| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
always set the default devices to the devices cgroup when not running
in a user namespace.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
Show --external containers even without --all option
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We currently do not show --external containers when the user specifies
it, unless they also specify the --all flag. This has led to confusion.
I see no reason not to list them without the --all flag if the user
specifies the option.
Fixes: https://github.com/containers/podman/issues/12353
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
network db rewrite
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Because we cannot reqad the networking mode in the frontent because we
should always use the server default we have to parse the mac and ip
address to the server via a default network. Now when the server reads
the default nsmode it has to reject the provided networks when the mode
is not set to bridge.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
It is important that we store the current networks from the db in the
config. Also make sure to properly handle aliases and ignore static ip/mac
addresses.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| | |
Allow the same --network options for play kube as for podman run/create.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Rework the --network parse logic to support multiple networks with
specific network configuration settings.
--network can now be set multiple times. For bridge network mode the
following options have been added:
- **alias=name**: Add network-scoped alias for the container.
- **ip=IPv4**: Specify a static ipv4 address for this container.
- **ip=IPv6**: Specify a static ipv6 address for this container.
- **mac=MAC**: Specify a static mac address address for this container.
- **interface_name**: Specify a name for the created network interface inside the container.
So now you can set --network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99
for the default bridge network as well as for network names.
This is better than using --ip because we can set the ip per network
without any confusion which network the ip address should be assigned
to.
The --ip, --mac-address and --network-alias options are still supported
but --ip or --mac-address can only be set when only one network is set.
This limitation already existed previously.
The ability to specify a custom network interface name is new
Fixes #11534
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| | |
Add the new networks format to specgen. For api users cni_networks is
still supported to make migration easier however the static ip and mac
fields are removed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| | |
The swagger api docs used the extra Body struct as part of the request
which is wrong. We just want the plain type.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Network connect now supports setting a static ipv4, ipv6 and mac address
for the container network. The options are added to the cli and api.
Fixes #9883
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure we create new containers in the db with the correct structure.
Also remove some unneeded code for alias handling. We no longer need this
functions.
The specgen format has not been changed for now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| |
| |
| | |
We do not need to return a extra bool.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \
| | |
| | | |
fix network id handling
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
We have to get the network ID from the network backend. With the
netavark backend we no longer use the sha from the name as ID.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
| |
Signed-off-by: Ananth Bhaskararaman <antsub@gmail.com>
|
|
|
|
|
| |
Fixes: #12566
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
| |
(Fixes: #12563)
Signed-off-by: Nguyen Marc <nguyen_marc@live.fr>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2030599
When you create pod, it shares the UTS namespace with Containers.
Currently the --hostname is not passed to the pod created when
you create a container and pod in the same command.
Also fix error message on supported --share flags
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| | |
generate systemd: support entrypoint JSON strings
|
| |
| |
| |
| |
| |
| |
| | |
Make sure to preserve the quoting of entrypoint JSON strings.
Fixes: #12477
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
specgen: honor empty args for entrypoint specified as `--entrypoint ""`
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Users should be able to override containers entrypoint using
`--entrypoint ""` following works fine for podman but not for podman
remote.
Specgen ignores empty argument for entrypoint so make specgen honor
empty arguments.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
GLOBAL_OPTS haven't been supported for at least two major versions of
Podman. The runlabel code is extremely fragile and I think it should
be rewritten before adding new features.
Fixes: #12436
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
[NO NEW TESTS NEEDED] This is just moving pkg/cgroups out so
existing tests should be fine.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\
| |
| |
| |
| | |
dispensable/respect_pod_yaml_spec_hostname_when_play
Hostname in `spec.hostname` should be passed to infra ctr init opt
|
| |
| |
| |
| |
| |
| | |
Fixes https://github.com/containers/podman/issues/12393
Signed-off-by: Qiang Wang <sunsetmask@gmail.com>
|
|\ \
| | |
| | | |
Add support for configmap volumes to play kube
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If the k8s yaml has volumes from a configmap, play kube
will now create a volume based on the data from the
configmap and volume source and set it to the right path
in the container accordingly.
Add tests for this and update some test for ENV from configmap.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
|\ \ \
| | | |
| | | | |
Add restart-sec option to systemd generate command
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Ondra Machacek <omachace@redhat.com>
|
|\ \ \ \
| |/ / /
|/| | | |
cmd, push: use the configured compression format
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
[NO NEW TESTS NEEDED] I am just changing the default value
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
compat API: push: report size of manifest
|
| | |_|/
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We don't yet have a local registry running in the APIv2 tests.
Tested manually.
[NO NEW TESTS NEEDED]
Fixes: https://github.com/containers/podman/issues/12468
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
Don't use a global RNG, and avoid conflicts, when generating NodePorts
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add an error return to it and affected callers.
Should not affect behavior, the function can't currently fail.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\ \ \ \
| | | | |
| | | | | |
compat: images/json
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Do not list manifest lists. Docker doesn't either.
Fixes: #12453
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
Fix possible rootless netns cleanup race
|
| |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
rootlessNetNS.Cleanup() has an issue with how it detects if cleanup
is needed, reading the container state is not good ebough because
containers are first stopped and than cleanup will be called. So at one
time two containers could wait for cleanup but the second one will fail
because the first one triggered already the cleanup thus making rootless
netns unavailable for the second container resulting in an teardown
error. Instead of checking the container state we need to check the
netns state.
Secondly, podman unshare --rootless-netns should not do the cleanup.
This causes more issues than it is worth fixing. Users also might want
to use this to setup the namespace in a special way. If unshare also
cleans this up right away we cannot do this.
[NO NEW TESTS NEEDED]
Fixes #12459
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|\ \ \ \
| |_|/ /
|/| | | |
Fixed the containerfile not found during remote build
|
| | |/
| |/|
| | |
| | |
| | |
| | | |
[NO NEW TESTS NEEDED]
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
|
|\ \ \
| | | |
| | | | |
Implement 'podman run --blkio-weight-device'
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`--blkio-weight-device` is not fully implemented and this causes an
unexpected panic when specified because an entry is put into an
uninitialized map at parsing.
This fix implements the `--blkio-weight-device` and adds a system test.
When creating a spec generator on a client, a major number and a minor
number of a device cannot be set. So, these numbers are inspected on a
server and set to a runtime spec.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
|
|\ \ \ \
| |_|_|/
|/| | | |
podman, push: expose --compression-format
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
support overriding the compression format at push time.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\ \ \
| | | |
| | | | |
tunnel: allow `remote` and `API` to accept `--secrets`
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman remote must treat build secrets as part of context directory. If
secret path is absolute path on host copy it to tar file and pass it to
remote server.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|