
By creating a different variable for the second channel, we eliminate the race.
Fixes: https://github.com/containers/podman/issues/6518
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
podman network label support
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add label support for podman network create. Use the `args`
field in the cni config file to store the podman labels.
Use `podman_labels` as key name and store the labels as
map[string]string.
For reference: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md#args-in-network-config
https://github.com/containernetworking/cni/blob/spec-v0.4.0/SPEC.md#network-configuration
Example snippet:
```
...
"args": {
"podman_labels": {
"key1":"value1",
"key2":"value2"
}
}
...
```
Make podman network list support several filters. Supported filters are name,
plugin, driver and label. Filters with different keys work exclusive. Several label
filters work exclusive and the other filter keys are working inclusive.
Also adjust the compat api to support labels in network create and list.
Breaking changes:
- podman network ls -f shortform is used for --filter instead --format
This matches docker and other podman commands (container ps, volume ps)
- libpod network list endpoint filter parameter is removed. Instead the
filters paramter should be used as json encoded map[string][]string.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \
| |_|/
|/| | |
Implement containers/{id or name}/archive api
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Remove varlink support from podman
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Handle ps container created field as a time.Time
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
In the current code we were translating the created time
from a time.Time to a unix epoch, this was leading to a loss
of precession, and some unexpected results where the sorting
order of containers was misordered because of the precession loss.
If we pass around created as time.Time, we do not loose the precission.
Fixes: https://github.com/containers/podman/issues/8414
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Document docker transport is the only supported remote transport
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The goal is to improve errors when users use the wrong transport
in certain cases we stutter, in other cases we don't give enough
information.
Remove stutters when failing to pull remote images, because of
lack of support.
Fix errors returned by reference.Parse to wrap in image that was being
checked.
Fixes: https://github.com/containers/podman/issues/7116
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Revert "Allow multiple --network flags for podman run/create"
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
As described in issue #8507 this commit contains a breaking
change which is not wanted in v2.2.
We can discuss later if we want this in 3.0 or not.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| |\ \ \ \ \
| | | | | |
| | | | | | |
Ensure that --net=host/pod/container conflicts with -p
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
Setting port mappings only works when CNI is configuring our
network (or slirp4netns, in the rootless case). This is not the
case with `--net=host`, `--net=container:`, and joining the
network namespace of the pod we are part of. Instead of allowing
users to do these things and then be confused why they do
nothing, let's match Docker and return a warning that your port
mappings will do nothing.
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\ \ \ \ \ \
| | |/ / / /
| |/| | | | |
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
In k8s a persistent volume claim (PVC) allow pods to define a volume
by referencing the name of a PVC. The PVC basically contains criterias
that k8s then use to select which storage source it will use for the
volume.
Podman only provide one abtracted storage, the named volumes, and
create them if they don't exists yet. So this patch simply use a
volume with the name of the PVC.
Signed-off-by: Alban Bedel <albeu@free.fr>
|
| | | |_|/ /
| |/| | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Replace the simple map of names to paths with a map of names to a struct
to allow passing more parameters. Also move the code to parse the volumes
to its own file to avoid making the playKubePod() function overly complex.
Finally rework the kube volumes test to also be ready to support more
volume types.
Signed-off-by: Alban Bedel <albeu@free.fr>
|
| | |\ \ \ \
| | | | | |
| | | | | | |
REST API v2 - ping - fix typo in header
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | | |
REST API v2 - ping - remove newline from response to improve Docker compatibility
|
| | | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
compatibility
Signed-off-by: Riyad Preukschas <riyad@informatik.uni-bremen.de>
|
| | |/ / / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The volume src path should not be validated in specgen since
the remote client also uses that part and the path must only
exists on the server. This now fails later and only on the
server and not the client.
I don't think I can add a test for this because the CI runs
server and client always on the same vm.
Fixes #8473
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* Make endpoint compatibile with docker-py network expectations
* Update specgen helper when called from compat endpoint
* Update godoc on types
* Add test for network/container create using docker-py method
* Add syslog logging when DEBUG=1 for tests
Fixes #8361
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
| | |\ \ \ \
| | | | | |
| | | | | | |
Docker compat API fixes
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
These are the first fixes that are needed for development environments like
Eclipse or IntelliJ that have Docker plug-ins and use the Docker API to speak
with container engine (#7857)
Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
|
| | |\ \ \ \ \
| | |/ / / /
| |/| | | | |
Allow containers to --restart on-failure with --rm
|
| | | | | | |
| | | | | |
| | | | | |
| | | | | | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | | |
APIv2 - strip CAP_ prefix from capabilities in inspect container json
|
| | | | |_|_|/
| | |/| | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
strip prefix "CAP_" from capabilities in json generated by container inspect operation
Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
|
| | |\ \ \ \ \
| | | | | | |
| | | | | | | |
Allow multiple --network flags for podman run/create
|
| | | |/ / / /
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
We allow a container to be connected to several cni networks
but only if they are listed comma sperated. This is not intuitive
for users especially since the flag parsing allows multiple string
flags but only would take the last value. see: spf13/pflag#72
Also get rid of the extra parsing logic for pods. The invalid options
are already handled by `pkg/specgen`.
A test is added to prevent a future regression.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
|
| | |\ \ \ \ \
| | |_|/ / /
| |/| | | | |
REST API v2 - list of images - mandatory Created attribute
|
| | | |/ / /
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
fixes https://github.com/containers/podman/issues/8418
created attribute is missing for images with created datetime set to 0 Unix time (January 1, 1970 UTC) because 0 is considered as default value, and thus attribute was ommited because of 'omitempty' flag
Signed-off-by: Petr Sakař <petr.sakar@chare.eu>
|
| | |\ \ \ \
| | |_|_|/
| |/| | | |
Make podman service log events
|
