| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add interface for apple hypervisor
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
pkg/bindings: Support writing image push progress to specified io.Writer
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Currently bindings writes image push progress to os.Stderr.
Since os.Stderr is inconvenience for bindings caller to
process the progress messages, Added this support.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
|
| |\ \ \
| | | |
| | | | |
Bump to Buildah v1.27.0
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Output messages display rawInput
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
`init`, `checkpint/restore` and `cleanup` command now display
output messages which is rawInput instead of a container ID.
Example:
```
$ podman init <container name>
<container name>
$ podman init <short container ID>
<short container ID>
```
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
use the sandbox id instead of the name for the
io.kubernetes.cri-o.SandboxID annotation used by gVisor.
Closes: https://github.com/containers/podman/issues/15223
[NO NEW TESTS NEEDED] it is specific to gVisor
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \
| | |
| | | |
remove image podman no prune
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Fixes #15154 Change order when config and connections are written
|
| | |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When the break out or the WSL environment fails to start, the config
and connections should not be written. Placing them at the end of the
provisioning step will mitigate the issue.
[NO NEW TESTS NEEDED]
Signed-off-by: Gerard Braad <me@gbraad.nl>
|
| |\ \ \
| |/ /
|/| | |
start --filter flag changes
|
| | |/
| |
| |
| |
| |
| | |
Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The "image" policy has been deprecated in favor of the more precise
"registry" policy. Add a code comment to leave some breadcrumbs for
future generations.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Decompose the update logic into smaller steps (update check, update,
rollback, etc.) and move the implementation into the `task` API.
This allows to transition a task from state to state, independent of its
underlying auto-update policy.
Supporting more than one container per unit is now really close.
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As state should be kept in a single `task`. This will allow for
separating updates from rollbacks which will be needed to support
multiple containers/tasks in a single unit.
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
It is not state needed after assembling the tasks, so remove it to keep
the task struct simpler.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| | |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
To replace redundant string scattered across the code with proper
constants. The "status" will further be useful in a future change
as it can be moved into a `task`.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Will simplify the code and speed up things as we do not consult a
container's labels multiple times.
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This will simplify the logic and pave the way for abstracting the
auto-update policies to a certain degree that allows us to better
control _when_ the updates and rollbacks happen and will ultimately
reduce redundant code.
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
"pull" is more expressive.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If two containers use the same image and one rolled back (i.e., tagged
the old image again), make sure to repull the image for the other
container.
Once an image has caused a rollback, it may be worth marking this image
as broken and not update any other container using it but that is
outside of the scope.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change the auto-update logic to update unit-by-unit rather by policy.
This allows for, in theory now and in practice later, to have mutliple
containers run in a single systemd unit and update them in sequence
before restarting the unit.
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A `task` includes data and state for updating a given container image.
It will come in handy in future changes, but we are going there in
baby steps to have smaller incremental changes.
[NO NEW TESTS NEEDED] - should not change behaviour.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED] - should not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce an `updater` type to allow for sharing state.
This will be more useful for future changes.
[NO NEW TESTS NEEDED] as it does not change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
add omitempty to Secret in k8s VolumeSource
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Secret was populating a generated kube as `null`. Add omitempty
so that when the volume source is not a secret, we do not print unnecessary info
resolves #15156
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Default to rootless via Windows WSL prompt / Lock to WSL2
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Also force installation to use WSL2 to prevent accidental usage of WSL1
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |/
| |
| |
| |
| |
| | |
(requires psi)
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| |\ \
| | |
| | | |
Add rm --filter option
|
| | | |
| | |
| | |
| | |
| | |
| | | |
--filter : remove the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \
| | | |
| | | | |
switch from "kube/play" endpoint to "play/kube" endpoint.
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When podman kube play was added the endpoint for the kube play/play kube
commands was switched from the "play kube" endpoint to the new "kube play"
endpoint. This caused issues with the remote client, requiring the need
to use the "play kube" endpoint again in order to avoid these issues.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman run/create can accept `-h <hostname>` as argument. When parsing
flags -h throws an help requested error from pflag. To prevent this
error we have to define the help flag.
Fixes #15124
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |\ \
| | |
| | | |
Sigstore sign
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |\ \
| | |
| | | |
podman generate systemd: handle --sdnotify correctly
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When a container was created with `--sdnotify value` we would remove
this arg instead of using it like with `--sdnotfiy=value`.
Also when the arg is set to ignore we should force conmon in order to
make the resulting Type=notify units work.
Fixes #15052
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| | |
local/remote mode.
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes #15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
|
| | |
| |
| |
| | |
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
Fixes https://github.com/containers/podman/issues/15049
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Fix: manifest push --rm removes a correct manifest list
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This bug is reproduced when we execute the following command:
1. podman manifest add <manifest list> <images exist on local storage>
2. podman manifest push --rm <manifest list> dir:<directory>
If pushing succeeds, it is expected to remove only a manifest list.
However, manifest list remains on local storage and images are removed.
This commit fixes `podman manifest push --rm` to remove only a manifest list.
And, supports `manifest push --rm option` in remote environment,
like host environment.
Fixes: https://github.com/containers/podman/issues/15033
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
