mirror of
https://github.com/containers/podman.git
synced 2025-09-23 13:13:42 +08:00
30d2964ff8
this is second phase of removing unneeded bloat in the remote client. this is important to be able to reduce the client size as well as possible native compilation for windows/mac. Signed-off-by: Brent Baude <bbaude@redhat.com>
533 lines
13 KiB
Go
533 lines
13 KiB
Go
package common
|
|
|
|
import (
|
|
"fmt"
|
|
"os"
|
|
|
|
buildahcli "github.com/containers/buildah/pkg/cli"
|
|
"github.com/containers/common/pkg/config"
|
|
"github.com/sirupsen/logrus"
|
|
"github.com/spf13/pflag"
|
|
)
|
|
|
|
const (
|
|
sizeWithUnitFormat = "(format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))"
|
|
)
|
|
|
|
var (
|
|
defaultContainerConfig = getDefaultContainerConfig()
|
|
)
|
|
|
|
func getDefaultContainerConfig() *config.Config {
|
|
defaultContainerConfig, err := config.Default()
|
|
if err != nil {
|
|
logrus.Error(err)
|
|
os.Exit(1)
|
|
}
|
|
return defaultContainerConfig
|
|
}
|
|
|
|
func GetCreateFlags(cf *ContainerCLIOpts) *pflag.FlagSet {
|
|
createFlags := pflag.FlagSet{}
|
|
createFlags.StringSliceVar(
|
|
&cf.Annotation,
|
|
"annotation", []string{},
|
|
"Add annotations to container (key:value)",
|
|
)
|
|
createFlags.StringSliceVarP(
|
|
&cf.Attach,
|
|
"attach", "a", []string{},
|
|
"Attach to STDIN, STDOUT or STDERR",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Authfile,
|
|
"authfile", buildahcli.GetDefaultAuthFile(),
|
|
"Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.BlkIOWeight,
|
|
"blkio-weight", "",
|
|
"Block IO weight (relative weight) accepts a weight value between 10 and 1000.",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.BlkIOWeightDevice,
|
|
"blkio-weight-device", []string{},
|
|
"Block IO weight (relative device weight, format: `DEVICE_NAME:WEIGHT`)",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.CapAdd,
|
|
"cap-add", []string{},
|
|
"Add capabilities to the container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.CapDrop,
|
|
"cap-drop", []string{},
|
|
"Drop capabilities from the container",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CGroupsNS,
|
|
"cgroupns", getDefaultCgroupNS(),
|
|
"cgroup namespace to use",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CGroups,
|
|
"cgroups", "enabled",
|
|
`control container cgroup configuration ("enabled"|"disabled"|"no-conmon")`,
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CGroupParent,
|
|
"cgroup-parent", "",
|
|
"Optional parent cgroup for the container",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CIDFile,
|
|
"cidfile", "",
|
|
"Write the container ID to the file",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.ConmonPIDFile,
|
|
"conmon-pidfile", "",
|
|
"Path to the file that will receive the PID of conmon",
|
|
)
|
|
createFlags.Uint64Var(
|
|
&cf.CPUPeriod,
|
|
"cpu-period", 0,
|
|
"Limit the CPU CFS (Completely Fair Scheduler) period",
|
|
)
|
|
createFlags.Int64Var(
|
|
&cf.CPUQuota,
|
|
"cpu-quota", 0,
|
|
"Limit the CPU CFS (Completely Fair Scheduler) quota",
|
|
)
|
|
createFlags.Uint64Var(
|
|
&cf.CPURTPeriod,
|
|
"cpu-rt-period", 0,
|
|
"Limit the CPU real-time period in microseconds",
|
|
)
|
|
createFlags.Int64Var(
|
|
&cf.CPURTRuntime,
|
|
"cpu-rt-runtime", 0,
|
|
"Limit the CPU real-time runtime in microseconds",
|
|
)
|
|
createFlags.Uint64Var(
|
|
&cf.CPUShares,
|
|
"cpu-shares", 0,
|
|
"CPU shares (relative weight)",
|
|
)
|
|
createFlags.Float64Var(
|
|
&cf.CPUS,
|
|
"cpus", 0,
|
|
"Number of CPUs. The default is 0.000 which means no limit",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CPUSetCPUs,
|
|
"cpuset-cpus", "",
|
|
"CPUs in which to allow execution (0-3, 0,1)",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.CPUSetMems,
|
|
"cpuset-mems", "",
|
|
"Memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.",
|
|
)
|
|
createFlags.BoolVarP(
|
|
&cf.Detach,
|
|
"detach", "d", false,
|
|
"Run container in background and print container ID",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.DetachKeys,
|
|
"detach-keys", GetDefaultDetachKeys(),
|
|
"Override the key sequence for detaching a container. Format is a single character `[a-Z]` or a comma separated sequence of `ctrl-<value>`, where `<value>` is one of: `a-cf`, `@`, `^`, `[`, `\\`, `]`, `^` or `_`",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.Device,
|
|
"device", getDefaultDevices(),
|
|
fmt.Sprintf("Add a host device to the container"),
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.DeviceCGroupRule,
|
|
"device-cgroup-rule", []string{},
|
|
"Add a rule to the cgroup allowed devices list",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.DeviceReadBPs,
|
|
"device-read-bps", []string{},
|
|
"Limit read rate (bytes per second) from a device (e.g. --device-read-bps=/dev/sda:1mb)",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.DeviceReadIOPs,
|
|
"device-read-iops", []string{},
|
|
"Limit read rate (IO per second) from a device (e.g. --device-read-iops=/dev/sda:1000)",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.DeviceWriteBPs,
|
|
"device-write-bps", []string{},
|
|
"Limit write rate (bytes per second) to a device (e.g. --device-write-bps=/dev/sda:1mb)",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.DeviceWriteIOPs,
|
|
"device-write-iops", []string{},
|
|
"Limit write rate (IO per second) to a device (e.g. --device-write-iops=/dev/sda:1000)",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Entrypoint,
|
|
"entrypoint", "",
|
|
"Overwrite the default ENTRYPOINT of the image",
|
|
)
|
|
createFlags.StringArrayVarP(
|
|
&cf.env,
|
|
"env", "e", getDefaultEnv(),
|
|
"Set environment variables in container",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.EnvHost,
|
|
"env-host", false, "Use all current host environment variables in container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.EnvFile,
|
|
"env-file", []string{},
|
|
"Read in a file of environment variables",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.Expose,
|
|
"expose", []string{},
|
|
"Expose a port or a range of ports",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.GIDMap,
|
|
"gidmap", []string{},
|
|
"GID map to use for the user namespace",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.GroupAdd,
|
|
"group-add", []string{},
|
|
"Add additional groups to join",
|
|
)
|
|
createFlags.Bool(
|
|
"help", false, "",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.HealthCmd,
|
|
"health-cmd", "",
|
|
"set a healthcheck command for the container ('none' disables the existing healthcheck)",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.HealthInterval,
|
|
"health-interval", DefaultHealthCheckInterval,
|
|
"set an interval for the healthchecks (a value of disable results in no automatic timer setup)",
|
|
)
|
|
createFlags.UintVar(
|
|
&cf.HealthRetries,
|
|
"health-retries", DefaultHealthCheckRetries,
|
|
"the number of retries allowed before a healthcheck is considered to be unhealthy",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.HealthStartPeriod,
|
|
"health-start-period", DefaultHealthCheckStartPeriod,
|
|
"the initialization time needed for a container to bootstrap",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.HealthTimeout,
|
|
"health-timeout", DefaultHealthCheckTimeout,
|
|
"the maximum time allowed to complete the healthcheck before an interval is considered failed",
|
|
)
|
|
createFlags.StringVarP(
|
|
&cf.Hostname,
|
|
"hostname", "h", "",
|
|
"Set container hostname",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.HTTPProxy,
|
|
"http-proxy", true,
|
|
"Set proxy environment variables in the container based on the host proxy vars",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.ImageVolume,
|
|
"image-volume", DefaultImageVolume,
|
|
`Tells podman how to handle the builtin image volumes ("bind"|"tmpfs"|"ignore")`,
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.Init,
|
|
"init", false,
|
|
"Run an init binary inside the container that forwards signals and reaps processes",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.InitPath,
|
|
"init-path", getDefaultInitPath(),
|
|
// Do not use the Value field for setting the default value to determine user input (i.e., non-empty string)
|
|
fmt.Sprintf("Path to the container-init binary"),
|
|
)
|
|
createFlags.BoolVarP(
|
|
&cf.Interactive,
|
|
"interactive", "i", false,
|
|
"Keep STDIN open even if not attached",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.IPC,
|
|
"ipc", getDefaultIPCNS(),
|
|
"IPC namespace to use",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.KernelMemory,
|
|
"kernel-memory", "",
|
|
"Kernel memory limit "+sizeWithUnitFormat,
|
|
)
|
|
createFlags.StringArrayVarP(
|
|
&cf.Label,
|
|
"label", "l", []string{},
|
|
"Set metadata on container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.LabelFile,
|
|
"label-file", []string{},
|
|
"Read in a line delimited file of labels",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.LogDriver,
|
|
"log-driver", "",
|
|
"Logging driver for the container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.LogOptions,
|
|
"log-opt", []string{},
|
|
"Logging driver options",
|
|
)
|
|
createFlags.StringVarP(
|
|
&cf.Memory,
|
|
"memory", "m", "",
|
|
"Memory limit "+sizeWithUnitFormat,
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.MemoryReservation,
|
|
"memory-reservation", "",
|
|
"Memory soft limit "+sizeWithUnitFormat,
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.MemorySwap,
|
|
"memory-swap", "",
|
|
"Swap limit equal to memory plus swap: '-1' to enable unlimited swap",
|
|
)
|
|
createFlags.Int64Var(
|
|
&cf.MemorySwappiness,
|
|
"memory-swappiness", -1,
|
|
"Tune container memory swappiness (0 to 100, or -1 for system default)",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Name,
|
|
"name", "",
|
|
"Assign a name to the container",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.NoHealthCheck,
|
|
"no-healthcheck", false,
|
|
"Disable healthchecks on container",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.OOMKillDisable,
|
|
"oom-kill-disable", false,
|
|
"Disable OOM Killer",
|
|
)
|
|
createFlags.IntVar(
|
|
&cf.OOMScoreAdj,
|
|
"oom-score-adj", 0,
|
|
"Tune the host's OOM preferences (-1000 to 1000)",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.OverrideArch,
|
|
"override-arch", "",
|
|
"use `ARCH` instead of the architecture of the machine for choosing images",
|
|
)
|
|
//markFlagHidden(createFlags, "override-arch")
|
|
createFlags.StringVar(
|
|
&cf.OverrideOS,
|
|
"override-os", "",
|
|
"use `OS` instead of the running OS for choosing images",
|
|
)
|
|
//markFlagHidden(createFlags, "override-os")
|
|
createFlags.StringVar(
|
|
&cf.PID,
|
|
"pid", getDefaultPidNS(),
|
|
"PID namespace to use",
|
|
)
|
|
createFlags.Int64Var(
|
|
&cf.PIDsLimit,
|
|
"pids-limit", getDefaultPidsLimit(),
|
|
getDefaultPidsDescription(),
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Pod,
|
|
"pod", "",
|
|
"Run container in an existing pod",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.Privileged,
|
|
"privileged", false,
|
|
"Give extended privileges to container",
|
|
)
|
|
createFlags.BoolVarP(
|
|
&cf.PublishAll,
|
|
"publish-all", "P", false,
|
|
"Publish all exposed ports to random ports on the host interface",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Pull,
|
|
"pull", "missing",
|
|
`Pull image before creating ("always"|"missing"|"never")`,
|
|
)
|
|
createFlags.BoolVarP(
|
|
&cf.Quiet,
|
|
"quiet", "q", false,
|
|
"Suppress output information when pulling images",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.ReadOnly,
|
|
"read-only", false,
|
|
"Make containers root filesystem read-only",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.ReadOnlyTmpFS,
|
|
"read-only-tmpfs", true,
|
|
"When running containers in read-only mode mount a read-write tmpfs on /run, /tmp and /var/tmp",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.Restart,
|
|
"restart", "",
|
|
`Restart policy to apply when a container exits ("always"|"no"|"on-failure")`,
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.Rm,
|
|
"rm", false,
|
|
"Remove container (and pod if created) after exit",
|
|
)
|
|
createFlags.BoolVar(
|
|
&cf.RootFS,
|
|
"rootfs", false,
|
|
"The first argument is not an image but the rootfs to the exploded container",
|
|
)
|
|
createFlags.StringArrayVar(
|
|
&cf.SecurityOpt,
|
|
"security-opt", getDefaultSecurityOptions(),
|
|
fmt.Sprintf("Security Options"),
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.ShmSize,
|
|
"shm-size", getDefaultShmSize(),
|
|
"Size of /dev/shm "+sizeWithUnitFormat,
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.StopSignal,
|
|
"stop-signal", "",
|
|
"Signal to stop a container. Default is SIGTERM",
|
|
)
|
|
createFlags.UintVar(
|
|
&cf.StopTimeout,
|
|
"stop-timeout", defaultContainerConfig.Engine.StopTimeout,
|
|
"Timeout (in seconds) to stop a container. Default is 10",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.StoreageOpt,
|
|
"storage-opt", []string{},
|
|
"Storage driver options per container",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.SubUIDName,
|
|
"subgidname", "",
|
|
"Name of range listed in /etc/subgid for use in user namespace",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.SubGIDName,
|
|
"subuidname", "",
|
|
"Name of range listed in /etc/subuid for use in user namespace",
|
|
)
|
|
|
|
createFlags.StringSliceVar(
|
|
&cf.Sysctl,
|
|
"sysctl", getDefaultSysctls(),
|
|
"Sysctl options",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.SystemdD,
|
|
"systemd", "true",
|
|
`Run container in systemd mode ("true"|"false"|"always")`,
|
|
)
|
|
createFlags.StringArrayVar(
|
|
&cf.TmpFS,
|
|
"tmpfs", []string{},
|
|
"Mount a temporary filesystem (`tmpfs`) into a container",
|
|
)
|
|
createFlags.BoolVarP(
|
|
&cf.TTY,
|
|
"tty", "t", false,
|
|
"Allocate a pseudo-TTY for container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.UIDMap,
|
|
"uidmap", []string{},
|
|
"UID map to use for the user namespace",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.Ulimit,
|
|
"ulimit", getDefaultUlimits(),
|
|
"Ulimit options",
|
|
)
|
|
createFlags.StringVarP(
|
|
&cf.User,
|
|
"user", "u", "",
|
|
"Username or UID (format: <name|uid>[:<group|gid>])",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.UserNS,
|
|
"userns", getDefaultUserNS(),
|
|
"User namespace to use",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.UTS,
|
|
"uts", getDefaultUTSNS(),
|
|
"UTS namespace to use",
|
|
)
|
|
createFlags.StringArrayVar(
|
|
&cf.Mount,
|
|
"mount", []string{},
|
|
"Attach a filesystem mount to the container",
|
|
)
|
|
createFlags.StringArrayVarP(
|
|
&cf.Volume,
|
|
"volume", "v", getDefaultVolumes(),
|
|
"Bind mount a volume into the container",
|
|
)
|
|
createFlags.StringSliceVar(
|
|
&cf.VolumesFrom,
|
|
"volumes-from", []string{},
|
|
"Mount volumes from the specified container(s)",
|
|
)
|
|
createFlags.StringVarP(
|
|
&cf.Workdir,
|
|
"workdir", "w", "",
|
|
"Working directory inside the container",
|
|
)
|
|
createFlags.StringVar(
|
|
&cf.SeccompPolicy,
|
|
"seccomp-policy", "default",
|
|
"Policy for selecting a seccomp profile (experimental)",
|
|
)
|
|
return &createFlags
|
|
}
|
|
|
|
func AliasFlags(f *pflag.FlagSet, name string) pflag.NormalizedName {
|
|
switch name {
|
|
case "healthcheck-command":
|
|
name = "health-cmd"
|
|
case "healthcheck-interval":
|
|
name = "health-interval"
|
|
case "healthcheck-retries":
|
|
name = "health-retries"
|
|
case "healthcheck-start-period":
|
|
name = "health-start-period"
|
|
case "healthcheck-timeout":
|
|
name = "health-timeout"
|
|
case "net":
|
|
name = "network"
|
|
}
|
|
return pflag.NormalizedName(name)
|
|
}
|