105 Commits

Author SHA1 Message Date
7665bbc127 Remove 'you' from man pages
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-12-07 09:29:29 -05:00
d16129330d Add support for startup healthchecks
Startup healthchecks are similar to K8S startup probes, in that
they are a separate check from the regular healthcheck that runs
before it. If the startup healthcheck fails repeatedly, the
associated container is restarted.

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2022-11-28 13:30:29 -05:00
c1db4f85ae Merge pull request #16329 from gupttaru/encryption-decryption-feature
Add encryption decryption feature
2022-11-28 06:33:59 -05:00
3bb9ed4f09 Adding encryption decryption feature
Signed-off-by: Tarun1 Gupta <gupttaru@deshaw.com>
2022-11-24 04:53:59 -05:00
ae8a5a8927 Modify man page of "--pids-limit" option to correct a default value.
Correct the documented default number of pids limit from 4096 to 2048.

Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
2022-11-18 10:48:18 +09:00
b6850e772b Add more documentation on UID/GID Mappings with --userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-11-17 08:03:37 -05:00
dceaa7603f docs: deprecate pasta network name
Since pasta is now considered a network mode using it as network name
causes a conflict. For now we will prefer the named network but in a
future major version bump we want to remove this and just use pasta(1).

The docs should reflect that this name is considered deprecated.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2022-11-14 16:14:47 +01:00
c46df21e7b Merge pull request #16388 from edsantiago/docs_dedup_secopt
[CI:DOCS] Man pages: refactor common options: --security-opt
2022-11-11 15:46:26 +00:00
aa47e05ae4 libpod: Add pasta networking mode
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:

- pasta(1) forks to background once networking is configured in the
  namespace and quits on its own once the namespace is deleted:
  file descriptor synchronisation and PID tracking are not needed

- port forwarding is configured via command line options at start-up,
  instead of an API socket: this is taken care of right away as we're
  about to start pasta

- there's no need for further selection of port forwarding modes:
  pasta behaves similarly to containers-rootlessport for local binds
  (splice() instead of read()/write() pairs, without L2-L4
  translation), and keeps the original source address for non-local
  connections like slirp4netns does

- IPv6 is not an experimental feature, and enabled by default. IPv6
  port forwarding is supported

- by default, addresses and routes are copied from the host, that is,
  container users will see the same IP address and routes as if they
  were in the init namespace context. The interface name is also
  sourced from the host upstream interface with the first default
  route in the routing table. This is also configurable as documented

- sandboxing and seccomp(2) policies cannot be disabled

- only rootless mode is supported.

See https://passt.top for more details about pasta.

Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2022-11-08 00:16:35 +01:00
013bd81417 Merge pull request #16394 from vrothberg/fix-16387
remove container/pod id file along with container/pod
2022-11-04 05:22:57 -04:00
3fee351c35 remove container/pod id file along with container/pod
Remove the container/pod ID file along with the container/pod.  It's
primarily used in the context of systemd and are not useful nor needed
once a container/pod has ceased to exist.

Fixes: #16387
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
2022-11-03 17:07:09 +01:00
274d0f4956 Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
--insecure and --verbose flags for docker compatibility

--tls-verify for syntax compatibility and allow users to inspect
manifests at remote Container Registiries without requiring tls.

Helps fix: https://github.com/containers/podman/issues/14917

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-11-03 08:00:15 -04:00
f95ff4f460 Man pages: refactor common options: --security-opt
This was a horrible one. I basically went with the podman-run
version, with a few minor changes. See PR for discussion of
diff review.

podman-build is not included here, it is too different.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-11-02 13:44:36 -06:00
d76bf4cb5e man pages: assorted underscore fixes
Underscore is special in markdown. We usually escape them
properly, but these are a few that we missed. Found using:

   $ ack '[A-Z]\\fI[A-Z]' docs/build/man

(plus one that I found by accident).

If anyone has ideas on how to add a commit check for these,
please speak up. I'm at a complete loss to automate this.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-31 06:43:57 -06:00
721922fa7e Fix manpage for podman run --network option
This just fixes the indentation which was previously breaking the
list such that the various network modes were just mixed into one large
paragraph instead of a list.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2022-10-25 13:09:51 +02:00
c9c2f644da markdown-preprocess: cross-reference where opts are used
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.

This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.

I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-20 10:57:51 -06:00
8c76738571 Man pages: refactor common options (misc)
Accumulated cleanup from the man-page deduplication effort.
Various minor things that slipped.

 --publish-all : remove duplicate "default is false" (toth @dilyanpalauzov)

 --shm-size    : rephrase 'you' and 'y'all'

 --tls-verify  : make narrower, add asterisks to true/false,
                 and linkify containers-registries.conf

  --volume     : incorporate feedback from @mheon

  rename pid.md to pid.container.md, because there's a pid.pod.md
  for the --pid option used in pod-related man pages.

  ...and some whitespace, comma, other minor edits

Fixes: #15356

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-13 12:14:28 -06:00
617a2de3a4 Man pages: Refactor common options: --detach-keys
Refactored among all files that mentioned it.

DANGER WILL ROBINSON! REVIEW CAREFULLY! Here are two major
decisions I made:

  1) Look at the text for podman-run, in particular the "" text.
     It currently says "will use the default". As best I can
     tell this is not true, so I changed it to "will disable"
     which matches all the other commands.

  2) The "containers.conf" text, I decided, applies to all
     commands, not just podman-run (it was only present in
     podman-run). If this is not the case, please yell.

Other changes are cosmetic formatting stuff, asterisks end newlines.
Hard to review with hack/markdown-preprocess-review, because all
the text is one horrible long line instead of 80-char breaks.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-13 10:42:50 -06:00
a584bb4e74 Man pages: refactor common options: --attach
Only between podman-create and -run; podman-start was too
different. (But please look into it, maybe there's a way
to reconcile the diffs).

Very minor formatting changes made to reconcile the two.
Easy to review using hack/markdown-preprocess-review

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-13 08:35:48 -06:00
57ddeffd0f Man pages: refactor common options: --annotation (manifest)
[Note: I already refactored --annotation for container-related
 commands; this one is for manifest-related commands]

This one needed reconciling: one man page said "newly added image",
the other said "specified image", I just reduced that to "image".
If that's not cool, any suggestions on how to make it better? Or,
just reject this PR, we can live with this duplication.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-12 08:54:04 -06:00
f8b659d095 Man pages: refactor common options: --os-version
Only between the two podman-manifest-* commands. podman-build
is too different.

Easy one, text was already identical

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-06 08:37:48 -06:00
51c3578415 Man pages: refactor common options: --time
Only in container/pod stop/rm/restart man pages; the others
(volume-rm, network-rm, system-service) are too different to refactor.

Mostly an easy one, no manual reconciliation needed apart from
the pod-vs-container difference.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-05 09:59:01 -06:00
3451aac35e Man pages: refactor common options: --pod
Only between podman-create and -run; the other meanings
of --pod are too different. This almost didn't feel worth
refactoring, except the podman-run version fixed a word
and added a possibly important note about infra containers.
I went with the podman-run version.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-05 04:27:47 -06:00
26468c2274 Man pages: refactor common options: --features
Easy one: text was already identical between both files.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-04 11:14:53 -06:00
eaa3892623 Man pages: refactor common options: --variant
Two different texts, split into two .md files. Nontrivial, but
still easy to review because the text is unchanged.

I was unable to reconcile either version with podman-build,
so that file remains with a separate version.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-03 05:07:45 -06:00
9bafd9c462 Man pages: refactor common options: --compression-format
Easy one: text was already identical across both files.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-10-02 11:18:54 -06:00
304dfe80fe Merge pull request #15999 from edsantiago/docs_dedup_sign-passphrase-file
[CI:DOCS] Man pages: Refactor common options: --sign-passphrase-file
2022-09-30 17:13:51 +02:00
0513349355 Merge pull request #15998 from Luap99/play-kube-hostnet
podman kube play allow --network host
2022-09-29 20:26:03 +02:00
e7328cb97c Man pages: refactor common options: --network
Tricky one. In particular: podman-kube-play did not enumerate
the "host" option; here I take the liberty of using it in the
common network.md, so it will appear in podman-kube-play.1.
If that is wrong, please tell me ASAP: I will need to un-refactor
podman-kube-play.

Other decisions:
 * move the "invalid if" text to the bottom, because it can't
   be shared between pod and container man pages.
 * ditto for "together with --pod"
 * kube-play said "Change the network mode of"; all the others
   said ">SET< the network mode >FOR< ...". I chose the latter,
   so that's what kube-play will have also. Again, if that's
   wrong, please lmk.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-29 18:08:19 +02:00
e4c0c8994a Man pages: Refactor common options: --sign-passphrase-file
Trivial one: no human intervention needed, the man page text
was already identical between both files.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-29 09:37:51 -06:00
309f4fb543 Man pages: refactor common options: --log-opt
Simple in reality, but hard to review due to lots of little diffs:

 - "Logging driver specific options" was only in podman-run; I added it
   to create and kube-play.
 - whitespace changes, the 'e.g.'s got consistent 4-space indentation
 - the "same keys" and "supported only" sentences, I moved up to be
   closer to **tag** and without intervening whitespace, because they
   were unclear as they were: I believe the intent is to apply those
   sentences only to **tag**, not to the **--log-opt** option itself.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-29 08:44:00 -06:00
c1ae7f1934 Add SELinux information about boolean for using random devices
Fixes: https://github.com/containers/podman/issues/15930

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-09-26 15:07:17 -04:00
f6724116ab Man pages: refactor common options: --env-file
Another easy one. Option is only present in these three man pages.

I took the liberty of changing the "See note" text, making it
the same as --env. I also took the liberty of hyphenating
"line-delimited" because that's the correct thing to do.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-26 09:17:55 -06:00
fa18d35e89 Man pages: refactor common options: --env
Only among podman create, exec, run. The same option in
podman build, generate-systemd, and secret-create is too
different.

Should be a trivial one to review, the only difference is
a period at the end of one sentence. And, of course, the
"See Environment note" applies only to podman-create and
run, not exec, so it can't be deduplicated.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-26 08:27:54 -06:00
911ceb823a Man pages: Refactor common options: --sig-proxy
Unusually, I discarded the podman-run version and went with
the one common to attach and start. (The defaults are left
out of the common file, because 'start' is different by
necessity). Please review extra-carefully to make sure
the new wording applies to podman-run, in particular
the "non-TTY mode" words.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-26 07:25:10 -06:00
21841dc381 Default to --dns-option to match Docker and Buildah
[NO NEW TESTS NEEDED] Existing tests cover this.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2022-09-16 06:14:35 -04:00
62d1c487d9 Man pages: Refactor common options: --dns
Only between podman-build, create, and run. podman-pod-create
is too different.

As usual I went with the podman-run version. This means
keeping the word "flag" (which should be "option"), for
ease of review. I will fix in my in-progress cleanup PR.

For podman-build, I removed "during the build" and changed
it to a note for that man page only.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-15 10:12:34 -06:00
9ba034293d Man pages: refactor common options: 2 stats opts
--no-reset and --no-stream, in podman-stats and pod-stats.

Very minor tweak to --no-stream to account for pods.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-15 05:17:25 -06:00
3f8591c2fc Man pages: refactor common options: --shm-size
Mostly went with the podman-run version. For ease of review, I
kept the "you" word -- I will fix that in my in-progress
cleanup PR.

This affects lots of files, each of which had slightly different
wording, but this actually isn't as bad as it looks. The diffs
were minor, and I'm pretty sure the new refactored text applies
equally well to all the man pages.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-14 14:31:32 -06:00
f76390d5e6 Man pages: refactor common options: --user
In podman-create, exec, and run. Went with the podman-run version.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-14 12:32:30 -06:00
b6c75a3cc5 Man pages: refactor common options: --preserve-fds, -it
Three simple options shared among podman-create, exec, run.

I mostly went with the podman-run versions. For --tty, this
means that create and exec get the long stdout/stderr note.
(The example, though, remains only in podman-run). For -i,
mostly boldspace changes.

For --preserve-fds, podman-exec now has the "not with remote"
note (which it didn't until now)

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-14 08:15:46 -06:00
4df460836c Man pages: refactor common options: --ip6
Similar to yesterday's --ip. No changes to content, all I did
was variableize the instances of 'container'/'pod'.

Did not touch podman-network-connect file, but if someone
wants to look at that one and tell me whether all this long
text is applicable to it (or not), I'd appreciate it.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-14 05:46:14 -06:00
76eb06330f Man pages: refactor common options: --tls-verify
Ugh. This had about five different variations among twelve files.
I went with the version from podman-create, kube play, login, pull,
push, run. The others:

 - manifest-add and create did not include the "true, false, missing"
   text. Now they do. (If this text is N/A to these two, please yell).
   Also, these two were written with "talking" instead of "contacting"
   the registry.

 - podman-build had "does not work with remote", but this
   does not seem to be true, so I removed it. None of the
   other files had that.

 - the wording in podman-search is just weird, with "if needed"
   and "is listed" and unclear "insecure registries". I just
   nuked it all. If that wording was deliberate, for some reason
   that applies only to podman-search, please yell.

 - podman-container-runlabel has one diff that I like, actually
   spelling out containers-registries.conf(5), but incorporating
   that would make this even harder to review. I will add that
   to my in-progress doc-cleanup PR.

Review recommendation: run hack/markdown-preprocess-review but
just quit out of it immediately (on both popups). Ignore it completely.
Then cd /tmp/markdown-preprocess-review.diffs/tls-verify and run

    $ clear;for i in podman-*;do echo;echo $i;wdiff -t $i zzz-chosen.md;done

This will show the major diffs between each version and the chosen one.
Assumes you have wdiff installed. If you have another colorize-actual-
individual-word-diffs tool installed, use that. I like cdif[1].

 [1] https://github.com/kaz-utashiro/sdif-tools

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 11:15:23 -06:00
d4a0003122 Man pages: Refactor common options: --publish
Almost identical between podman-create, run, and pod-create.
The "Notes" are different, so I left those duplicated between
podman-create and run, and left the different one in pod-create.

podman-container-restore also has --publish but it's unrelated.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 09:02:34 -06:00
dacd594247 Man pages: refactor common options: --publish-all
Only shared between podman-create and run. The latter was
updated in #5192, and that is the text I chose.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 07:51:39 -06:00
74e0511c96 Man pages: refactor common options: --os (pull)
Only shared by podman-create, -pull, -run. No changes
made other than whitespace, so this should be a gimme.

podman-build, import, and manifest-* also have --os options,
but those are unrelated and I can't find a way to combine
any two of them.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 06:35:15 -06:00
f30d4852ef Man pages: refactor common options: --ip
Between podman-create, run, and pod-create. The big difference
is that I changed 'IP' to 'IPv4' in podman-pod-create, I believe
that was an oversight in #12611.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-13 05:14:25 -06:00
09ba2e0b9e Man pages: refactor common options: --rootfs
podman-create and -run only. The SELinux text was added
to podman-run (but not -create) in #3631, and reformatted
in #5192. I assume here that it also applies to podman-create.

Per feedback from Dan, added :s0 to SELinux context

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-12 17:56:57 -06:00
8432ed7488 Merge pull request #15751 from edsantiago/docs_dedup_volumes_from
[CI:DOCS] Man pages: refactor common options: --volumes-from
2022-09-12 19:48:49 +02:00
43da39d317 Man pages: refactor common options: --volumes-from
Removed a spurious right-bracket; went with upper-case for options;
removed 'you's; added some <<container|pod>>s.

Hard to review because none of the existing man pages had it
quite right.

Signed-off-by: Ed Santiago <santiago@redhat.com>
2022-09-12 06:59:19 -06:00