| Age | Commit message (Collapse) | Author |
|---|
|
* top-level (pod.d)
* truncated (unit-.container.d)
Signed-off-by: Bennie Milburn-Town <63211101+benniekiss@users.noreply.github.com>
|
|
Remove the unused machine volume-driver
|
|
Adds a `NetworkAlias=` key to both .container and .pod quadlet files,
which translates to the `--network-alias` option to `podman run` and
`podman pod create` respectively. Can be repeated multiple times.
Signed-off-by: Félix Saparelli <felix@passcod.name>
|
|
Make podman-compose refer to podman-compose(1) when using an external provider
|
|
Change the warning message at runtime to refer to the man page of podman-compose instead of "the documentation"
Add instructions in the man page on how to disable the warning emitted by podman-compose when using an external compose provider
Signed-off-by: marinmo <bugzilla@marinmo.org>
|
|
Run root e2e & system tests using composefs on rawhide.
Write magic settings to storage.conf. That part is easy.
e2e tests, however, ignore storage.conf. They require everything
to be specified on the command line. And "everything", in the
case of composefs, includes a long complicated --pull-options
string which in turn requires containers-storage PR 1966
which, as of this writing, is finally vendored into podman.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
Fixes: #23039
Signed-off-by: Wanqi Li <wanli@umass.edu>
|
|
This senetence does not add any value and instead confuses users as it
suggest that the name is somhow special and related to bridge networks
which is not the case. Using either the name or id is fine as described
in the sentence before.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
The driver is now hardcoded again, and there can only be
one type of mounts at a time (which one changes over time)
Revert "Make it possible to select the volume driver"
This reverts commit 6630e5cf66cf76aefcfe9caebe5df4f37dd0bdd5.
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
|
|
I found that Quadlet didn't currently have support for log options.
This merge allows Quadlet to handle log options and correctly
pass those values through to `podman run` for Container and Kube
types.
Syntactically consistent with existing parameters:
```ini
[Container]
Image=localhost/imagename
LogOpt=path=/var/log/container/mycontainer.json
LogOpt=size=10mb
```
Signed-off-by: Brett Calliss <brett@obligatory.email>
|
|
[CI:DOCS] Add information about Type=oneshot units in podman-systemd.unit.5.md (fixes #22233)
|
|
Add information about Type=oneshot units as suggested in https://github.com/containers/podman/issues/22233
Signed-off-by: marinmo <bugzilla@marinmo.org>
|
|
Change the document to only use true/false for booleans. Fixes https://github.com/containers/podman/issues/20686.
Signed-off-by: marinmo <bugzilla@marinmo.org>
|
|
Remove references to --pull=true and --pull=false
|
|
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
|
|
Add `podman system check`
|
|
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
Fix two typos in podman build as reported by #22946
FIXES: #22946
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
|
Quadlet: Add support for .build files
|
|
Add the following targets in winmake.ps1:
- `installer`: builds the Windows installer
- `docs`: builds the documentation HTML pages
- `validatepr`: runs the Linux Makefile `.valiatepr`
target using podman.
- `lint`: faster validation that runs linter locally
Update of `build_windows.md`:
- removed every reference to the MSYS2 platform
- added instructions to build the installer and linters
Fix https://github.com/containers/podman/issues/21821 and https://github.com/containers/podman/issues/21911
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
|
|
Add a `podman system check` that performs consistency checks on local
storage, optionally removing damaged items so that they can be
recreated.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
|
[CI:DOCS] fix typo in Tutorials.rst
|
|
.build files allow to build an image via Quadlet. The keys from a .build
file are translated to arguments of a `podman build` command by Quadlet.
Minimal keys for .build files are `ImageTag=` and a context directory,
see `SetWorkingDirectory=`, or a `File=` pointing to a Containerfile.
After sorting .build files into the Quadlet dependency order, there
remains a possible dependency cycle issue between .volume and .build
files: A .volume can have `Image=some.build`, and a .build can have
`Volume=some.volume:/some/volume`.
We solve this dependency cycle by prefilling resourceNames with all
image names from .build files before converting all the unit files.
This results in an issue for the test suite though: For .volume's
depending on *.image or *.build, we need to copy these additional
dependencies to the test's quadletDir, otherwise the test will fail.
This is necessary, because `handleImageSource()` actually needs to know
the image name defined in the referenced *.{build,image} file. It cannot
fall back on the default names, as it is done for networks or volumes,
for example.
Signed-off-by: Johannes Maibaum <jmaibaum@gmail.com>
|
|
It seems like podman kube play already supports the field since version 4.4.0 but the documentation was not yet updated.
Signed-off-by: thartd <49099022+pcguy85@users.noreply.github.com>
|
|
Signed-off-by: Elliot Ford <elliot.ford@hotmail.co.uk>
|
|
Always chown volumes when mounting into a container
|
|
quadlet: Add a network requirement on .image and .containers units
|
|
When an empty volume is mounted into a container, Docker will
chown that volume appropriately for use in the container. Podman
does this as well, but there are differences in the details. In
Podman, a chown is presently a one-and-done deal; in Docker, it
will continue so long as the volume remains empty. Mount into a
dozen containers, but never add content, the chown occurs every
time. The chown is also linked to copy-up; it will always occur
when a copy-up occurred, despite the volume now not being empty.
This PR changes our logic to (mostly) match Docker's.
For some reason, the chowning also stops if the volume is chowned
to root at any point. This feels like a Docker bug, but as they
say, bug for bug compatible.
In retrospect, using bools for NeedsChown and NeedsCopyUp was a
mistake. Docker isn't actually tracking this stuff; they're just
doing a copy-up and permissions change unconditionally as long as
the volume is empty. They also have the two linked as one
operation, seemingly, despite happening at very different times
during container init. Replicating that in our stateful system is
nontrivial, hence the need for the new CopiedUp field. Basically,
we never want to chown a volume with contents in it, except if
that data is a result of a copy-up that resulted from mounting
into the current container. Tracking who did the copy-up is the
easiest way to do this.
Fixes #22571
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
|
[CI:DOCS] performance: update network docs
|
|
If a container unit starts on boot with a dependency on `default.target`
the image unit may start too soon, before network is ready. This cause
the unit to fail to pull the image.
- Add a dependency on `network-online.target` to make sure image pulls
don't fail.
See https://github.com/containers/podman/issues/21873
- Document the hardcoded dependency on `network-online.target` for images unit
and explain how it can be overriden if necessary.
- tests/e2e/quadlet: Add `assert-last-key-regex`
Required to test the `After=` override in [Unit] section
See https://github.com/containers/podman/pull/22057#issuecomment-2008959993
- quadlet/unitfile: add a prepenUnitLine method
Requirements on networks should be inserted at the top of the
section so the user can override them.
Signed-off-by: jbtrystram <jbtrystram@redhat.com>
|
|
* Document that pasta is now the default network driver
* Document command: podman info -f '{{.Host.RootlessNetworkCmd}}'
* Add note about missing network isolation
Fixes: https://github.com/containers/podman/issues/22748
Co-authored-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
|
[CI:DOCS] Update podman network docs
|
|
Update the podman network docs to specify that the default rootless
networking tool has been swapped from slirp4netns to pasta.
Signed-off-by: Pranav RK <pranavrk7@gmail.com>
|
|
Signed-off-by: Shion Tanaka <shtanaka@redhat.com>
|
|
Co-authored-by: Ygal Blum <ygal.blum@gmail.com>
Signed-off-by: Jonas Berlin <xkr47@outerspace.dyndns.org>
|
|
Also, properly capitalize.
Signed-off-by: Sander Maijers <3374183+sanmai-NL@users.noreply.github.com>
|
|
Effectively, this is an ability to take an image already pulled
to the system, and automatically mount it into one or more
containers defined in Kubernetes YAML accepted by `podman play`.
Requirements:
- The image must already exist in storage.
- The image must have at least 1 volume directive.
- The path given by the volume directive will be mounted from the
image into the container. For example, an image with a volume
at `/test/test_dir` will have `/test/test_dir` in the image
mounted to `/test/test_dir` in the container.
- Multiple images can be specified. If multiple images have a
volume at a specific path, the last image specified trumps.
- The images are always mounted read-only.
- Images to mount are defined in the annotation
"io.podman.annotations.kube.image.automount/$ctrname" as a
semicolon-separated list. They are mounted into a single
container in the pod, not the whole pod.
As we're using a nonstandard annotation, this is Podman only, any
Kubernetes install will just ignore this.
Underneath, this compiles down to an image volume
(`podman run --mount type=image,...`) with subpaths to specify
what bits we want to mount into the container.
Signed-off-by: Matt Heon <mheon@redhat.com>
|
|
Image volumes (the `--mount type=image,...` kind, not the
`podman volume create --driver image ...` kind - it's strange
that we have two) are needed for our automount scheme, but the
request is that we mount only specific subpaths from the image
into the container. To do that, we need image volume subpath
support. Not that difficult code-wise, mostly just plumbing.
Also, add support to the CLI; not strictly necessary, but it
doesn't hurt anything and will make testing easier.
Signed-off-by: Matt Heon <mheon@redhat.com>
|
|
[CI:DOCS] format podman-pull example as code
|
|
Make `podman update` changes persistent
|
|
Signed-off-by: Morgan Bauer <bauer.morgan@gmail.com>
|
|
Small typographical error:
"an restarted" -> "and restarted"
Signed-off-by: Chad Dougherty <crd@acm.org>
|
|
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
This is something Docker does, and we did not do until now. Most
difficult/annoying part was the REST API, where I did not really
want to modify the struct being sent, so I made the new restart
policy parameters query parameters instead.
Testing was also a bit annoying, because testing restart policy
always is.
Signed-off-by: Matt Heon <mheon@redhat.com>
|
|
The logic here is more complex than I would like, largely due to
the behavior of `podman inspect` for running containers. When a
container is running, `podman inspect` will source as much as
possible from the OCI spec used to run that container, to grab
up-to-date information on things like devices. We don't want to
change this, it's definitely the right behavior, but it does make
updating a running container inconvenient: we have to rewrite the
OCI spec as part of the update to make sure that `podman inspect`
will read the correct resource limits.
Also, make update emit events. Docker does it, we should as well.
Signed-off-by: Matt Heon <mheon@redhat.com>
|
|
Markdown needs lists to be separate paragraphs, otherwise all the items
end up in a single line.
I also made arguments to be replaced italic to clarify that they
shouldn't be typed exactly as shown.
Signed-off-by: Baltazár Radics <baltazar.radics@gmail.com>
|
|
The --expose option doesn't actually affect port forwarding or anything
like that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
Docker shows exposed ports as just PORT/PROTO so match that behavior. It
is not clear to me why someone needs that information in ps as "expose"
doesn't effect anything networking related.
Fixes https://issues.redhat.com/browse/RHEL-32154
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
Signed-off-by: localhost <xpaomian@gmail.com>
|
|
Update kube docs stating the support of moving to and from
k8s in podman and explicitly stating that we are not replicating
the kubectl cli.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
