Previously, the following network block did not update using
docker-compose:
```
networks:
default:
driver: bridge
driver_opts:
mtu: 9000
```
In the API, the network options were previously not being handled when the
network was being created. I translated the docker options into podman
options, and added the options to the network.
When doing `podman network inspect <network>`, the results now contain
`"mtu": "9000"`
Fixes: #14482
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Previously, `podman system df --format "{{json .}}"` would not output
`Size` and `Reclaimable` like `podman system df` would.
```
{"Type":"Images","Total":5,"Active":0,"Size":39972240,"Reclaimable":39972240}
{"Type":"Containers","Total":0,"Active":0,"Size":0,"Reclaimable":0}
{"Type":"Local Volumes","Total":0,"Active":0,"Size":0,"Reclaimable":0}
```
Closes: #14769
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
Make sure `Sync()` handles state transitions and exit codes correctly.
The function was only being called when batching which could render
containers in an unusable state when running concurrently with other
state-altering functions/commands since the state must be re-read from
the database before acting upon it.
Fixes: #14761
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Following PR adds support for running containers from a manifest list
present on localstorage. Before this PR podman only supports running
containers from valid images but not from manifest list.
So `podman run -it --platform <some> <manifest-list> command` should
become functional now and users should be able to resolve images on the
bases of provided `--platform` string.
Example
```
podman manifest create test
podman build --platform linux/amd64,linux/arm64 --manifest test .
podman run --rm --platform linux/arm64/v8 test uname -a
```
Closes: https://github.com/containers/podman/issues/14773
Signed-off-by: Aditya R <arajan@redhat.com>
The retry logic in digshort() did not work because dig always exits with
0 even when the domain name is not found. To make it work we have to
check the standard output.
We work on fixing the underlying issue in aardvark/netavark but
this will take more time.
Fixes#14173Fixes#14171
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
the test is not doing what it believes to do. The containers are not
supposed to be joining the infra container cgroup.
In addition, the result is validated only on cgroup v1 systems (that
are not used in the CI).
We may want to add it back, or a variant of it, once the
--device-read-bps option applies to the pod parent cgroup.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
PR containers/podman/pull/14449 had an outdated base. Merging it broke
builds.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Fix the parse for the cgroup devices rule to correctly handle the
wildcard syntax for the device major.
Also make sure the device major and minor are not negative numbers.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
ImagesBatchRemoval and ImageRemoval now honors and accepts
`LookupManifest` parameter which further tells libimage to resolve to
manifest list if it exists instead of actual image.
Following PR also makes `podman-remote manifest rm` functional which was
broken till now.
Closes: https://github.com/containers/podman/issues/14763
Signed-off-by: Aditya R <arajan@redhat.com>
Podman Machine crashes if run as root. When creating the machine, we write the ignition so that the UID of the core user matches the UID of the user on the host. We by default, create the root user on the machine with UID 0. If the user on the host is root, the core UID and the Root UID collide, causing a the VM not to boot.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Runtime verification test for container checkpoint with export
used the default runtime for test which causes test to always
pass. Problem rises when using non-default runtime, then doing
a restore. This test forcse using a non-default runtime during
container creation.
Edge case:
1. Default runtime is crun
2. Container is created with runc
3. Checkpoint without setting --runtime into archive
4. Restore without setting --runtime from archive
It should be expected that podman identifies runtime from the
checkpoint archive.
Signed-off-by: Zeyad Yasser <zeyady98@gmail.com>
currently, podman system df incorrectly calculates the reclaimable storage for
volumes, using a cumulative reclaimable variable that is incremented and placed into each
report entry causing values to rise above 100%.
Switch this variables to be in the context of the loop, so it resets per volume just like the size variable does.
resolves#13516
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Some background for this PR is in discussion #14641. In short, ever so often a container inspect will return a `status.status` of `initialized` from the Docker compat socket.
From the discussion I found these lines which tries to fix a "configured" status to "created".
c936d1e611/pkg/api/handlers/compat/containers.go (L291-L294)
However, commit 141de86862 (Revamp Libpod state strings for Docker compat) removed the "configured" return value from the `String()` method called on line 291 above. Thus, making the `if` check redundant as it will never hit. But the same commit also introduces a return for "initialized" which this `if` should probably have been adapted for.
Signed-off-by: Pieter Engelbrecht <pieter@shuttle.rs>
add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
the "pod ps" command first retrieves the list of all pods, then
iterates over the list to inspect each pod. This introduce a race
since a pod could be deleted in the meanwhile by another process.
Solve it by ignoring the define.ErrNoSuchPod error.
Closes: https://github.com/containers/podman/issues/14736
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
add two new options to the volume create command: copy and nocopy.
When nocopy is specified, the files from the container image are not
copied up to the volume.
Closes: https://github.com/containers/podman/issues/14722
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Previously, health status events were not being generated at all. Both
the API and `podman events` will generate health_status events.
```
{"status":"health_status","id":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","from":"localhost/healthcheck-demo:latest","Type":"container","Action":"health_status","Actor":{"ID":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","Attributes":{"containerExitCode":"0","image":"localhost/healthcheck-demo:latest","io.buildah.version":"1.26.1","maintainer":"NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e","name":"healthcheck-demo"}},"scope":"local","time":1656082205,"timeNano":1656082205882271276,"HealthStatus":"healthy"}
```
```
2022-06-24 11:06:04.886238493 -0400 EDT container health_status ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63 (image=localhost/healthcheck-demo:latest, name=healthcheck-demo, health_status=healthy, io.buildah.version=1.26.1, maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>)
```
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
The test must ensure that all ports in the range are free not just
the first. This flakes often because port 5355 is always in use by
systemd-resolved on fedora.
Fixes#14716
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level
meaning that resource related flags can now be exposed to podman pod create.
cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand
has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will
be the next flag I work on.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
