Issue #9573 (podman build --pull-never is a NOP) is fixed.
Remove the 'skip' in the buildah-bud pull-never test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add support for generating powershell completion files. This is especially
useful for people using the podman remote client on windows.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
If I run podman within a container without /sys/fs/cgroups mounted,
we get this warning, which the user can not do much about. I don't
see a reason for requiring this warning to show by default, so we
should drop it to Info.
User can not do anything about it either, and code works well with
the somewhat expected error.
Helps fix: https://github.com/containers/podman/issues/9753
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Escape the two dashes, otherwise they are combined into one long dash.
I tested that this change is safe and still renders correctly on github
and with the man pages.
This commit also contains a small change to make it build locally.
Assuming you have the dependencies installed you can do:
```
cd docs
make html
```
Preview the html files in docs/build/html with
`python -m http.server 8000 --directory build/html`.
Fixescontainers/podman.io#373
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The 'is' check was intended to be called with three arguments,
the last one being a nice helpful test name. There's a fallback
for two-argument calls, but it was a horrible FIXME.
New fallback: the most recently run podman command. We keep
track of it in each run_podman() invocation.
This is not ideal, because it's theoretically possible to
invoke 'is' on something other than the output of run_podman,
but this at least fixes the by-far-most-common case.
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
if LISTEN_FDS is specified by systemd, we need to use the first fd
after the std files (so fd=3) to read from the activation socket
instead of manually opening the UNIX socket.
[NO TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/9251
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
The implementation uses `io.containers.seccomp.profile` while the docs
mentioned `io.podman`. Correct the two references in the docs to
reflect the implementation.
Fixes: #9853
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
since we already have an exported function that does the check,
refactor the code to use it instead of duplicating the logic.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
podman generate systemd --new inserts extra idfile arguments. The
generated unit can break when the user did provide their own idfile
arguments as they overwrite the arguments added by generate systemd.
This also happens when a user tries to generate the systemd unit on
a container already create with a --new unit. This should now
create a identical unit. The solution is to remove all user provided
idfile arguments.
This commit also ensures that we do not remove arguments that are part
off the containers entrypoint.
Fixes#9776
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Add support for secretRef and secretKeyRef to allow env vars to be set
from a secret. As K8S secrets are dictionaries the secret value must
be a JSON dictionary compatible with the data field of a K8S secret
object. The keys must consist of alphanumeric characters, '-', '_'
or '.', and the values must be base64 encoded strings.
Signed-off-by: Alban Bedel <albeu@free.fr>
In K8S the pod creation fails if an env var reference a non existing
config map key. It can be marked as optional, but per default it is
mandatory. Podman on the other hand always treat such references as
optional.
Rework envVarsFrom() and envVarValue() to additionaly return an error
and add support for the optional attribute in configMapRef and
configMapKeyRef.
Signed-off-by: Alban Bedel <albeu@free.fr>
Rework envVarsFromConfigMap() and envVarValue() to simplify supporting
other env sources than config maps. For this we pass the whole spec
generator options struct as parameter instead of just the config maps
list. Then we rename envVarsFromConfigMap() to envVarsFrom() and in
envVarValue() we reposition the loop over the config maps to only run
it when a configMapRef element exists.
Signed-off-by: Alban Bedel <albeu@free.fr>
Make sure fixes that go into local podman commands also work in
podman-remote, by using the same function.
Since this is just a rewrite of existing code, existing tests should
handle it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Podman machine remove is now called `rm`.
Podman machine create now supports resizing the image to the value of
--disk-size as provided. The default is to 10G.
Added systemd unit file on guest via ignition that sends a Ready message
to the host over a virtio-socket so that we know when the VM is booted
and ready for use.
Podman machine commands no longer require a VM name as an argument. A
default VM name is defined and if no VM name is provided as a arg, the
default will be used.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
When kube play fails to create a volume, it should say which volume had
the problem so the user doesn't have to guess. For the following pod
spec:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
hostPath:
path: /var/blah
podman will now report:
Error: failed to create volume "mypd": error in parsing HostPath
in YAML: error checking path "/var/blah": stat /var/blah: no such
file or directory
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
Currently pull policy is set incorrectly when users set --pull-never.
Also pull-policy is not being translated correctly when using
podman-remote.
Fixes: #9573
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently podman only works with --isolation chroot. This PR
fixes this by allowing the isolation mode to default to OCI and to
also allow users to pass the isolation mode into the containers.
The current tests for --isolation should cause this code to be tested.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Since podman-remote resize requests can come in at random times, this
generates a real potential for race conditions. We should only be
attempting to resize TTY on running containers, but the containers can
go from running to stopped at any time, and returning an error to the
caller is just causing noice.
This change will basically ignore requests to resize terminals if the
container is not running and return the caller to success. All other
callers will still return failure.
Fixes: https://github.com/containers/podman/issues/9831
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Fixes: https://github.com/containers/podman/issues/9825
Currently we are using TMPDIR for storaing temporary files
when building images, but not when you directly commit the images.
This change simply uses the TMPDIR environment variable if set
to store temporary files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It is rare but possible that storage locations for the graphroot and the
runroot are not mounted at boot time, and therefore might race when
doing container operations. An example we've seen in the wild is that a
slow tmpfs mount for the runroot would suddenly mount over /run, causing
the container to lose all currently-running data, requiring a system
refresh to get it back.
This patch adds RequiresMountsFor= to the systemd.unit header to ensure
the paths for both the graphroot and runroot are mounted prior to
starting any generated unit files.
Signed-off-by: Robb Manes <rmanes@redhat.com>
Rename podman machine create to init because we're initing a VM, not
really creating it
Wire up CPUs flag
Suppress QEMU GUI from popping up when not in debug mode
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
[NO TESTS NEEDED]
* When using the Namespace type, the field Value was json encoded
with the name "string" vs "value".
Signed-off-by: Jhon Honce <jhonce@redhat.com>
