| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |\ \
| | |
| | | |
Add restart --cidfile, --filter
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
--cidfile : Read container ID from the specified file and restart the container.
--filter : restart the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| | |
Accept a --amend flag in `podman manifest create`, and treat
`--insecure` as we would `--tls-verify=false` in `podman manifest`'s
"add", "create", and "push" subcommands.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Followup to #14613, which was never actually tested until this
week in RHEL8 gating tests (see issue #15337).
* add missing backslash in '|' expression
* allow extra text after error (e.g., "invalid argument")
No way to test this until it makes its way into RHEL8,
so, fingers crossed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Add compatibility support for --debug flag from docker
|
| | |/
| |
| |
| |
| |
| | |
This is another fix for https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
Add "podman kube generate" command
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
"podman kube generate" creates Kubernetes YAML from Podman containers,
pods or volumes. Users will still be able to use "podman generate
kube" as an alias of "kube generate".
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| | |/
|/|
| |
| |
| | |
Fixes one of the issues found in https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| |/
|/| |
remote manifest push: show copy progress
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
`podman-remote manifest push` has shown absolutely no progress at all.
Fix that by doing the same as the remote-push code does.
Like remote-push, `quiet` parameter is true by default for backwards
compatibility.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Integrate sd-notify policies into `kube play`. The policies can be
configured for all contianers via the `io.containers.sdnotify`
annotation or for indidivual containers via the
`io.containers.sdnotify/$name` annotation.
The `kube play` process will wait for all containers to be ready by
waiting for the individual `READY=1` messages which are received via
the `pkg/systemd/notifyproxy` proxy mechanism.
Also update the simple "container" sd-notify test as it did not fully
test the expected behavior which became obvious when adding the new
tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
The notify socket can now either be specified via an environment
variable or programatically (where the env is ignored). The
notify mode and the socket are now also displayed in `container inspect`
which comes in handy for debugging and allows for propper testing.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\
| |
| | |
I believe that these tests will now run with crun.
|
| | |
| |
| |
| | |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
podman generate spec
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
implement a new command `podman generate spec` which can formulate a json specgen to be consumed by both the pod
and container creation API.
supported flags are
--verbose (default true) print output to the terminal
--compact print the json output in a single line format to be piped to the API
--filename put the output in a file
--clone rename the pod/ctr in the spec so it won't conflict w/ an existing entity
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \
| | |
| | | |
[CI:DOCS]: update the podman logo
|
| | | |
| | |
| | |
| | |
| | |
| | | |
for podman/#15222
Signed-off-by: unknowndevQwQ <unknowndevQwQ@pm.me>
|
| |\ \ \
| | | |
| | | | |
Bump to Buildah v1.27.0
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Skip some newly added test for remote and modify error output of a test
case which is reporter early in case of podman.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
Output messages display rawInput
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`init`, `checkpint/restore` and `cleanup` command now display
output messages which is rawInput instead of a container ID.
Example:
```
$ podman init <container name>
<container name>
$ podman init <short container ID>
<short container ID>
```
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
e2e: Add rootless mount cleanup test
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
`podman run -d mount cleanup test` adapt to rootless environment.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \
| | | | |
| | | | | |
remove image podman no prune
|
| | |/ / /
| | | |
| | | |
| | | | |
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
start --filter flag changes
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Tying filtering logic for podman stop and start to same place in getContainersAndInputByContext() to reduce code redundancy
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| |\ \ \ \
| |_|_|/
|/| | | |
podman rmi: improve error message for build containers
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Improve the error message when attempting to remove an image that is in
use by an external/build container. Prior, the error only indicated
that the image was in use but did not aid in resolving the issue.
Fixes: #15006
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Drop a comment on using `chcon` to let the local rollback test pass.
It took me a while to understand why the test failed and future souls
may appreciated the extra breadcrumb.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Secret was populating a generated kube as `null`. Add omitempty
so that when the volume source is not a secret, we do not print unnecessary info
resolves #15156
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Add rm --filter option
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
--filter : remove the filtered container.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Cirrus: use dnf instead of rpm to install packages
|
| | | |/ /
| |/| |
| | | |
| | | | |
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
| |\ \ \ \
| | | | |
| | | | | |
Cirrus: Fix e2e tests for "mount_rootless_test"
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
e2e `mount_rootless_test` did not load `podman binary path` successfully.
This PR fix this problem.
[It] podman unshare podman mount:
```
[+1596s] Running: ... unshare mount <cid>
[+1596s] Error: exec: no command
[+1596s] output:
```
[It] podman unshare image podman mount:
```
[+1599s] Running: ... unshare image mount quay.io/libpod/alpine:latest
[+1599s] Error: exec: no command
[+1599s] output:
```
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The "podman kube down" reads in a structured file of
Kubernetes YAML and removes pods based on the Kubernetes kind described in the YAML,
similiar to "podman play kube --down". Users will still be able to use
"podman play kube --down" and "podman kube play --down" to
perform the same function.
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
|
| | |/
|/|
| |
| | |
Signed-off-by: Aditya R <arajan@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
The key used in the tests has expired. Remove the expiration date to
turn CI happy and green.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \
| | |
| | | |
Sigstore sign
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... primarily so that it can support OCI artifacts.
2.8 already seems to exist in the repo.
This requires changing WaitContainerReady to also check
stderr (ultimately because docker/distribution was
updated to a more recent sirupsen/logrus, which logs
by default to stderr instead of stdout).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
... instead of hard-coding a copy of the value.
Notably this makes hack/podman_registry actually
support the documented -i option.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
htpasswd is no longer included in docker.io/library/distribution
after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 ,
and we want to upgrade to a recent version.
At least system tests currently execute htpasswd from the OS,
so it seems that it is likely to be available.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |/
|
|
|
|
|
|
|
| |
local/remote mode.
Also Fix usage of flag "--compression-format" for remote "podman image push". Fix usage of flags "--format", "--remove-signatures" in remote "podman manifest push".
Closes #15109.
Signed-off-by: Romain Geissler <romain.geissler@amadeus.com>
|
