From b29a52a48a9cbe65f47cbdbb618366421ee851b5 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 12 Jul 2022 14:53:17 -0400 Subject: Docker uses "-c" to mean "--cpu-shares" in create and run Add support for -c as an alias for --cpu-shares to be compatible with Docker. Signed-off-by: Daniel J Walsh --- cmd/podman/common/create.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index 923d0517f..d2646aa43 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -849,9 +849,9 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, _ = cmd.RegisterFlagCompletionFunc(cpuRtRuntimeFlagName, completion.AutocompleteNone) cpuSharesFlagName := "cpu-shares" - createFlags.Uint64Var( + createFlags.Uint64VarP( &cf.CPUShares, - cpuSharesFlagName, 0, + cpuSharesFlagName, "c", 0, "CPU shares (relative weight)", ) _ = cmd.RegisterFlagCompletionFunc(cpuSharesFlagName, completion.AutocompleteNone) -- cgit v1.2.3-54-g00ecf From edfe80027144629f1881d02285f478f95fd27b56 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 12 Jul 2022 10:27:42 +0200 Subject: podman: move MaybeMoveToSubCgroup to utils/ Signed-off-by: Giuseppe Scrivano --- cmd/podman/system/service_abi.go | 23 +---------------------- utils/utils.go | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 22 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 6823d77ba..8d0240a8d 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -11,7 +11,6 @@ import ( "os" "path/filepath" - "github.com/containers/common/pkg/cgroups" "github.com/containers/podman/v4/cmd/podman/registry" api "github.com/containers/podman/v4/pkg/api/server" "github.com/containers/podman/v4/pkg/domain/entities" @@ -24,26 +23,6 @@ import ( "golang.org/x/sys/unix" ) -// maybeMoveToSubCgroup moves the current process in a sub cgroup when -// it is running in the root cgroup on a system that uses cgroupv2. -func maybeMoveToSubCgroup() error { - unifiedMode, err := cgroups.IsCgroup2UnifiedMode() - if err != nil { - return err - } - if !unifiedMode { - return nil - } - cgroup, err := utils.GetOwnCgroup() - if err != nil { - return err - } - if cgroup == "/" { - return utils.MoveUnderCgroupSubtree("init") - } - return nil -} - func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error { var ( listener net.Listener @@ -125,7 +104,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities return err } - if err := maybeMoveToSubCgroup(); err != nil { + if err := utils.MaybeMoveToSubCgroup(); err != nil { return err } diff --git a/utils/utils.go b/utils/utils.go index 997de150d..7cf28fda5 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -190,3 +190,23 @@ func MovePauseProcessToScope(pausePidPath string) { } } } + +// MaybeMoveToSubCgroup moves the current process in a sub cgroup when +// it is running in the root cgroup on a system that uses cgroupv2. +func MaybeMoveToSubCgroup() error { + unifiedMode, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + if !unifiedMode { + return nil + } + cgroup, err := GetOwnCgroup() + if err != nil { + return err + } + if cgroup == "/" { + return MoveUnderCgroupSubtree("init") + } + return nil +} -- cgit v1.2.3-54-g00ecf From 7b4ebfa657d605d0767be7ccb2607c923ce4311f Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 12 Jul 2022 11:47:30 +0200 Subject: podman: always call into SetupRootless Signed-off-by: Giuseppe Scrivano --- cmd/podman/common/completion.go | 3 +-- cmd/podman/root.go | 3 +-- pkg/domain/infra/abi/system.go | 4 ++++ 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/common/completion.go b/cmd/podman/common/completion.go index 6e6c33f9b..02369c74a 100644 --- a/cmd/podman/common/completion.go +++ b/cmd/podman/common/completion.go @@ -18,7 +18,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/signal" systemdDefine "github.com/containers/podman/v4/pkg/systemd/define" "github.com/containers/podman/v4/pkg/util" @@ -54,7 +53,7 @@ func setupContainerEngine(cmd *cobra.Command) (entities.ContainerEngine, error) cobra.CompErrorln(err.Error()) return nil, err } - if !registry.IsRemote() && rootless.IsRootless() { + if !registry.IsRemote() { _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess] err := containerEngine.SetupRootless(registry.Context(), noMoveProcess) diff --git a/cmd/podman/root.go b/cmd/podman/root.go index f28d92e2f..0520a0784 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -19,7 +19,6 @@ import ( "github.com/containers/podman/v4/pkg/checkpoint/crutils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/parallel" - "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/version" "github.com/sirupsen/logrus" "github.com/spf13/cobra" @@ -265,7 +264,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { // 2) running as non-root // 3) command doesn't require Parent Namespace _, found := cmd.Annotations[registry.ParentNSRequired] - if !registry.IsRemote() && rootless.IsRootless() && !found { + if !registry.IsRemote() && !found { _, noMoveProcess := cmd.Annotations[registry.NoMoveProcess] err := registry.ContainerEngine().SetupRootless(registry.Context(), noMoveProcess) if err != nil { diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 0faae01c8..eed80dd79 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -67,6 +67,10 @@ func (ic *ContainerEngine) Info(ctx context.Context) (*define.Info, error) { } func (ic *ContainerEngine) SetupRootless(_ context.Context, noMoveProcess bool) error { + if !rootless.IsRootless() { + return nil + } + // do it only after podman has already re-execed and running with uid==0. hasCapSysAdmin, err := unshare.HasCapSysAdmin() if err != nil { -- cgit v1.2.3-54-g00ecf From a4bae330a5bc76219598ffb25db7331705ff1cdd Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Wed, 13 Jul 2022 10:53:50 -0400 Subject: Add podman events -f to be alias for --filter Needed for Docker compatibility. Signed-off-by: Daniel J Walsh --- cmd/podman/system/events.go | 2 +- docs/source/markdown/podman-events.1.md | 4 ++-- test/system/090-events.bats | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/system/events.go b/cmd/podman/system/events.go index 09e589d3c..b04668f86 100644 --- a/cmd/podman/system/events.go +++ b/cmd/podman/system/events.go @@ -46,7 +46,7 @@ func init() { flags := eventsCommand.Flags() filterFlagName := "filter" - flags.StringArrayVar(&eventOptions.Filter, filterFlagName, []string{}, "filter output") + flags.StringArrayVarP(&eventOptions.Filter, filterFlagName, "f", []string{}, "filter output") _ = eventsCommand.RegisterFlagCompletionFunc(filterFlagName, common.AutocompleteEventFilter) formatFlagName := "format" diff --git a/docs/source/markdown/podman-events.1.md b/docs/source/markdown/podman-events.1.md index 5d5199e66..526a7fa10 100644 --- a/docs/source/markdown/podman-events.1.md +++ b/docs/source/markdown/podman-events.1.md @@ -77,7 +77,7 @@ The *volume* type will report the following statuses: ## OPTIONS -#### **--filter**=*filter* +#### **--filter**, **-f**=*filter* Filter events that are displayed. They must be in the format of "filter=value". The following filters are supported: @@ -129,7 +129,7 @@ $ podman events Show only Podman create events ``` -$ podman events --filter event=create +$ podman events -f event=create 2019-03-02 10:36:01.375685062 -0600 CST container create 20dc581f6fbf (image=docker.io/library/alpine:latest, name=sharp_morse) 2019-03-02 10:36:08.561188337 -0600 CST container create 58e7e002344c (image=k8s.gcr.io/pause:3.1, name=3e701f270d54-infra) 2019-03-02 10:36:13.146899437 -0600 CST volume create cad6dc50e087 (image=, name=cad6dc50e0879568e7d656bd004bd343d6035e7fc4024e1711506fe2fd459e6f) diff --git a/test/system/090-events.bats b/test/system/090-events.bats index 128802360..ceb53ae73 100644 --- a/test/system/090-events.bats +++ b/test/system/090-events.bats @@ -13,11 +13,11 @@ load helpers run_podman run --label $labelname=$labelvalue --name $cname --rm $IMAGE ls expect=".* container start [0-9a-f]\+ (image=$IMAGE, name=$cname,.* ${labelname}=${labelvalue}" - run_podman events --filter type=container --filter container=$cname --filter label=${labelname}=${labelvalue} --filter event=start --stream=false + run_podman events --filter type=container -f container=$cname --filter label=${labelname}=${labelvalue} --filter event=start --stream=false is "$output" "$expect" "filtering by container name and label" # Same thing, but without the container-name filter - run_podman events --filter type=container --filter label=${labelname}=${labelvalue} --filter event=start --stream=false + run_podman events -f type=container --filter label=${labelname}=${labelvalue} --filter event=start --stream=false is "$output" "$expect" "filtering just by label" # Now filter just by container name, no label -- cgit v1.2.3-54-g00ecf From 6d84a9952f1e5be1a187bcc6d9bbc2532331cfc8 Mon Sep 17 00:00:00 2001 From: Karthik Elango Date: Tue, 28 Jun 2022 15:31:20 -0400 Subject: Podman stop --filter flag Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy. Signed-off-by: Karthik Elango --- cmd/podman/containers/stop.go | 17 ++++++++++-- cmd/podman/validate/args.go | 7 +++++ docs/source/markdown/podman-stop.1.md | 24 +++++++++++++++++ pkg/api/handlers/compat/containers_stop.go | 2 -- pkg/domain/entities/containers.go | 1 + pkg/domain/infra/abi/containers.go | 31 +++++++++++++++++----- pkg/domain/infra/tunnel/containers.go | 6 ++--- pkg/domain/infra/tunnel/helpers.go | 14 ++++++---- test/e2e/stop_test.go | 42 ++++++++++++++++++++++++++++++ 9 files changed, 125 insertions(+), 19 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/containers/stop.go b/cmd/podman/containers/stop.go index 2ddd169a1..261f441c3 100644 --- a/cmd/podman/containers/stop.go +++ b/cmd/podman/containers/stop.go @@ -49,7 +49,9 @@ var ( ) var ( - stopOptions = entities.StopOptions{} + stopOptions = entities.StopOptions{ + Filters: make(map[string][]string), + } stopTimeout uint ) @@ -67,6 +69,10 @@ func stopFlags(cmd *cobra.Command) { flags.UintVarP(&stopTimeout, timeFlagName, "t", containerConfig.Engine.StopTimeout, "Seconds to wait for stop before killing the container") _ = cmd.RegisterFlagCompletionFunc(timeFlagName, completion.AutocompleteNone) + filterFlagName := "filter" + flags.StringSliceVarP(&filters, filterFlagName, "f", []string{}, "Filter output based on conditions given") + _ = cmd.RegisterFlagCompletionFunc(filterFlagName, common.AutocompletePsFilters) + if registry.IsRemote() { _ = flags.MarkHidden("cidfile") _ = flags.MarkHidden("ignore") @@ -97,7 +103,6 @@ func stop(cmd *cobra.Command, args []string) error { if cmd.Flag("time").Changed { stopOptions.Timeout = &stopTimeout } - for _, cidFile := range cidFiles { content, err := ioutil.ReadFile(cidFile) if err != nil { @@ -107,6 +112,14 @@ func stop(cmd *cobra.Command, args []string) error { args = append(args, id) } + for _, f := range filters { + split := strings.SplitN(f, "=", 2) + if len(split) < 2 { + return fmt.Errorf("invalid filter %q", f) + } + stopOptions.Filters[split[0]] = append(stopOptions.Filters[split[0]], split[1]) + } + responses, err := registry.ContainerEngine().ContainerStop(context.Background(), args, stopOptions) if err != nil { return err diff --git a/cmd/podman/validate/args.go b/cmd/podman/validate/args.go index 39eedca64..6d212665d 100644 --- a/cmd/podman/validate/args.go +++ b/cmd/podman/validate/args.go @@ -86,6 +86,13 @@ func CheckAllLatestAndIDFile(c *cobra.Command, args []string, ignoreArgLen bool, specifiedIDFile = true } + if c.Flags().Changed("filter") { + if argLen > 0 { + return errors.New("--filter takes no arguments") + } + return nil + } + if specifiedIDFile && (specifiedAll || specifiedLatest) { return fmt.Errorf("--all, --latest, and --%s cannot be used together", idFileFlag) } else if specifiedAll && specifiedLatest { diff --git a/docs/source/markdown/podman-stop.1.md b/docs/source/markdown/podman-stop.1.md index e35ab9182..cfc49afa1 100644 --- a/docs/source/markdown/podman-stop.1.md +++ b/docs/source/markdown/podman-stop.1.md @@ -25,6 +25,30 @@ Stop all running containers. This does not include paused containers. Read container ID from the specified file and remove the container. Can be specified multiple times. +#### **--filter**, **-f**=*filter* + +Filter what containers are going to be stopped. +Multiple filters can be given with multiple uses of the --filter flag. +Filters with the same key work inclusive with the only exception being +`label` which is exclusive. Filters with different keys always work exclusive. + +Valid filters are listed below: + +| **Filter** | **Description** | +| --------------- | -------------------------------------------------------------------------------- | +| id | [ID] Container's ID (accepts regex) | +| name | [Name] Container's name (accepts regex) | +| label | [Key] or [Key=Value] Label assigned to a container | +| exited | [Int] Container's exit code | +| status | [Status] Container's status: 'created', 'exited', 'paused', 'running', 'unknown' | +| ancestor | [ImageName] Image or descendant used to create container | +| before | [ID] or [Name] Containers created before this container | +| since | [ID] or [Name] Containers created since this container | +| volume | [VolumeName] or [MountpointDestination] Volume mounted in container | +| health | [Status] healthy or unhealthy | +| pod | [Pod] name or full or partial ID of pod | +| network | [Network] name or full ID of network | + #### **--ignore**, **-i** Ignore errors when specified containers are not in the container store. A user diff --git a/pkg/api/handlers/compat/containers_stop.go b/pkg/api/handlers/compat/containers_stop.go index 33bb3a679..c9a27dd83 100644 --- a/pkg/api/handlers/compat/containers_stop.go +++ b/pkg/api/handlers/compat/containers_stop.go @@ -33,9 +33,7 @@ func StopContainer(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } - name := utils.GetName(r) - options := entities.StopOptions{ Ignore: query.Ignore, } diff --git a/pkg/domain/entities/containers.go b/pkg/domain/entities/containers.go index 17408f12f..934a7cbdc 100644 --- a/pkg/domain/entities/containers.go +++ b/pkg/domain/entities/containers.go @@ -80,6 +80,7 @@ type PauseUnpauseReport struct { } type StopOptions struct { + Filters map[string][]string All bool Ignore bool Latest bool diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index 23a591604..04eb85504 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -37,12 +37,29 @@ import ( ) // getContainersAndInputByContext gets containers whether all, latest, or a slice of names/ids -// is specified. It also returns a list of the corresponding input name used to look up each container. -func getContainersAndInputByContext(all, latest bool, names []string, runtime *libpod.Runtime) (ctrs []*libpod.Container, rawInput []string, err error) { +// is specified. It also returns a list of the corresponding input name used to lookup each container. +func getContainersAndInputByContext(all, latest bool, names []string, filters map[string][]string, runtime *libpod.Runtime) (ctrs []*libpod.Container, rawInput []string, err error) { var ctr *libpod.Container ctrs = []*libpod.Container{} + filterFuncs := make([]libpod.ContainerFilter, 0, len(filters)) switch { + case len(filters) > 0: + for k, v := range filters { + generatedFunc, err := dfilters.GenerateContainerFilterFuncs(k, v, runtime) + if err != nil { + return nil, nil, err + } + filterFuncs = append(filterFuncs, generatedFunc) + } + ctrs, err = runtime.GetContainers(filterFuncs...) + if err != nil { + return nil, nil, err + } + rawInput = []string{} + for _, candidate := range ctrs { + rawInput = append(rawInput, candidate.ID()) + } case all: ctrs, err = runtime.GetAllContainers() case latest: @@ -66,13 +83,13 @@ func getContainersAndInputByContext(all, latest bool, names []string, runtime *l } } } - return + return ctrs, rawInput, err } // getContainersByContext gets containers whether all, latest, or a slice of names/ids // is specified. func getContainersByContext(all, latest bool, names []string, runtime *libpod.Runtime) (ctrs []*libpod.Container, err error) { - ctrs, _, err = getContainersAndInputByContext(all, latest, names, runtime) + ctrs, _, err = getContainersAndInputByContext(all, latest, names, nil, runtime) return } @@ -150,7 +167,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st } func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []string, options entities.StopOptions) ([]*entities.StopReport, error) { names := namesOrIds - ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, names, ic.Libpod) + ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, names, options.Filters, ic.Libpod) if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) { return nil, err } @@ -228,7 +245,7 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin if err != nil { return nil, err } - ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, ic.Libpod) + ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, namesOrIds, nil, ic.Libpod) if err != nil { return nil, err } @@ -874,7 +891,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri } } } - ctrs, rawInputs, err := getContainersAndInputByContext(all, options.Latest, containersNamesOrIds, ic.Libpod) + ctrs, rawInputs, err := getContainersAndInputByContext(all, options.Latest, containersNamesOrIds, options.Filters, ic.Libpod) if err != nil { return nil, err } diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index 5568ccde8..fcabff7c4 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -91,8 +91,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st } func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []string, opts entities.StopOptions) ([]*entities.StopReport, error) { - reports := []*entities.StopReport{} - ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, opts.Ignore, namesOrIds) + ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, opts.Ignore, namesOrIds, opts.Filters) if err != nil { return nil, err } @@ -104,6 +103,7 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin if to := opts.Timeout; to != nil { options.WithTimeout(*to) } + reports := []*entities.StopReport{} for _, c := range ctrs { report := entities.StopReport{ Id: c.ID, @@ -134,7 +134,7 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin } func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []string, opts entities.KillOptions) ([]*entities.KillReport, error) { - ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, false, namesOrIds) + ctrs, rawInputs, err := getContainersAndInputByContext(ic.ClientCtx, opts.All, false, namesOrIds, nil) if err != nil { return nil, err } diff --git a/pkg/domain/infra/tunnel/helpers.go b/pkg/domain/infra/tunnel/helpers.go index 24b2b619d..9ff1641f0 100644 --- a/pkg/domain/infra/tunnel/helpers.go +++ b/pkg/domain/infra/tunnel/helpers.go @@ -15,25 +15,29 @@ import ( // FIXME: the `ignore` parameter is very likely wrong here as it should rather // be used on *errors* from operations such as remove. func getContainersByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string) ([]entities.ListContainer, error) { - ctrs, _, err := getContainersAndInputByContext(contextWithConnection, all, ignore, namesOrIDs) + ctrs, _, err := getContainersAndInputByContext(contextWithConnection, all, ignore, namesOrIDs, nil) return ctrs, err } -func getContainersAndInputByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string) ([]entities.ListContainer, []string, error) { +func getContainersAndInputByContext(contextWithConnection context.Context, all, ignore bool, namesOrIDs []string, filters map[string][]string) ([]entities.ListContainer, []string, error) { if all && len(namesOrIDs) > 0 { return nil, nil, errors.New("cannot look up containers and all") } - options := new(containers.ListOptions).WithAll(true).WithSync(true) + options := new(containers.ListOptions).WithAll(true).WithSync(true).WithFilters(filters) allContainers, err := containers.List(contextWithConnection, options) if err != nil { return nil, nil, err } rawInputs := []string{} - if all { + switch { + case len(filters) > 0: + for i := range allContainers { + namesOrIDs = append(namesOrIDs, allContainers[i].ID) + } + case all: for i := range allContainers { rawInputs = append(rawInputs, allContainers[i].ID) } - return allContainers, rawInputs, err } diff --git a/test/e2e/stop_test.go b/test/e2e/stop_test.go index 97d8ba701..7a258466a 100644 --- a/test/e2e/stop_test.go +++ b/test/e2e/stop_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "io/ioutil" "os" "strings" @@ -363,4 +364,45 @@ var _ = Describe("Podman stop", func() { Expect(session).Should(Exit(0)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) + + It("podman stop --filter", func() { + session1 := podmanTest.Podman([]string{"container", "create", ALPINE}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid1 := session1.OutputToString() + + session1 = podmanTest.Podman([]string{"container", "create", ALPINE}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid2 := session1.OutputToString() + + session1 = podmanTest.Podman([]string{"container", "create", ALPINE}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + cid3 := session1.OutputToString() + shortCid3 := cid3[0:5] + + session1 = podmanTest.Podman([]string{"start", "--all"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + + session1 = podmanTest.Podman([]string{"stop", cid1, "-f", "status=running"}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(125)) + + session1 = podmanTest.Podman([]string{"stop", "-a", "--filter", fmt.Sprintf("id=%swrongid", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(HaveLen(0)) + + session1 = podmanTest.Podman([]string{"stop", "-a", "--filter", fmt.Sprintf("id=%s", shortCid3)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid3)) + + session1 = podmanTest.Podman([]string{"stop", "-f", fmt.Sprintf("id=%s", cid2)}) + session1.WaitWithDefaultTimeout() + Expect(session1).Should(Exit(0)) + Expect(session1.OutputToString()).To(BeEquivalentTo(cid2)) + }) }) -- cgit v1.2.3-54-g00ecf From 53edd9b654d558ff769286ef948ab0f6a23c68cc Mon Sep 17 00:00:00 2001 From: Jake Correnti Date: Wed, 13 Jul 2022 21:41:16 -0400 Subject: Podman pull --all-tags shorthand option I added the shorthand option for `podman pull --all-tags`. Like Docker, Podman can now do `podman pull -a`. Signed-off-by: Jake Correnti --- cmd/podman/images/pull.go | 2 +- docs/source/markdown/podman-pull.1.md | 2 +- test/e2e/pull_test.go | 9 +++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go index 6e3ec1517..8211ceba5 100644 --- a/cmd/podman/images/pull.go +++ b/cmd/podman/images/pull.go @@ -77,7 +77,7 @@ func init() { func pullFlags(cmd *cobra.Command) { flags := cmd.Flags() - flags.BoolVar(&pullOptions.AllTags, "all-tags", false, "All tagged images in the repository will be pulled") + flags.BoolVarP(&pullOptions.AllTags, "all-tags", "a", false, "All tagged images in the repository will be pulled") credsFlagName := "creds" flags.StringVar(&pullOptions.CredentialsCLI, credsFlagName, "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry") diff --git a/docs/source/markdown/podman-pull.1.md b/docs/source/markdown/podman-pull.1.md index 928bbc6fe..99e227226 100644 --- a/docs/source/markdown/podman-pull.1.md +++ b/docs/source/markdown/podman-pull.1.md @@ -43,7 +43,7 @@ $ podman pull oci-archive:/tmp/myimage ``` ## OPTIONS -#### **--all-tags** +#### **--all-tags**, **-a** All tagged images in the repository will be pulled. diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 04b7a280d..12f14fdc8 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -108,6 +108,15 @@ var _ = Describe("Podman pull", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(len(session.OutputToStringArray())).To(BeNumerically(">=", 2), "Expected at least two images") + + session = podmanTest.Podman([]string{"pull", "-a", "quay.io/libpod/testdigest_v2s2"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"images"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(len(session.OutputToStringArray())).To(BeNumerically(">=", 2), "Expected at least two images") }) It("podman pull from docker with nonexistent --authfile", func() { -- cgit v1.2.3-54-g00ecf From e4b82c77f7214a6d69c2a6112900dae92d505dc6 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 14 Jul 2022 13:32:55 -0400 Subject: Add --host and -H as equivalent options to --url Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh --- cmd/podman/registry/remote.go | 10 +++++----- cmd/podman/root.go | 2 ++ test/system/250-systemd.bats | 19 +++++++++++++++++++ 3 files changed, 26 insertions(+), 5 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go index 181ef6b4a..afe32e0b9 100644 --- a/cmd/podman/registry/remote.go +++ b/cmd/podman/registry/remote.go @@ -31,11 +31,11 @@ func IsRemote() bool { fs.SetInterspersed(false) fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", remote, "") connectionFlagName := "connection" - ignoredConnection := "" - fs.StringVarP(&ignoredConnection, connectionFlagName, "c", "", "") + fs.StringP(connectionFlagName, "c", "", "") + hostFlagName := "host" + fs.StringP(hostFlagName, "H", "", "") urlFlagName := "url" - ignoredURL := "" - fs.StringVar(&ignoredURL, urlFlagName, "", "") + fs.String(urlFlagName, "", "") // The shell completion logic will call a command called "__complete" or "__completeNoDesc" // This command will always be the second argument @@ -46,7 +46,7 @@ func IsRemote() bool { } _ = fs.Parse(os.Args[start:]) // --connection or --url implies --remote - remoteFromCLI.Value = remoteFromCLI.Value || fs.Changed(connectionFlagName) || fs.Changed(urlFlagName) + remoteFromCLI.Value = remoteFromCLI.Value || fs.Changed(connectionFlagName) || fs.Changed(urlFlagName) || fs.Changed(hostFlagName) }) return podmanOptions.EngineMode == entities.TunnelMode || remoteFromCLI.Value } diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 0520a0784..48f8470be 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -345,6 +345,8 @@ func rootFlags(cmd *cobra.Command, opts *entities.PodmanConfig) { urlFlagName := "url" lFlags.StringVar(&opts.URI, urlFlagName, uri, "URL to access Podman service (CONTAINER_HOST)") _ = cmd.RegisterFlagCompletionFunc(urlFlagName, completion.AutocompleteDefault) + lFlags.StringVarP(&opts.URI, "host", "H", uri, "Used for Docker compatibility") + _ = lFlags.MarkHidden("host") // Context option added just for compatibility with DockerCLI. lFlags.String("context", "default", "Name of the context to use to connect to the daemon (This flag is a NOOP and provided solely for scripting compatibility.)") diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index fc3c33975..70ae76eb8 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -400,4 +400,23 @@ EOF run_podman rm -f -t 0 $cname } +@test "podman-system-service containers --host" { + skip_if_remote "N/A under podman-remote" + + SERVICE_NAME=podman-service-$(random_string) + port=$(random_free_port) + URL=tcp://127.0.0.1:$port + + systemd-run --unit=$SERVICE_NAME $PODMAN system service $URL --time=0 + wait_for_port 127.0.0.1 $port + + run_podman --host $URL run --rm $IMAGE true + run_podman -H $URL run --rm $IMAGE true + + systemctl stop $SERVICE_NAME + + # Make sure the option is actually connecting + run_podman 125 --host $URL run --rm $IMAGE true + assert "$output" =~ "Cannot connect to Podman.*connection refused" +} # vim: filetype=sh -- cgit v1.2.3-54-g00ecf From 6057db75d81101fcfe2e63debedd8d0029461de4 Mon Sep 17 00:00:00 2001 From: Toshiki Sonoda Date: Tue, 19 Jul 2022 10:00:53 +0900 Subject: Remove return error from "containers.pause" When we pause `rootless cgroups v1 container`, podman returns error from `libpod.(*Container).pause`. Podman does not need to return error from `containers.pause` because of duplicate. [NO NEW TESTS NEEDED] Signed-off-by: Toshiki Sonoda --- cmd/podman/containers/pause.go | 8 -------- 1 file changed, 8 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/containers/pause.go b/cmd/podman/containers/pause.go index 3c26fd5c8..af6f740f2 100644 --- a/cmd/podman/containers/pause.go +++ b/cmd/podman/containers/pause.go @@ -5,12 +5,10 @@ import ( "errors" "fmt" - "github.com/containers/common/pkg/cgroups" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/containers/podman/v4/pkg/rootless" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -65,12 +63,6 @@ func pause(cmd *cobra.Command, args []string) error { var ( errs utils.OutputErrors ) - if rootless.IsRootless() && !registry.IsRemote() { - cgroupv2, _ := cgroups.IsCgroup2UnifiedMode() - if !cgroupv2 { - return errors.New("pause is not supported for cgroupv1 rootless containers") - } - } if len(args) < 1 && !pauseOpts.All { return errors.New("you must provide at least one container name or id") -- cgit v1.2.3-54-g00ecf From 69fcf04c69068a0610a496d479dba86d46f0901f Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 21 Jul 2022 11:41:13 +0200 Subject: fix some pkg/machine/e2e test to read stderr Also fix the machine ssh code order to provide a better error message. Signed-off-by: Paul Holzinger --- cmd/podman/machine/ssh.go | 9 +++++---- pkg/machine/e2e/ssh_test.go | 6 ++---- 2 files changed, 7 insertions(+), 8 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index cb2f62f51..8534b8efa 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -80,6 +80,11 @@ func ssh(cmd *cobra.Command, args []string) error { } } + vm, err = provider.LoadVMByName(vmName) + if err != nil { + return fmt.Errorf("vm %s not found: %w", vmName, err) + } + if !validVM && sshOpts.Username == "" { sshOpts.Username, err = remoteConnectionUsername() if err != nil { @@ -87,10 +92,6 @@ func ssh(cmd *cobra.Command, args []string) error { } } - vm, err = provider.LoadVMByName(vmName) - if err != nil { - return fmt.Errorf("vm %s not found: %w", vmName, err) - } err = vm.SSH(vmName, sshOpts) return utils.HandleOSExecError(err) } diff --git a/pkg/machine/e2e/ssh_test.go b/pkg/machine/e2e/ssh_test.go index 6d23a024e..52d714c91 100644 --- a/pkg/machine/e2e/ssh_test.go +++ b/pkg/machine/e2e/ssh_test.go @@ -25,8 +25,7 @@ var _ = Describe("podman machine ssh", func() { session, err := mb.setName(name).setCmd(ssh).run() Expect(err).To(BeNil()) Expect(session).To(Exit(125)) - // TODO seems like stderr is not being returned; re-enabled when fixed - // Expect(session.outputToString()).To(ContainSubstring("not exist")) + Expect(session.errorToString()).To(ContainSubstring("not exist")) }) It("ssh to non-running machine", func() { @@ -39,8 +38,7 @@ var _ = Describe("podman machine ssh", func() { ssh := sshMachine{} sshSession, err := mb.setName(name).setCmd(ssh).run() Expect(err).To(BeNil()) - // TODO seems like stderr is not being returned; re-enabled when fixed - // Expect(sshSession.outputToString()).To(ContainSubstring("is not running")) + Expect(sshSession.errorToString()).To(ContainSubstring("is not running")) Expect(sshSession).To(Exit(125)) }) -- cgit v1.2.3-54-g00ecf From cbcbde587de9f14e696be9a58d6e36c7c45e926d Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Thu, 21 Jul 2022 11:57:23 +0200 Subject: pkg/machine/e2e: do not import from cmd/podman The same problem again as 4374038cc67405e3f5555b1870d5bb7f6570fa5d. Also fix the incorrect --format autocompletion struct. It should be avoided to import cmd/podman/... packages from outside of cmd/podman. This can lead in weird hard to debug import paths but also can have negative consequences when imported in unit tests. In this case it will set XDG_CONFIG_HOME and thus the machine tests this dir over the tmp HOME env variable which is set at a later point. This caused machine files to be leaked into the actual users home dir. Signed-off-by: Paul Holzinger --- cmd/podman/machine/info.go | 29 +++++------------------------ pkg/domain/entities/machine.go | 22 ++++++++++++++++++++++ pkg/machine/e2e/info_test.go | 4 ++-- 3 files changed, 29 insertions(+), 26 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/machine/info.go b/cmd/podman/machine/info.go index 9932027d8..418060675 100644 --- a/cmd/podman/machine/info.go +++ b/cmd/podman/machine/info.go @@ -16,6 +16,7 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/machine" "github.com/ghodss/yaml" "github.com/spf13/cobra" @@ -40,26 +41,6 @@ var ( inFormat string ) -// Info contains info on the machine host and version info -type Info struct { - Host *HostInfo `json:"Host"` - Version define.Version `json:"Version"` -} - -// HostInfo contains info on the machine host -type HostInfo struct { - Arch string `json:"Arch"` - CurrentMachine string `json:"CurrentMachine"` - DefaultMachine string `json:"DefaultMachine"` - EventsDir string `json:"EventsDir"` - MachineConfigDir string `json:"MachineConfigDir"` - MachineImageDir string `json:"MachineImageDir"` - MachineState string `json:"MachineState"` - NumberOfMachines int `json:"NumberOfMachines"` - OS string `json:"OS"` - VMType string `json:"VMType"` -} - func init() { registry.Commands = append(registry.Commands, registry.CliCommand{ Command: infoCmd, @@ -69,11 +50,11 @@ func init() { flags := infoCmd.Flags() formatFlagName := "format" flags.StringVarP(&inFormat, formatFlagName, "f", "", "Change the output format to JSON or a Go template") - _ = infoCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&define.Info{})) + _ = infoCmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteFormat(&entities.MachineInfo{})) } func info(cmd *cobra.Command, args []string) error { - info := Info{} + info := entities.MachineInfo{} version, err := define.GetVersion() if err != nil { return fmt.Errorf("error getting version info %w", err) @@ -112,8 +93,8 @@ func info(cmd *cobra.Command, args []string) error { return nil } -func hostInfo() (*HostInfo, error) { - host := HostInfo{} +func hostInfo() (*entities.MachineHostInfo, error) { + host := entities.MachineHostInfo{} host.Arch = runtime.GOARCH host.OS = runtime.GOOS diff --git a/pkg/domain/entities/machine.go b/pkg/domain/entities/machine.go index 6ba53dbd1..4fd0413c9 100644 --- a/pkg/domain/entities/machine.go +++ b/pkg/domain/entities/machine.go @@ -1,5 +1,7 @@ package entities +import "github.com/containers/podman/v4/libpod/define" + type ListReporter struct { Name string Default bool @@ -16,3 +18,23 @@ type ListReporter struct { RemoteUsername string IdentityPath string } + +// MachineInfo contains info on the machine host and version info +type MachineInfo struct { + Host *MachineHostInfo `json:"Host"` + Version define.Version `json:"Version"` +} + +// MachineHostInfo contains info on the machine host +type MachineHostInfo struct { + Arch string `json:"Arch"` + CurrentMachine string `json:"CurrentMachine"` + DefaultMachine string `json:"DefaultMachine"` + EventsDir string `json:"EventsDir"` + MachineConfigDir string `json:"MachineConfigDir"` + MachineImageDir string `json:"MachineImageDir"` + MachineState string `json:"MachineState"` + NumberOfMachines int `json:"NumberOfMachines"` + OS string `json:"OS"` + VMType string `json:"VMType"` +} diff --git a/pkg/machine/e2e/info_test.go b/pkg/machine/e2e/info_test.go index 759beecb5..fe0cfba32 100644 --- a/pkg/machine/e2e/info_test.go +++ b/pkg/machine/e2e/info_test.go @@ -1,7 +1,7 @@ package e2e_test import ( - "github.com/containers/podman/v4/cmd/podman/machine" + "github.com/containers/podman/v4/pkg/domain/entities" jsoniter "github.com/json-iterator/go" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -51,7 +51,7 @@ var _ = Describe("podman machine info", func() { Expect(err).NotTo(HaveOccurred()) Expect(infoSession).Should(Exit(0)) - infoReport := &machine.Info{} + infoReport := &entities.MachineInfo{} err = jsoniter.Unmarshal(infoSession.Bytes(), infoReport) Expect(err).To(BeNil()) }) -- cgit v1.2.3-54-g00ecf From c7fef73166d4a5b91bdcfe34285b81e1a625be61 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 22 Jul 2022 13:46:28 +0200 Subject: docs: remove CNI word where it is not applicable Most network commands/features work with both netavark and CNI. When we added added netavark most docs were not vetted and thus still use CNI network, it should just say network. Fixes #14990 Signed-off-by: Paul Holzinger --- cmd/podman/networks/create.go | 2 +- cmd/podman/networks/inspect.go | 4 ++-- commands-demo.md | 14 +++++++------- docs/source/markdown/podman-create.1.md | 9 ++++++--- docs/source/markdown/podman-network-connect.1.md | 10 +++++----- docs/source/markdown/podman-network-create.1.md | 12 +++++------- docs/source/markdown/podman-network-inspect.1.md | 6 +++--- docs/source/markdown/podman-network-ls.1.md | 6 +++--- docs/source/markdown/podman-network-rm.1.md | 6 +++--- docs/source/markdown/podman-network.1.md | 2 +- docs/source/markdown/podman-play-kube.1.md | 2 +- docs/source/markdown/podman-pod-create.1.md | 9 ++++++--- docs/source/markdown/podman-run.1.md | 9 ++++++--- docs/tutorials/basic_networking.md | 6 +++--- 14 files changed, 52 insertions(+), 45 deletions(-) (limited to 'cmd/podman') diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 2cf7023f3..8b0ebeb2b 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -17,7 +17,7 @@ import ( ) var ( - networkCreateDescription = `create CNI networks for containers and pods` + networkCreateDescription = `create networks for containers and pods` networkCreateCommand = &cobra.Command{ Use: "create [options] [NAME]", Short: "network create", diff --git a/cmd/podman/networks/inspect.go b/cmd/podman/networks/inspect.go index 1a8444147..14f62cbd1 100644 --- a/cmd/podman/networks/inspect.go +++ b/cmd/podman/networks/inspect.go @@ -13,8 +13,8 @@ var ( networkinspectDescription = `Inspect network` networkinspectCommand = &cobra.Command{ Use: "inspect [options] NETWORK [NETWORK...]", - Short: "Displays the raw CNI network configuration for one or more networks.", - Long: networkinspectDescription, + Long: "Displays the network configuration for one or more networks.", + Short: networkinspectDescription, RunE: networkInspect, Example: `podman network inspect podman`, Args: cobra.MinimumNArgs(1), diff --git a/commands-demo.md b/commands-demo.md index c1413dd9e..dac279192 100644 --- a/commands-demo.md +++ b/commands-demo.md @@ -45,13 +45,13 @@ | [podman-logout(1)](https://podman.readthedocs.io/en/latest/markdown/podman-logout.1.html) | Logout of a container registry | | [podman-logs(1)](https://podman.readthedocs.io/en/latest/markdown/podman-logs.1.html) | Display the logs of one or more containers | | [podman-mount(1)](https://podman.readthedocs.io/en/latest/markdown/podman-mount.1.html) | Mount a working container's root filesystem | -| [podman-network(1)](https://podman.readthedocs.io/en/latest/network.html) | Manage Podman CNI networks | -| [podman-network-create(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-create.1.html) | Create a CNI network | -| [podman-network-connect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-connect.1.html) | Connect a container to a CNI network | -| [podman-network-disconnect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-disconnect.1.html) | Disconnect a container from a CNI network | -| [podman-network-inspect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-inspect.1.html) | Displays the raw CNI network configuration for one or more networks | -| [podman-network-ls(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-ls.1.html) | Display a summary of CNI networks | -| [podman-network-rm(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-rm.1.html) | Remove one or more CNI networks | +| [podman-network(1)](https://podman.readthedocs.io/en/latest/network.html) | Manage Podman networks | +| [podman-network-create(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-create.1.html) | Create a network | +| [podman-network-connect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-connect.1.html) | Connect a container to a network | +| [podman-network-disconnect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-disconnect.1.html) | Disconnect a container from a network | +| [podman-network-inspect(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-inspect.1.html) | Displays the network configuration for one or more networks | +| [podman-network-ls(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-ls.1.html) | Display a summary of networks | +| [podman-network-rm(1)](https://podman.readthedocs.io/en/latest/markdown/podman-network-rm.1.html) | Remove one or more networks | | [podman-pause(1)](https://podman.readthedocs.io/en/latest/markdown/podman-pause.1.html) | Pause one or more running containers | [![...](/docs/source/markdown/play.png)](https://podman.io/asciinema/podman/pause_unpause/) | [Here](https://github.com/containers/Demos/blob/master/podman_cli/podman_pause_unpause.sh) | | [podman-play(1)](https://podman.readthedocs.io/en/latest/play.html) | Play a pod | | [podman-play-kube(1)](https://podman.readthedocs.io/en/latest/markdown/podman-play-kube.1.html) | Create pods and containers based on Kubernetes YAML | diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 67bb573e2..6a951b421 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -738,9 +738,12 @@ Valid _mode_ values are: #### **--network-alias**=*alias* -Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a name only for a specific network, use the alias option as described under the **--network** option. -Network aliases work only with the bridge networking mode. This option can be specified multiple times. -NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release. +Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a +name only for a specific network, use the alias option as described under the **--network** option. +If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} `), +these aliases can be used for name resolution on the given network. This option can be specified multiple times. +NOTE: When using CNI a container will only have access to aliases on the first network that it joins. This limitation does +not exist with netavark/aardvark-dns. #### **--no-healthcheck** diff --git a/docs/source/markdown/podman-network-connect.1.md b/docs/source/markdown/podman-network-connect.1.md index c3eef4038..d1718b812 100644 --- a/docs/source/markdown/podman-network-connect.1.md +++ b/docs/source/markdown/podman-network-connect.1.md @@ -12,10 +12,10 @@ Once connected, the container can communicate with other containers in the same ## OPTIONS #### **--alias**=*name* -Add network-scoped alias for the container. If the network is using the `dnsname` CNI plugin, these aliases -can be used for name resolution on the given network. Multiple *--alias* options may be specified as input. -NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation -that will be removed in a later release. +Add network-scoped alias for the container. If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} `), +these aliases can be used for name resolution on the given network. Multiple *--alias* options may be specified as input. +NOTE: When using CNI a container will only have access to aliases on the first network that it joins. This limitation does +not exist with netavark/aardvark-dns. #### **--ip**=*address* Set a static ipv4 address for this container on this network. @@ -44,7 +44,7 @@ podman network connect --ip 10.89.1.13 test web ``` ## SEE ALSO -**[podman(1)](podman.1.md)**, **[podman-network(1)](podman-network.1.md)**, **[podman-network-disconnect(1)](podman-network-disconnect.1.md)** +**[podman(1)](podman.1.md)**, **[podman-network(1)](podman-network.1.md)**, **[podman-network-inspect(1)](podman-network-inspect.1.md)**, **[podman-network-disconnect(1)](podman-network-disconnect.1.md)** ## HISTORY November 2020, Originally compiled by Brent Baude diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 0ccc540f8..3836ea05c 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -7,11 +7,9 @@ podman\-network-create - Create a Podman network **podman network create** [*options*] [*name*] ## DESCRIPTION -Create a CNI-network configuration for use with Podman. By default, Podman creates a bridge connection. +Create a network configuration for use with Podman. By default, Podman creates a bridge connection. A *Macvlan* connection can be created with the *-d macvlan* option. A parent device for macvlan can -be designated with the *-o parent=``* option. In the case of *Macvlan* connections, the -CNI *dhcp* plugin needs to be activated or the container image must have a DHCP client to interact -with the host network's DHCP server. +be designated with the *-o parent=``* option. If no options are provided, Podman will assign a free subnet and name for your network. @@ -54,7 +52,7 @@ The argument order of the **--subnet**, **--gateway** and **--ip-range** options Set the ipam driver (IP Address Management Driver) for the network. When unset podman will choose an ipam driver automatically based on the network driver. Valid values are: - `host-local`: IP addresses are assigned locally. - - `dhcp`: IP addresses are assigned from a dhcp server on your network. This driver is not yet supported with netavark. + - `dhcp`: IP addresses are assigned from a dhcp server on your network. This driver is not yet supported with netavark. For CNI the *dhcp* plugin needs to be activated before. - `none`: No ip addresses are assigned to the interfaces. You can see the driver in the **podman network inspect** output under the `ipam_options` field. @@ -94,7 +92,7 @@ This is useful to set a static ipv4 and ipv6 subnet. Create a network with no options. ``` $ podman network create -cni-podman2 +podman2 ``` Create a network named *newnet* that uses *192.5.0.0/16* for its subnet. @@ -118,7 +116,7 @@ newnet Create a network that uses a *192.168.55.0/24** subnet and has an IP address range of *192.168.55.129 - 192.168.55.254*. ``` $ podman network create --subnet 192.168.55.0/24 --ip-range 192.168.55.128/25 -cni-podman5 +podman5 ``` Create a network with a static ipv4 and ipv6 subnet and set a gateway. diff --git a/docs/source/markdown/podman-network-inspect.1.md b/docs/source/markdown/podman-network-inspect.1.md index ba9cc94d5..2ba4a63cb 100644 --- a/docs/source/markdown/podman-network-inspect.1.md +++ b/docs/source/markdown/podman-network-inspect.1.md @@ -1,13 +1,13 @@ % podman-network-inspect(1) ## NAME -podman\-network\-inspect - Displays the raw network configuration for one or more networks +podman\-network\-inspect - Displays the network configuration for one or more networks ## SYNOPSIS **podman network inspect** [*options*] *network* [*network* ...] ## DESCRIPTION -Display the raw (JSON format) network configuration. +Display the (JSON format) network configuration. ## OPTIONS #### **--format**, **-f**=*format* @@ -40,7 +40,7 @@ $ podman network inspect podman "name": "podman", "id": "2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9", "driver": "bridge", - "network_interface": "cni-podman0", + "network_interface": "podman0", "created": "2021-06-03T12:04:33.088567413+02:00", "subnets": [ { diff --git a/docs/source/markdown/podman-network-ls.1.md b/docs/source/markdown/podman-network-ls.1.md index 3c696d404..c7ea24b9b 100644 --- a/docs/source/markdown/podman-network-ls.1.md +++ b/docs/source/markdown/podman-network-ls.1.md @@ -77,8 +77,8 @@ Display networks $ podman network ls NETWORK ID NAME DRIVER 88a7120ee19d podman bridge -6dd508dbf8cd cni-podman6 bridge -8e35c2cd3bf6 cni-podman5 macvlan +6dd508dbf8cd podman6 bridge +8e35c2cd3bf6 podman5 macvlan ``` Display only network names @@ -101,7 +101,7 @@ List networks with their subnets ``` $ podman network ls --format "{{.Name}}: {{range .Subnets}}{{.Subnet}} {{end}}" podman: 10.88.0.0/16 -cni-podman3: 10.89.30.0/24 fde4:f86f:4aab:e68f::/64 +podman3: 10.89.30.0/24 fde4:f86f:4aab:e68f::/64 macvlan: ``` diff --git a/docs/source/markdown/podman-network-rm.1.md b/docs/source/markdown/podman-network-rm.1.md index c6e33c571..880f1d0c7 100644 --- a/docs/source/markdown/podman-network-rm.1.md +++ b/docs/source/markdown/podman-network-rm.1.md @@ -21,11 +21,11 @@ Seconds to wait before forcibly stopping the running containers that are using t ## EXAMPLE -Delete the `cni-podman9` network +Delete the `podman9` network ``` -# podman network rm cni-podman9 -Deleted: cni-podman9 +# podman network rm podman9 +Deleted: podman9 ``` Delete the `fred` network and all containers associated with the network. diff --git a/docs/source/markdown/podman-network.1.md b/docs/source/markdown/podman-network.1.md index bc75cce3b..f58bd5d5c 100644 --- a/docs/source/markdown/podman-network.1.md +++ b/docs/source/markdown/podman-network.1.md @@ -27,7 +27,7 @@ so networks have to be created again after a backend change. | create | [podman-network-create(1)](podman-network-create.1.md) | Create a Podman network | | disconnect | [podman-network-disconnect(1)](podman-network-disconnect.1.md) | Disconnect a container from a network | | exists | [podman-network-exists(1)](podman-network-exists.1.md) | Check if the given network exists | -| inspect | [podman-network-inspect(1)](podman-network-inspect.1.md) | Displays the raw network configuration for one or more networks | +| inspect | [podman-network-inspect(1)](podman-network-inspect.1.md) | Displays the network configuration for one or more networks | | ls | [podman-network-ls(1)](podman-network-ls.1.md) | Display a summary of networks | | prune | [podman-network-prune(1)](podman-network-prune.1.md) | Remove all unused networks | | reload | [podman-network-reload(1)](podman-network-reload.1.md) | Reload network configuration for containers | diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 66341d875..af44b6eb2 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -333,7 +333,7 @@ $ podman play kube demo.yml --network net1:ip=10.89.1.5 --network net2:ip=10.89. 52182811df2b1e73f36476003a66ec872101ea59034ac0d4d3a7b40903b955a6 ``` -Please take into account that CNI networks must be created first using podman-network-create(1). +Please take into account that networks must be created first using podman-network-create(1). ## SEE ALSO **[podman(1)](podman.1.md)**, **[podman-play(1)](podman-play.1.md)**, **[podman-network-create(1)](podman-network-create.1.md)**, **[podman-generate-kube(1)](podman-generate-kube.1.md)**, **[containers-certs.d(5)](https://github.com/containers/image/blob/main/docs/containers-certs.d.5.md)** diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index bd2421cdf..f6af4daa4 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -214,9 +214,12 @@ Valid _mode_ values are: #### **--network-alias**=*alias* -Add a network-scoped alias for the pod, setting the alias for all networks that the pod joins. To set a name only for a specific network, use the alias option as described under the **--network** option. -Network aliases work only with the bridge networking mode. This option can be specified multiple times. -NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release. +Add a network-scoped alias for the pod, setting the alias for all networks that the container joins. To set a +name only for a specific network, use the alias option as described under the **--network** option. +If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} `), +these aliases can be used for name resolution on the given network. This option can be specified multiple times. +NOTE: When using CNI a pod will only have access to aliases on the first network that it joins. This limitation does +not exist with netavark/aardvark-dns. #### **--no-hosts** diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 4566a73d0..cb19e929e 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -755,9 +755,12 @@ Valid _mode_ values are: #### **--network-alias**=*alias* -Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a name only for a specific network, use the alias option as described under the **--network** option. -Network aliases work only with the bridge networking mode. This option can be specified multiple times. -NOTE: A container will only have access to aliases on the first network that it joins. This is a limitation that will be removed in a later release. +Add a network-scoped alias for the container, setting the alias for all networks that the container joins. To set a +name only for a specific network, use the alias option as described under the **--network** option. +If the network has DNS enabled (`podman network inspect -f {{.DNSEnabled}} `), +these aliases can be used for name resolution on the given network. This option can be specified multiple times. +NOTE: When using CNI a container will only have access to aliases on the first network that it joins. This limitation does +not exist with netavark/aardvark-dns. #### **--no-healthcheck** diff --git a/docs/tutorials/basic_networking.md b/docs/tutorials/basic_networking.md index 0a6034e7a..05c3a731e 100644 --- a/docs/tutorials/basic_networking.md +++ b/docs/tutorials/basic_networking.md @@ -32,7 +32,7 @@ port mapping. Depending on the firewall implementation, we have observed firewa ports being opened automatically due to running a container with a port mapping (for example). If container traffic does not seem to work properly, check the firewall and allow traffic on ports the container is using. A common problem is that -reloading the firewall deletes the cni iptables rules resulting in a loss of +reloading the firewall deletes the cni/netavark iptables rules resulting in a loss of network connectivity for rootful containers. Podman v3 provides the podman network reload command to restore this without having to restart the container. @@ -83,7 +83,7 @@ users. But as of Podman version 4.0, rootless users can also use netavark. The user experience of rootless netavark is very akin to a rootful netavark, except that there is no default network configuration provided. You simply need to create a network, and the one will be created as a bridge network. If you would like to switch from -CNI networking to netvaark, you must issue the `podman system reset --force` command. +CNI networking to netavark, you must issue the `podman system reset --force` command. This will delete all of your images, containers, and custom networks. ``` @@ -177,7 +177,7 @@ address, you should continue to use CNI instead of netavark. ``` $ sudo podman network create -d macvlan -o parent=eth0 webnetwork -/etc/cni/net.d/webnetwork.conflist +webnetwork ``` The next step is to ensure that the DHCP CNI plugin is running. This plugin facilitates the DHCP lease from the network. -- cgit v1.2.3-54-g00ecf From c85722eb9f552f2456d33589a1417264369a6366 Mon Sep 17 00:00:00 2001 From: Charlie Doern Date: Mon, 25 Jul 2022 10:21:14 -0400 Subject: pod create --share none should not create infra for podman pod create, when we are not sharing any namespaces there is no point for the infra container. This is especially true since resources have also been decoupled from the container recently. handle this on the cmd level so that we can still create infra if set explicitly resolves #15048 Signed-off-by: Charlie Doern --- cmd/podman/pods/create.go | 6 ++++++ docs/source/markdown/podman-pod-create.1.md | 2 +- test/e2e/pod_infra_container_test.go | 16 ++++++++++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) (limited to 'cmd/podman') diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index aea8a7229..4f1f66ad6 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -134,6 +134,12 @@ func create(cmd *cobra.Command, args []string) error { imageName = infraImage } img := imageName + + if !cmd.Flag("infra").Changed && (share == "none" || share == "") { + // we do not want an infra container when not sharing namespaces + createOptions.Infra = false + } + if !createOptions.Infra { if cmd.Flag("no-hosts").Changed { return fmt.Errorf("cannot specify --no-hosts without an infra container") diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index f6af4daa4..843aed357 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -303,7 +303,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the #### **--share**=*namespace* -A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts) +A comma-separated list of kernel namespaces to share. If none or "" is specified, no namespaces will be shared and the infra container will not be created unless expiclity specified via **--infra=true**. The namespaces to choose from are cgroup, ipc, net, pid, uts. If the option is prefixed with a "+" then the namespace is appended to the default list, otherwise it replaces the default list. Defaults matches Kubernetes default (ipc, net, uts) #### **--share-parent** diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index a2e090524..b53630156 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -435,4 +435,20 @@ var _ = Describe("Podman pod create", func() { Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring(hostname)) }) + + tests := []string{"", "none"} + for _, test := range tests { + test := test + It("podman pod create --share="+test+" should not create an infra ctr", func() { + session := podmanTest.Podman([]string{"pod", "create", "--share", test}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"pod", "inspect", "--format", "{{.NumContainers}}", session.OutputToString()}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).Should((Equal("0"))) + }) + } + }) -- cgit v1.2.3-54-g00ecf