These just run once and are considered successful at exist. Not much is
needed to support it, but we have to avoid overwriting the type
with Type=notify.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This allows use to use STDOUT directly without having to call open
again, also this makes the export API endpoint much more performant
since it no longer needs to copy to a temp file.
I noticed that there was no export API test so I added one.
And lastly opening /dev/stdout will not work on windows.
Fixes#16870
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
always create a user namespace when running with euid != 0 since the
user is not owning the current mount namespace.
This issue happened on a Kubernetes cluster, where the pod was running
privileged but the UID was not 0, as it was configured in the image
itself.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
when running with euid != 0, inhibit the copy of the current mappings,
even if the kernel allows that. This seems to be the expectation when
running in a Kubernetes cluster with a non-root user.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add a wrapper to reduce boilerplate code. This also paves the way for
adding an ignore option to `getContainersOptions`.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Bump to buildah ca578b290144 and use new `cacheTo` and `cacheFrom` API.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
The ReadOnly and the RunInit keys affect options that have a variable
default (configurable in containers.conf). This means we need to
handle them a bit differently in quadlet to allow overriding the
default. For example, we can't assume ReadOnly=false doesn't need to
add any argument because no argument may mean readonly=true if the default
is changed.
We now don't add any argument (leaving the default) if the key is not specified,
or we always add an argument (--foo or --foo=false) if the key is specified (overriding whatever the default is).
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We add a regular LookupBoolean that can fail lookups, which is used by
the WithDefault version. We want to use this directly later in some places.
It is fina to change API here because this has not been in a release yet.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is a unit that can be enabled when using transient store mode
to clean up potential leftovers from previous boots. All it does is
run "podman system prune --external" once each boot.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
False is the assumed value, and inspect and podman generate kube are
being cluttered with a ton of annotations that indicate nothing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a new `getContainers` function to consolidate listing and looking
up containers. An options struct keeps thing flexible and makes callers
more readable.
[NO NEW TESTS NEEDED] as it shouldn't change behavior.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This is not needed since we dropped the quadlet user.
[NO NEW TESTS NEEDED] This just changes the build.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
When building without the makefile the v4/pkg/systemd/quadlet._binDir
defined is not set. In that case default to /usr/bin rather than the
empty string. This helps e.g. the rpm specfile which doesn't use
the makefile.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Support .network file to create a systemd service that runs podman network create
Support networks with .network suffix in Container and Kube to link with Quadlet created networks
Add E2E Tests
Add man doc
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Override the signature policy to always allow pushing images from local
storage, even if the default policy is set up to always disallow reading
images from any location.
Pay attention to the --signature-policy option in `podman push`, so that
we can test this properly.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
This should simplify the db logic. We no longer need a extra db bucket
for the netns, it is still supported in read only mode for backwards
compat. The old version required us to always open the netns before we
could attach it to the container state struct which caused problem in
some cases were the netns was no longer valid.
Now we use the netns as string throughout the code, this allow us to
only open it when needed reducing possible errors.
[NO NEW TESTS NEEDED] Existing tests should cover it and it is only a
flake so hard to reproduce the error.
Fixes#16140
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This adds basic container and volume system tests for quadlet. These
install and run actual systemd units and ensure they work.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Normally quadlet picks up whether to behave like a user or system
instance based on the binary name, but for the tests we want the
ability to pass `--user` to modify this using a single binary.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
We should have done this much earlier, most of the times CNI networks
just mean networks so I changed this and also fixed some function
names. This should make it more clear what actually refers to CNI and
what is just general network backend stuff.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we read logs there can be full or partial lines, when it is full we
need to append a newline, thus the message length must be incremented by
one.
Fixes#16856
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the new `podman kube {down,play}` commands.
[NO NEW TESTS NEEDED] as this is a purely cosmetic change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
