systemd expects the value of the option to be `no` instead, but this is
already the default behavior. This fixes the following warning when
running `systemctl status` on the unit:
Failed to parse service restart specifier, ignoring: never
Signed-off-by: Andrew Gunnerson <chillermillerlong@hotmail.com>
`podman-remote manifest push` has shown absolutely no progress at all.
Fix that by doing the same as the remote-push code does.
Like remote-push, `quiet` parameter is true by default for backwards
compatibility.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
Integrate sd-notify policies into `kube play`. The policies can be
configured for all contianers via the `io.containers.sdnotify`
annotation or for indidivual containers via the
`io.containers.sdnotify/$name` annotation.
The `kube play` process will wait for all containers to be ready by
waiting for the individual `READY=1` messages which are received via
the `pkg/systemd/notifyproxy` proxy mechanism.
Also update the simple "container" sd-notify test as it did not fully
test the expected behavior which became obvious when adding the new
tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The notify socket can now either be specified via an environment
variable or programatically (where the env is ignored). The
notify mode and the socket are now also displayed in `container inspect`
which comes in handy for debugging and allows for propper testing.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a new package for proxying notify sockets and waiting for the
READY=1 message to appear. May subject to further changes in
future commits.
Tests make sure that it behaves properly.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
bump github.com/container-orchestrated-devices/container-device-interface from 0.4.0 to 0.5.0
This requires that the cdi.Registry be instantiated with AutoRefresh disabled for CLI clients.
[NO NEW TESTS NEEDED]
Signed-off-by: Evan Lezar <elezar@nvidia.com>
when verifying that the memory was set correctly for a podman machine
instance, we check if the number is between a range because based on
architecture, operating system, and memory itself this number can differ
significantly.
Signed-off-by: Brent Baude <bbaude@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
AWS EC2 keys VM images by an utterly unreadable, horrible to use,
generated "AMI ID" value. This is very error prone for humans in
practice, since it's impossible to tell one image from the next by
eye. Worse, EC2 permits duplicate name-tag values, complicating
image specification further.
However fortunately, Cirrus-CI recently implemented a feature by
which AMI's may be referenced by a name-tag search - choosing
the most recent AMI found. Since the `containers/automation_images`
build workflow always assigns a unique name + `$IMAGE_SUFFIX` value,
we can simply re-use it for both AWS and GCP image specification.
In other words as of this commit, specifying new CI VM images can
be done by simply updating the `$IMAGE_SUFFIX` value as we've always
done. No need to call out a specific AMI ID just for EC2 tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
Followup to #15174. These are the options that are easy(ish)
to review: those that have only drifted slightly, and need
only minor tweaks to bring back to sanity. For the most part,
I went with the text in podman-run because that was cleaned up
in #5192 way back in 2020. These diffs primarily consist of
using '**' (star star) instead of backticks, plus other
formatting and punctuation changes.
This PR also adds a README in the options dir, and a new
convention: <<container text...|pod text...>> which tries
to do the right thing based on whether the man page name
includes "-pod-" or not. Since that's kind of hairy code,
I've also added a test suite for it.
Finally, since this is impossible to review by normal means,
I'm temporarily committing hack/markdown-preprocess-review,
a script that will diff option-by-option. I will remove it
once we finish this cleanup, but be advised that there are
still 130+ options left to examine, and some of those are
going to be really hard to reunite.
Review script usage: simply run it (you need to have 'diffuse'
installed). It isn't exactly obvious, but it shouldn't take more
than a minute to figure out. The rightmost column (zzz-chosen.md)
is the "winner", the actual content that will be used henceforth.
You really want an ultrawide screen here.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Skip some newly added test for remote and modify error output of a test
case which is reporter early in case of podman.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
As the title says.
Vendor Buildah v1.27.0 into Podman in preparation for Buildah v4.2
[No New Tests Needed]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
The new apple silicon processesors (m1/m2) are capable of using a performent apple
hypervisor (included in macos). Our "virtual providers" for podman
machine are part of an interface design. This PR provides an
implementation of the interface to begin the work for supporting the
apple hypervisor. It is basically only a skeletal PR.
The actual code for using the hypervisor and launching a machine will
come as several new PRs following the inclusion of this one.
There will likely be code reuse between the applehv and qemu code; but
none of that code is being moved at this time. It will be moved "on
demand" during development.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
our native API was consuming the docker compat type for the API since the two have the exact same name. Fix this by renaming
LogConfig to LogConfigLibpod
resolves#15138
Signed-off-by: Charlie Doern <cdoern@redhat.com>
if an explicit mapping is specified, do not accept `--userns` since it
overriden to "private".
Closes: https://github.com/containers/podman/issues/15233
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
use the sandbox id instead of the name for the
io.kubernetes.cri-o.SandboxID annotation used by gVisor.
Closes: https://github.com/containers/podman/issues/15223
[NO NEW TESTS NEEDED] it is specific to gVisor
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
to compile arm bits the GOARCH should be set to amd64 script
was wrongly using aarch64 instead
[NO NEW TESTS NEEDED]
Signed-off-by: Anjan Nath <kaludios@gmail.com>
Currently bindings writes image push progress to os.Stderr.
Since os.Stderr is inconvenience for bindings caller to
process the progress messages, Added this support.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
