* podman --remote ssh://<user>:<password>@<host>:<port><path>
* podman --remote ssh://<user>:<password>@<host>:<port><path> \
--identity <path> --passphrase <phrase>
* ssh-add <key>
podman --remote ssh://<user>@<host><path>
* Fix `podman help` to run even if podman missing components
* Prompt for passphrase on stdin IFF key is protected and passphrase
not given via any other configuration
* cobra flags do not support optional value flags therefore refactored
--remote to be a boolean and --url will now contain the URI to Podman
service
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Podman containers can specify that they get their network
namespace from another container. This is automatic in pods, but
any container can do it.
The problem is that these containers are not guaranteed to have a
network namespace of their own; it is perfectly valid to join the
network namespace of a --net=host container, and both containers
will end up in the host namespace. The code for obtaining network
stats did not account for this, and could cause segfaults as a
result. Fortunately, the fix is simple - the function we use to
get said stats already performs appropriate checks, so we just
need to recursively call it.
Fixes#5652
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We also need to rework container/image inspect to be separate,
but that can happen in another PR.
Fixes#6472
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
7.7 has been released for a while now, so change troubleshooting
reference to indicate that.
Fixes#6349
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The biggest obstacle here was cleanup - we needed a way to remove
detached exec sessions after they exited, but there's no way to
tell if an exec session will be attached or detached when it's
created, and that's when we must add the exit command that would
do the removal. The solution was adding a delay to the exit
command (5 minutes), which gives sufficient time for attached
exec sessions to retrieve the exit code of the session after it
exits, but still guarantees that they will be removed, even for
detached sessions. This requires Conmon 2.0.17, which has the new
`--exit-delay` flag.
As part of the exit command rework, we can drop the hack we were
using to clean up exec sessions (remove them as part of inspect).
This is a lot cleaner, and I'm a lot happier about it.
Otherwise, this is just plumbing - we need a bindings call for
detached exec, and that needed to be added to the tunnel mode
backend for entities.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
environment variables are handled differently on windows vs linux. here we split them to be handled but no actually processing of windows environment variables was done. it can be added for future. hoowever, now we dont get errors on windows about processing them.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This adds bindings for starting exec sessions, and then uses them
to wire up detached exec. Code is heavily based on Attach code
for containers, slightly modified to handle exec sessions.
Bindings are presently attached-only, detached is pending on a
Conmon update landing in CI. I'll probably get to that next.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
- exec: add test for #5046, in which conmon swallowed chars
on a large byte transfer
- pod: add 'pod exists' tests, both positive and negative;
consolidate tests; add '--label', and check in 'pod inspect'
add 'pod ps' tests
- networking: add test for #5466, in which detached run
with --userns=keep-id would not forward a port
Signed-off-by: Ed Santiago <santiago@redhat.com>
