| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I didn't believe that this was actually legal, but it looks like
it is. And, unlike our previous understanding (host port being
empty means just use container port), empty host port actually
carries the same meaning as `--expose` + `--publish-all` (that
is, assign a random host port to the given container port). This
requires a significant rework of our port handling code to handle
this new case. I don't foresee this being commonly used, so I
optimized having a fixed port number as fast path, which this
random assignment code running after the main port handling code
only if necessary.
Fixes #6806
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
e2e inspect: HostConfig.SecurityOpt
|
| |
| |
| |
| |
| |
| |
| | |
Make sure that all specified security options are displayed in a
container's inspect data.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
Add support for dangling filter to volumes
|
| |/
| |
| |
| |
| |
| |
| |
| |
| | |
The dangling filter determine whether a volume is dangling - IE,
it has no containers attached using it. Unlike our other filters,
this one is a boolean - must be true or false, not arbitrary
values.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
|
|
| |
In Podman v1.9, we printed port mappings for the container, even
if it shared its network namespace (and thus ports) with another
container. We regressed on this in Podman v2.0, which is fixed
here.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\
| |
| | |
Set stop signal to 15 when not explicitly set
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When going through the output of `podman inspect` to try and
identify another issue, I noticed that Podman 2.0 was setting
StopSignal to 0 on containers by default. After chasing it
through the command line and SpecGen, I determined that we were
actually not setting a default in Libpod, which is strange
because I swear we used to do that. I re-added the disappeared
default and now all is well again.
Also, while I was looking for the bug in SpecGen, I found a bunch
of TODOs that have already been done. Eliminate the comments for
these.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
podman untag: error if tag doesn't exist
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Throw an error if a specified tag does not exist. Also make sure that
the user input is normalized as we already do for `podman tag`.
To prevent regressions, add a set of end-to-end and systemd tests.
Last but not least, update the docs and add bash completions.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \ \
| | | |
| | | | |
Reformat inspect network settings
|
| |/ /
| | |
| | |
| | |
| | |
| | | |
Reformat ports of inspect network settings to compatible with docker inspect. Close #5380
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
specify the mappings in the container configuration to the storage
when creating the container so that the correct mappings can be
configured.
Regression introduced with Podman 2.0.
Closes: https://github.com/containers/libpod/issues/6735
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|/
|
|
|
|
|
|
| |
With Podman v2.0, we broke (or thought we were going to break)
using `--privileged` with `--group-add` and `--security-opt`
(specifically using `--security-opt` for SELinux config).
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
|\
| |
| | |
Add --preservefds to podman run
|
| |
| |
| |
| |
| |
| | |
Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
Stop following logs using timers
|
| | |
| | |
| | |
| | | |
Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This incorporates code from PR #6591 and #6614 but does not use
event channels to detect container state and rather uses timers
with a defined wait duration before calling t.StopAtEOF() to
ensure the last log entry is output before a container exits.
The polling interval is set to 250 milliseconds based on polling
interval defined in hpcloud/tail here:
https://github.com/hpcloud/tail/blob/v1.0.0/watch/polling.go#L117
Co-authored-by: Qi Wang <qiwan@redhat.com>
Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
|
|\ \ \
| | | |
| | | | |
Add container name to the /etc/hosts within the container
|
| |/ /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This will allow containers that connect to the network namespace be
able to use the container name directly.
For example you can do something like
podman run -ti --name foobar fedora ping foobar
While we can do this with hostname now, this seems more natural.
Also if another container connects on the network to this container it
can do
podman run --network container:foobar fedora ping foobar
And connect to the original container,without having to discover the name.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \ \
| |/ /
|/| | |
Fix podman build handling of --http-proxy flag
|
| |/
| |
| |
| |
| |
| | |
Also fixed a todo for handling of cgroup manager while I was in there.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| | |
| | | |
search: allow wildcards
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Allow wildcards in the search term. Note that not all registries
support wildcards and it may only work with v1 registries.
Note that searching implies figuring out if the specified search term
includes a registry. If there's not registry detected, the search term
will be used against all configured "unqualified-serach-registries" in
the registries.conf. The parsing logic considers a registry to be the
substring before the first slash `/`.
With these changes we now not only support wildcards but arbitrary
input; ultimately it's up to the registries to decide whether they
support given input or not.
Fixes: bugzilla.redhat.com/show_bug.cgi?id=1846629
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\ \
| | |
| | | |
correct the absolute path of `rm` executable
|
| |/
| |
| |
| | |
Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
|
|/
|
|
|
|
|
| |
* Sort images for -q option, removing duplicate id's
* Sort images for --format json
Signed-off-by: Jhon Honce <jhonce@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
For using the `registry:2.6` image. 2.7 and beyond dropped the
`htpasswd` binary from the rootfs which parts of our CI depends
on.
While this is not a sustainable solution (assuming `htpasswd` is gone
for ever), it unblocks the CI for now.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|
|
|
|
|
|
| |
Make sure to always get the older images that previously committed one
depends on.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
|\
| |
| | |
Don't ignore --user flag in rootless --userns keepid
|
| |
| |
| |
| |
| |
| |
| |
| | |
Currently podman run --userns keep-id --user root:root fedora id
The --user flag is ignored. Removing this makes the code work correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|\ \
| |/
|/| |
Do not share container log driver for exec
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When the container uses journald logging, we don't want to
automatically use the same driver for its exec sessions. If we do
we will pollute the journal (particularly in the case of
healthchecks) with large amounts of undesired logs. Instead,
force exec sessions logs to file for now; we can add a log-driver
flag later (we'll probably want to add a `podman logs` command
that reads exec session logs at the same time).
As part of this, add support for the new 'none' logs driver in
Conmon. It will be the default log driver for exec sessions, and
can be optionally selected for containers.
Great thanks to Joe Gooch (mrwizard@dok.org) for adding support
to Conmon for a null log driver, and wiring it in here.
Fixes #6555
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|\ \
| | |
| | | |
Add support for the unless-stopped restart policy
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We initially believed that implementing this required support for
restarting containers after reboot, but this is not the case.
The unless-stopped restart policy acts identically to the always
restart policy except in cases related to reboot (which we do not
support yet), but it does not require that support for us to
implement it.
Changes themselves are quite simple, we need a new restart policy
constant, we need to remove existing checks that block creation
of containers when unless-stopped was used, and we need to update
the manpages.
Fixes #6508
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/ /
| |
| |
| | |
Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
|
|\ \
| | |
| | | |
"streaming output" logs test: fix flake
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Test has been flaking excessively. A quick look shows that
the test itself is broken, making a bad assumption.
'podman logs -f' is guaranteed to exit when a container
terminates. This does not (and should not) mean that the
container has been cleaned up. It is undefined and unsafe
to run 'podman run -n same-name-as-terminated-container'
immediately after 'podman logs' exits.
Solution: instead of 'podman run', do 'podman inspect'.
This, too, is unsafe, but we can expect to see one of
two possible conditions:
1) command succeeds, in which case we require that
container State.Status be "exited"; or
2) command fails, in which case we expect "no such
container" in error output
For full coverage we should add a small delay-check test
to (1) to ensure that the container is cleaned up after
a short amount of time. Leaving that as a TODO because
it's more than my Go skills can handle, and I want to
get this checked in ASAP to get rid of the flake hassle.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|\ \ \
| |_|/
|/| | |
Fix podman inspect on overlapping/missing objects
|
| |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This started as a small fix to `podman inspect` where a container
and image, with the same name/tag, were present, and
`podman inspect` was run on that name. `podman inspect` in 1.9
(and `docker inspect`) will give you the container; in v2.0, we
gave the image. This was an easy fix (just reorder how we check
for image/container).
Unfortunately, in the process of testing this fix, I determined
that we regressed in a different area. When you run inspect on
a number of containers, some of which do not exist,
`podman inspect` should return an array of inspect results for
the objects that exist, then print a number of errors, one for
each object that could not be found. We were bailing after the
first error, and not printing output for the containers that
succeeded. (For reference, this applied to images as well). This
required a much more substantial set of changes to properly
handle - signatures for the inspect functions in ContainerEngine
and ImageEngine, plus the implementations of these interfaces,
plus the actual inspect frontend code needed to be adjusted to
use this.
Fixes #6556
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|/
|
|
|
|
|
| |
Init properly passed into specgen
Allow --init with --systemd=true but not --systemd=always.
Signed-off-by: Joseph Gooch <mrwizard@dok.org>
|
|\
| |
| | |
Merged request to fix -f to stop following logs
|
| |
| |
| |
| |
| |
| | |
Fix -f logs follow with stopped container. Close #6531
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
|\ \
| | |
| | | |
fix podman cp can create an extra directory when the source is the container's root directory
|
| | |
| | |
| | |
| | | |
Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a `--replace` flag to the `pod create` command. If another pod with
the same name already exists, it will be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a pod may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Note that the `--replace` flag does not require the `--name` flag to be
set, so it can be set unconditionally in `podman generate systemd`.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a `--replace` flag to the `container {create,run}` commands.
If another container with the same name already exists, it will
be replaced and removed.
Adding this flag is motivated by #5485 to make running Podman in systemd
units (or any other scripts/automation) more robust. In case of a
crash, a container may not be removed by a sytemd unit anymore. The
`--replace` flag allows for supporting crashes.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|/|
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|