With the new rootless cni supporting network connect/disconnect is easy.
Combine common setps into extra functions to prevent code duplication.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
For rootless users the infra container used the slirp4netns net mode
even when bridge was requested. We can support bridge networking for
rootless users so we have allow this. The default is not changed.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Instead of creating an extra container create a network and mount
namespace inside the podman user namespace. This ns is used to
for rootless cni operations.
This helps to align the rootless and rootful network code path.
If we run as rootless we just have to set up a extra net ns and
initialize slirp4netns in it. The ocicni lib will be called in
that net ns.
This design allows allows easier maintenance, no extra container
with pause processes, support for rootless cni with --uidmap
and possibly more.
The biggest problem is backwards compatibility. I don't think
live migration can be possible. If the user reboots or restart
all cni containers everything should work as expected again.
The user is left with the rootless-cni-infa container and image
but this can safely be removed.
To make the existing cni configs work we need execute the cni plugins
in a extra mount namespace. This ensures that we can safely mount over
/run and /var which have to be writeable for the cni plugins without
removing access to these files by the main podman process. One caveat
is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns`
accessible.
`XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`.
To ensure that we keep the netns directory we bind mount this relative
to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns
before we mount the run directory. The run directory is mounted recursive,
this makes the netns directory at the same path accessible as before.
This also allows iptables-legacy to work because /run/xtables.lock is
now writeable.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The --execute flag ended up serving no purpose. It was removed and
documentation was updated.
Fixed a panic when no VM name was provided.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
The split of install.docker and install.docker-docs makes some sense but
there should be some way to specify both for packagers.
This introduces `make install.docker-full` which installs both the
docker binary and the documentation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Commit 3908c00799fe2af1a12c9c4f4be8b49dbdecd9be introduces a split for
installing the docker binary and the docker documentation. The
install line creating BINDIR and MANDIR was both moved to the
install.docker-docs path which makes `install.docker` fail.
Signed-off-by: Morten Linderud <morten@linderud.pw>
This pointed to the container-unmount doc page. It now points to the
expected podman-image-unmount doc page.
Signed-off-by: Alexander Wellbrock <a.wellbrock@mailbox.org>
Add shell completion for machine names.
[NO TESTS NEEDED]
I would like to add one to the shell completion test however
using podman machine init is to expensive.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
In #9863 prune containers filter params were narrowed to support only those
required by http API. name filter in bindings was replaced by until filter,
which is not a good match, as until filters are causing tests to be flaky.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Rename Readme.md to README.md in the docs directory. Add
the local build process per @Luap99 in #9856 for the man pages
to preview any changes that are made.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
podman machine list lists all virtual machines & indicates the default VM
connection, if it exists. it also can take a --format flag arg as a go
template.
[NO TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Versions of the ps command have additional spaces between fields, this
manifests as the container asking to run "top" and API reporting "top "
as a process.
Endpoint and tests updated to check that "top" is reported.
There is no libpod specialized endpoint to update.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
When using the bindings do not include the pre-release or build
metadata in the URL for the service. This breaks older services, while
not providing that much additional functionality.
[NO TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
allow for the user to provide an alternate ignition-file rather than the
auto-generated one.
updated docs to describe ramifications of providing an alterate ignition
file.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
[NO TESTS NEEDED] This PR is mainly documentation and some code cleanup.
Also cleanup and consolidate handling of other hanlding of podman-remote
hidden options.
Fixes: https://github.com/containers/podman/issues/9874
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Make sure we do not display the expected error when using podman network
reload. This is already done for iptables-legacy however iptables-nft
creates a slightly different error message so check for this as well.
The error is logged at info level.
[NO TESTS NEEDED] The test VMs do not use iptables-nft so there is no
way to test this. It is already tested for iptables-legacy.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Containers endpoints for HTTP compad and libpod APIs allowed usage of list HTTP
endpoint filter funcs. Documentation in case of libpod and compat API does not allow that.
This commit aligns code with the documentation.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
when automatically downloading fcos for the Apple M1, we needed
to replace a statically defined URL with the dynamically
determined one.
also, it appears boolean qemu options `server` and `onwait` are
not defined as `server=on` and `wait=off`.
[NO TESTS NEEDED]
Signed-off-by: baude <bbaude@redhat.com>
It is tedious and error-prone to update the 'APIVersion=<exact>'
test every time there's a minor bump. Change the test so it
confirms only the major version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
