Allow adjusting number of locks in libpod.conf via an already
available knob we previously didn't expose in the default config
file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Make it easy for scripts to determine if an image removal
failure. If only errors were no such image exit with 1
versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Make it easy for scripts to determine if a container removal
fails versus the container did not exist.
If only errors were no such container exit with 1 versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Vendors in Buildah 1.7 into Podman.
Also the latest imagebuilder and changes for
`build --target`
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
in the case of the remote-client, it was decided to hide the latest
flag to avoid confusion for end-users on what the "last" container,
volume, or pod are.
Signed-off-by: baude <bbaude@redhat.com>
The original intent behind the requirement was to ensure that, if
two SHM lock structs were open at the same time, we should not
make such a runtime available to the user, and should clean it up
instead.
It turns out that we don't even need to open a second SHM lock
struct - if we get an error mapping the first one due to a lock
count mismatch, we can just delete it, and it cleans itself up
when it errors. So there's no reason not to return a valid
runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The fifth and final chunk of examples for the Cobra
examples in the CLI help output.
Also includes a few man page touchups.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds the third chunk of Cobra examples to the cli help.
As were putting together a release tomorrow, tried to
hit the heavy commands with this PR.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds examples to Cobra help for a second chunk of commands.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
First pass of entries for the Examples listed in the Cobra
Help. Will add others in following PR's.
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Go templates were not being processed or printed correctly for podman
pod stats. Added the ability to do templates as well as honor the
table identifier.
Fixes#2258
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add --all-tags for the `podman pull` command so all tags
of an image will be pulled, not just ':latest'. Emulates
the change in Buildah https://github.com/containers/buildah/pull/1263
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Currently we can get into a state where a container exists in
storage but does not exist in libpod. If the user forces a
removal of this container, then we should remove it from storage
even if the container is owned by another tool.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
After the last update, @mtrmac had some great suggestions which I've incorporated.
I've updated the G:oogle doc and have added this PR in case it's easier to see the diffs.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Lots of users are attempting to run systemd within a container. They are
being blocked from running SELinux systems since they need the
container_manage_cgroup which is not enabled by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We are missing the equivalence of the docker system commands
This patch set adds `podman system prune`
and `podman system info`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
In #1899, @rhatdan asked me to try and tweak the verbiage
a bit in the podman-images-trust man page. I've done so,
or attempted to, and have also added a policy-json(5) link.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Rework the Podman Description. I'm starting off with the Podman man page
to build consensus and we can then add to other places as appropriate.
This partially addresses: #1636
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
we now, by default, only prune dangling images. if --all is passed, we
prune dangling images AND images that do not have an associated containers.
also went ahead and enabled the podman-remote image prune side of things.
Fixes: #2192
Signed-off-by: baude <bbaude@redhat.com>
just tested with podman 1.0.0 on fedora 29
we don't need sudo
I tried this again and it seems like we DO need sudo?
Maybe I misunderstood something
but looks like I am unable to reproduce getting an IP address
also it would be nice if creating a check point
(which I belive means writing to disk) could be done without root
but I guess it depends on where on disk I am writing?
in any case, here is my new console output
```console
[kus@asus-vivobook personal]$ cd libpod/
[kus@asus-vivobook libpod]$ git checkout patch-1
Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'.
Switched to a new branch 'patch-1'
[kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures
Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s
Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s
Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s
Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\"
"IPAddress": "",
[kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\"
[sudo] password for kus:
no such container
[kus@asus-vivobook libpod]$ podman logs --latest
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1
[Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations
[Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND'
[Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize
[kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND
default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND
default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND
default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND
[kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
checkpointing a container requires root
[kus@asus-vivobook libpod]$ podman stop --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman rm --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
```
original:
```console
[kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures
Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s
Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s
Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s
Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1
[kus@mcny ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage
[kus@mcny ~]$
```
Signed-off-by: Kushal <kushaldeveloper@gmail.com>
