Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Since pasta is now considered a network mode using it as network name
causes a conflict. For now we will prefer the named network but in a
future major version bump we want to remove this and just use pasta(1).
The docs should reflect that this name is considered deprecated.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Remove the container/pod ID file along with the container/pod. It's
primarily used in the context of systemd and are not useful nor needed
once a container/pod has ceased to exist.
Fixes: #16387
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
--insecure and --verbose flags for docker compatibility
--tls-verify for syntax compatibility and allow users to inspect
manifests at remote Container Registiries without requiring tls.
Helps fix: https://github.com/containers/podman/issues/14917
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This was a horrible one. I basically went with the podman-run
version, with a few minor changes. See PR for discussion of
diff review.
podman-build is not included here, it is too different.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Underscore is special in markdown. We usually escape them
properly, but these are a few that we missed. Found using:
$ ack '[A-Z]\\fI[A-Z]' docs/build/man
(plus one that I found by accident).
If anyone has ideas on how to add a commit check for these,
please speak up. I'm at a complete loss to automate this.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This just fixes the indentation which was previously breaking the
list such that the various network modes were just mixed into one large
paragraph instead of a list.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.
This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.
I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Accumulated cleanup from the man-page deduplication effort.
Various minor things that slipped.
--publish-all : remove duplicate "default is false" (toth @dilyanpalauzov)
--shm-size : rephrase 'you' and 'y'all'
--tls-verify : make narrower, add asterisks to true/false,
and linkify containers-registries.conf
--volume : incorporate feedback from @mheon
rename pid.md to pid.container.md, because there's a pid.pod.md
for the --pid option used in pod-related man pages.
...and some whitespace, comma, other minor edits
Fixes: #15356
Signed-off-by: Ed Santiago <santiago@redhat.com>
Refactored among all files that mentioned it.
DANGER WILL ROBINSON! REVIEW CAREFULLY! Here are two major
decisions I made:
1) Look at the text for podman-run, in particular the "" text.
It currently says "will use the default". As best I can
tell this is not true, so I changed it to "will disable"
which matches all the other commands.
2) The "containers.conf" text, I decided, applies to all
commands, not just podman-run (it was only present in
podman-run). If this is not the case, please yell.
Other changes are cosmetic formatting stuff, asterisks end newlines.
Hard to review with hack/markdown-preprocess-review, because all
the text is one horrible long line instead of 80-char breaks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-create and -run; podman-start was too
different. (But please look into it, maybe there's a way
to reconcile the diffs).
Very minor formatting changes made to reconcile the two.
Easy to review using hack/markdown-preprocess-review
Signed-off-by: Ed Santiago <santiago@redhat.com>
[Note: I already refactored --annotation for container-related
commands; this one is for manifest-related commands]
This one needed reconciling: one man page said "newly added image",
the other said "specified image", I just reduced that to "image".
If that's not cool, any suggestions on how to make it better? Or,
just reject this PR, we can live with this duplication.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between the two podman-manifest-* commands. podman-build
is too different.
Easy one, text was already identical
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only in container/pod stop/rm/restart man pages; the others
(volume-rm, network-rm, system-service) are too different to refactor.
Mostly an easy one, no manual reconciliation needed apart from
the pod-vs-container difference.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-create and -run; the other meanings
of --pod are too different. This almost didn't feel worth
refactoring, except the podman-run version fixed a word
and added a possibly important note about infra containers.
I went with the podman-run version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Two different texts, split into two .md files. Nontrivial, but
still easy to review because the text is unchanged.
I was unable to reconcile either version with podman-build,
so that file remains with a separate version.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Tricky one. In particular: podman-kube-play did not enumerate
the "host" option; here I take the liberty of using it in the
common network.md, so it will appear in podman-kube-play.1.
If that is wrong, please tell me ASAP: I will need to un-refactor
podman-kube-play.
Other decisions:
* move the "invalid if" text to the bottom, because it can't
be shared between pod and container man pages.
* ditto for "together with --pod"
* kube-play said "Change the network mode of"; all the others
said ">SET< the network mode >FOR< ...". I chose the latter,
so that's what kube-play will have also. Again, if that's
wrong, please lmk.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Trivial one: no human intervention needed, the man page text
was already identical between both files.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Simple in reality, but hard to review due to lots of little diffs:
- "Logging driver specific options" was only in podman-run; I added it
to create and kube-play.
- whitespace changes, the 'e.g.'s got consistent 4-space indentation
- the "same keys" and "supported only" sentences, I moved up to be
closer to **tag** and without intervening whitespace, because they
were unclear as they were: I believe the intent is to apply those
sentences only to **tag**, not to the **--log-opt** option itself.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Another easy one. Option is only present in these three man pages.
I took the liberty of changing the "See note" text, making it
the same as --env. I also took the liberty of hyphenating
"line-delimited" because that's the correct thing to do.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only among podman create, exec, run. The same option in
podman build, generate-systemd, and secret-create is too
different.
Should be a trivial one to review, the only difference is
a period at the end of one sentence. And, of course, the
"See Environment note" applies only to podman-create and
run, not exec, so it can't be deduplicated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Unusually, I discarded the podman-run version and went with
the one common to attach and start. (The defaults are left
out of the common file, because 'start' is different by
necessity). Please review extra-carefully to make sure
the new wording applies to podman-run, in particular
the "non-TTY mode" words.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only between podman-build, create, and run. podman-pod-create
is too different.
As usual I went with the podman-run version. This means
keeping the word "flag" (which should be "option"), for
ease of review. I will fix in my in-progress cleanup PR.
For podman-build, I removed "during the build" and changed
it to a note for that man page only.
Signed-off-by: Ed Santiago <santiago@redhat.com>
--no-reset and --no-stream, in podman-stats and pod-stats.
Very minor tweak to --no-stream to account for pods.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Mostly went with the podman-run version. For ease of review, I
kept the "you" word -- I will fix that in my in-progress
cleanup PR.
This affects lots of files, each of which had slightly different
wording, but this actually isn't as bad as it looks. The diffs
were minor, and I'm pretty sure the new refactored text applies
equally well to all the man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Three simple options shared among podman-create, exec, run.
I mostly went with the podman-run versions. For --tty, this
means that create and exec get the long stdout/stderr note.
(The example, though, remains only in podman-run). For -i,
mostly boldspace changes.
For --preserve-fds, podman-exec now has the "not with remote"
note (which it didn't until now)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Similar to yesterday's --ip. No changes to content, all I did
was variableize the instances of 'container'/'pod'.
Did not touch podman-network-connect file, but if someone
wants to look at that one and tell me whether all this long
text is applicable to it (or not), I'd appreciate it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Ugh. This had about five different variations among twelve files.
I went with the version from podman-create, kube play, login, pull,
push, run. The others:
- manifest-add and create did not include the "true, false, missing"
text. Now they do. (If this text is N/A to these two, please yell).
Also, these two were written with "talking" instead of "contacting"
the registry.
- podman-build had "does not work with remote", but this
does not seem to be true, so I removed it. None of the
other files had that.
- the wording in podman-search is just weird, with "if needed"
and "is listed" and unclear "insecure registries". I just
nuked it all. If that wording was deliberate, for some reason
that applies only to podman-search, please yell.
- podman-container-runlabel has one diff that I like, actually
spelling out containers-registries.conf(5), but incorporating
that would make this even harder to review. I will add that
to my in-progress doc-cleanup PR.
Review recommendation: run hack/markdown-preprocess-review but
just quit out of it immediately (on both popups). Ignore it completely.
Then cd /tmp/markdown-preprocess-review.diffs/tls-verify and run
$ clear;for i in podman-*;do echo;echo $i;wdiff -t $i zzz-chosen.md;done
This will show the major diffs between each version and the chosen one.
Assumes you have wdiff installed. If you have another colorize-actual-
individual-word-diffs tool installed, use that. I like cdif[1].
[1] https://github.com/kaz-utashiro/sdif-tools
Signed-off-by: Ed Santiago <santiago@redhat.com>
Almost identical between podman-create, run, and pod-create.
The "Notes" are different, so I left those duplicated between
podman-create and run, and left the different one in pod-create.
podman-container-restore also has --publish but it's unrelated.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only shared between podman-create and run. The latter was
updated in #5192, and that is the text I chose.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Only shared by podman-create, -pull, -run. No changes
made other than whitespace, so this should be a gimme.
podman-build, import, and manifest-* also have --os options,
but those are unrelated and I can't find a way to combine
any two of them.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Between podman-create, run, and pod-create. The big difference
is that I changed 'IP' to 'IPv4' in podman-pod-create, I believe
that was an oversight in #12611.
Signed-off-by: Ed Santiago <santiago@redhat.com>
podman-create and -run only. The SELinux text was added
to podman-run (but not -create) in #3631, and reformatted
in #5192. I assume here that it also applies to podman-create.
Per feedback from Dan, added :s0 to SELinux context
Signed-off-by: Ed Santiago <santiago@redhat.com>
Removed a spurious right-bracket; went with upper-case for options;
removed 'you's; added some <<container|pod>>s.
Hard to review because none of the existing man pages had it
quite right.
Signed-off-by: Ed Santiago <santiago@redhat.com>
