add support for podman-remote image scp as well as direct access via the API. This entailed
a full rework of the layering of image scp functions as well as the usual API plugging and type creation
also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image
they are loading to the local/remote machine:
allow users to pass a "new name" for the image they are transferring
`podman tag` as implemented creates a new image im `image list` when tagging, so this does the same
meaning that when transferring images with tags, podman on the remote machine/user will load two images
ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host
implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify
`podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check
which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Rootless containers are not possible on FreeBSD. While I would like to
close that gap, getting the necessary changes into the FreeBSD kernel
is a long term project so until then, this removes the rootlessport
helper from the build on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This option doesn't exist on freebsd or macos' install utility. In this
case, we can use the 'install file1 file2 ... dir' pattern which is
supported by all implementations of install that I'm aware of. The
makefile rule already creates the target directory so there is no
ambiguity.
No new tests are needed here since the same files are being installed
in the same places.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The sed implementation on FreeBSD has a strict interpretation of posix
'basic' regular expressions. It would be better to re-implement this
using 'extended' regular expressions but for now, just use GNU sed.
This should have no functional difference on currently supported
platforms.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The makefile uses the pattern $(shell command -v path1 path2 ...) to
deduce pathnames for various executables. On FreeBSD, the default shell
does have a 'command' builtin which supports the '-v' option but only
allows a single path as argument. Rather than work around this limitation
with alternatives like for, just set bash as the default shell. We
already require bash to be installed for various helper scripts.
This change only affects FreeBSD so no new tests are needed.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
the "pod ps" command first retrieves the list of all pods, then
iterates over the list to inspect each pod. This introduce a race
since a pod could be deleted in the meanwhile by another process.
Solve it by ignoring the define.ErrNoSuchPod error.
Closes: https://github.com/containers/podman/issues/14736
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
add two new options to the volume create command: copy and nocopy.
When nocopy is specified, the files from the container image are not
copied up to the volume.
Closes: https://github.com/containers/podman/issues/14722
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
the two operations are equivalent since securejoin.SecureJoin() has
solved the symlinks. Prefer the Lstat version though to make sure
symlinks are never resolved and we do not end up using a path on the
host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
avoid any I/O operation on the volume if the source directory is empty.
This is useful on network file systems (since CAP_DAC_OVERRIDE is not
honored) where the root user might not have enough privileges to
perform an I/O operation on the NFS mount but the user running inside
the container has.
[NO NEW TESTS NEEDED] it needs a setup with a network file system
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This PR covers two edge cases discovered by fiddling with machine
manually. It is possible (like after a manual cleanup of a machine)
that a leftover qemu socket file can indicate the prescense of a machine
running.
Also, reveal the error of a Exec.Command by wrapping the generic error
around what was in stderr.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Previously, health status events were not being generated at all. Both
the API and `podman events` will generate health_status events.
```
{"status":"health_status","id":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","from":"localhost/healthcheck-demo:latest","Type":"container","Action":"health_status","Actor":{"ID":"ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63","Attributes":{"containerExitCode":"0","image":"localhost/healthcheck-demo:latest","io.buildah.version":"1.26.1","maintainer":"NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e","name":"healthcheck-demo"}},"scope":"local","time":1656082205,"timeNano":1656082205882271276,"HealthStatus":"healthy"}
```
```
2022-06-24 11:06:04.886238493 -0400 EDT container health_status ae498ac3aa6c63db8b69a37583a6eae1a9cefbdbdbeeadcf8e1d66d745f0df63 (image=localhost/healthcheck-demo:latest, name=healthcheck-demo, health_status=healthy, io.buildah.version=1.26.1, maintainer=NGINX Docker Maintainers <docker-maint@nginx.com>)
```
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
This is part of a set of changes to port podman to the FreeBSD platform.
The pkg/signal parts are needed to enable ABI mode on FreeBSD. No tests
are needed here because it should be a functional no-op for linux.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The test must ensure that all ports in the range are free not just
the first. This flakes often because port 5355 is always in use by
systemd-resolved on fedora.
Fixes#14716
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level
meaning that resource related flags can now be exposed to podman pod create.
cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand
has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will
be the next flag I work on.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
This bug was introduced in https://github.com/containers/podman/pull/8906.
When we use 'podman rm/restart/stop/kill etc...' command to
the container running with --rm, the OCI runtime directory
remains at /run/<runtime name> (root user) or
/run/user/<user id>/<runtime name> (rootless user).
This bug could cause other bugs.
For example, when we checkpoint the container running with
--rm (podman checkpoint --export) and restore it
(podman restore --import) with crun, error message
"Error: OCI runtime error: crun: container `<container id>`
already exists" is outputted.
This error is caused by an attempt to restore the container with
the same container ID as the remaining OCI runtime's container ID.
Therefore, I fix that the cleanupRuntime() function runs to
remove the OCI runtime directory,
even if the container has already been removed by --rm option.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Since it may be a while before we get a true fix: add a
workaround for podman-remote checkpoint tests, in which
we pause until the 'run --rm' container is truly truly gone.
I've tried to make it as easy as possible to clean up
the workaround code once the bug is fixed.
Oh, also, remove "-it" from a podman-run. It makes no sense
and only results in nasty orange warning messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It seems like previously if --format was changed then listFlag.noHeading is changed accordingly
however printHeader is used to determine whether to print header or not.
This patch fixes that problem.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Libpod requires that all volumes are stored in the libpod db. Because
volume plugins can be created outside of podman, it will not show all
available plugins. This podman volume reload command allows users to
sync the libpod db with their external volume plugins. All new volumes
from the plugin are also created in the libpod db and when a volume from
the db no longer exists it will be removed if possible.
There are some problems:
- naming conflicts, in this case we only use the first volume we found.
This is not deterministic.
- race conditions, we have no control over the volume plugins. It is
possible that the volumes changed while we run this command.
Fixes#14207
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add 4 new subcommands to the testvol binary, instead of just serving the
volume api it now also can create/list/remove plugins. This is required
to test new functionality where volumes are create outside of podman in
the plugin. Podman should then be able to pick up the new volumes.
The new testvol commands are:
- serve: serve the podman api like the the testvol command before
- create: create a volume with the given name
- list: list all volume names
- remove: remove the volume with the given name
Also make a small update to the testvol Containerfile so that it can
build correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update the golang verion for the testvol image to the latest version
1.18. This requires us to build with GO111MODULE=off.
Use the FQDN to prevent the shortnames prompt.
Also add --network none to the podman build command to make sure we are
only using the copied deps and nothing else.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I think it is confusion to have this Containerfile in the repo root. It
is used for the tests only so we should move it into the same dir.
Also adapt the Makefile target to use the new path and add the current
date as tag instead of using latest which can break CI easily when we
have to update the image.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
