integration of healthcheck into create and run as well as inspect.
healthcheck enhancements are as follows:
* add the following options to create|run so that non-docker images can
define healthchecks at the container level.
* --healthcheck-command
* --healthcheck-retries
* --healthcheck-interval
* --healthcheck-start-period
* podman create|run --healthcheck-command=none disables healthcheck as
described by an image.
* the healthcheck itself and the healthcheck "history" can now be
observed in podman inspect
* added the wiring for healthcheck history which logs the health history
of the container, the current failed streak attempts, and log entries
for the last five attempts which themselves have start and stop times,
result, and a 500 character truncated (if needed) log of stderr/stdout.
The timings themselves are not implemented in this PR but will be in
future enablement (i.e. next).
Signed-off-by: baude <bbaude@redhat.com>
In lipod, we now log major events that occurr. These events
can be displayed using the `podman events` command. Each
event contains:
* Type (container, image, volume, pod...)
* Status (create, rm, stop, kill, ....)
* Timestamp in RFC3339Nano format
* Name (if applicable)
* Image (if applicable)
The format of the event and the varlink endpoint are to not
be considered stable until cockpit has done its enablement.
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
With later changes of Podman, you can now use both the
--rm and --detach in a single run command. This PR removes
the documentation in the man pages saying this is not
allowed.
Fixes: #2601
allow to configure the path to the network-cmd binary, either via an
option flag --network-cmd-path or through the libpod.conf
configuration file.
This is currently used to customize the path to the slirp4netns
binary.
Closes: https://github.com/containers/libpod/issues/2506
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
...caught by hack/podman-commands.sh script. Which had a little
buglet, which I fixed: add a special case for 'help', which
neither has nor needs a man page.
I believe the podman-commands.sh script is ready to be run in CI,
hint hint.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add the ability to manually run a container's healthcheck command.
This is only the first phase of implementing the healthcheck.
Subsequent pull requests will deal with the exposing the results and
history of healthchecks as well as the scheduling.
Signed-off-by: baude <bbaude@redhat.com>
In cases where a user issues the podman container runlabel
command and the image is not local, we now default to pulling
the image automatically to mimic the atomic cli behavior.
Fixes: BZ #1677905
Signed-off-by: baude <bbaude@redhat.com>
Found via:
for i in docs/*.md;do x=$(perl -ne 'if (/\[(podman-.*?)\(1\)\]\((podman-.*?)\.1\.md/) { print " $1 != $2\n" if $1 ne $2; print " ENOENT $2\n" unless -e "docs/$2.1.md" }' <$i); if [ -n "$x" ]; then echo $i; echo "$x";fi;done
...which is probably a good candidate for another CI hook,
except I have no idea how to rewrite it in awk.
Additionally, mark `podman refresh` and `podman container refresh`
as hidden, remove its man page, and remove references to it from
all other man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Conceptually simple: include, where applicable, a brief
description of command-line options for each subcommand.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Allow adjusting number of locks in libpod.conf via an already
available knob we previously didn't expose in the default config
file.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Make it easy for scripts to determine if an image removal
failure. If only errors were no such image exit with 1
versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Make it easy for scripts to determine if a container removal
fails versus the container did not exist.
If only errors were no such container exit with 1 versus 125.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If user specifies network namespace and the /etc/netns/XXX/resolv.conf
exists, we should use this rather then /etc/resolv.conf
Also fail cleaner if the user specifies an invalid Network Namespace.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Vendors in Buildah 1.7 into Podman.
Also the latest imagebuilder and changes for
`build --target`
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
in the case of the remote-client, it was decided to hide the latest
flag to avoid confusion for end-users on what the "last" container,
volume, or pod are.
Signed-off-by: baude <bbaude@redhat.com>
The original intent behind the requirement was to ensure that, if
two SHM lock structs were open at the same time, we should not
make such a runtime available to the user, and should clean it up
instead.
It turns out that we don't even need to open a second SHM lock
struct - if we get an error mapping the first one due to a lock
count mismatch, we can just delete it, and it cleans itself up
when it errors. So there's no reason not to return a valid
runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The fifth and final chunk of examples for the Cobra
examples in the CLI help output.
Also includes a few man page touchups.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds the third chunk of Cobra examples to the cli help.
As were putting together a release tomorrow, tried to
hit the heavy commands with this PR.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adds examples to Cobra help for a second chunk of commands.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
First pass of entries for the Examples listed in the Cobra
Help. Will add others in following PR's.
iFix builtin volumes to work with podman volume
Currently builtin volumes are not recored in podman volumes when
they are created automatically. This patch fixes this.
Remove container volumes when requested
Currently the --volume option on podman remove does nothing.
This will implement the changes needed to remove the volumes
if the user requests it.
When removing a volume make sure that no container uses the volume.
Signed-off-by: Daniel J Walsh dwalsh@redhat.com
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Go templates were not being processed or printed correctly for podman
pod stats. Added the ability to do templates as well as honor the
table identifier.
Fixes#2258
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add --all-tags for the `podman pull` command so all tags
of an image will be pulled, not just ':latest'. Emulates
the change in Buildah https://github.com/containers/buildah/pull/1263
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Currently we can get into a state where a container exists in
storage but does not exist in libpod. If the user forces a
removal of this container, then we should remove it from storage
even if the container is owned by another tool.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
After the last update, @mtrmac had some great suggestions which I've incorporated.
I've updated the G:oogle doc and have added this PR in case it's easier to see the diffs.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Lots of users are attempting to run systemd within a container. They are
being blocked from running SELinux systems since they need the
container_manage_cgroup which is not enabled by default.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We are missing the equivalence of the docker system commands
This patch set adds `podman system prune`
and `podman system info`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
In #1899, @rhatdan asked me to try and tweak the verbiage
a bit in the podman-images-trust man page. I've done so,
or attempted to, and have also added a policy-json(5) link.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Rework the Podman Description. I'm starting off with the Podman man page
to build consensus and we can then add to other places as appropriate.
This partially addresses: #1636
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
we now, by default, only prune dangling images. if --all is passed, we
prune dangling images AND images that do not have an associated containers.
also went ahead and enabled the podman-remote image prune side of things.
Fixes: #2192
Signed-off-by: baude <bbaude@redhat.com>
just tested with podman 1.0.0 on fedora 29
we don't need sudo
I tried this again and it seems like we DO need sudo?
Maybe I misunderstood something
but looks like I am unable to reproduce getting an IP address
also it would be nice if creating a check point
(which I belive means writing to disk) could be done without root
but I guess it depends on where on disk I am writing?
in any case, here is my new console output
```console
[kus@asus-vivobook personal]$ cd libpod/
[kus@asus-vivobook libpod]$ git checkout patch-1
Branch 'patch-1' set up to track remote branch 'patch-1' from 'origin'.
Switched to a new branch 'patch-1'
[kus@asus-vivobook libpod]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f29/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f29/httpd...Getting image source signatures
Copying blob 281a37f51f75: 85.68 MiB / 85.68 MiB [=======================] 1m47s
Copying blob ab0d48faadd2: 4.64 MiB / 4.64 MiB [=========================] 1m47s
Copying blob e1bf69dce18d: 49.77 MiB / 49.77 MiB [=======================] 1m47s
Copying config 532763348c4e: 6.66 KiB / 6.66 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 4 seconds ago Up 3 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman inspect -l | grep IPAddress\"
"IPAddress": "",
[kus@asus-vivobook libpod]$ sudo podman inspect -l | grep IPAddress\"
[sudo] password for kus:
no such container
[kus@asus-vivobook libpod]$ podman logs --latest
=> sourcing 10-set-mpm.sh ...
=> sourcing 20-copy-config.sh ...
=> sourcing 40-ssl-certs.sh ...
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.887673 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 10.0.2.100. Set the 'ServerName' directive globally to suppress this message
[Tue Jan 22 12:59:38.998169 2019] [ssl:warn] [pid 1:tid 140100965338496] AH01909: 10.0.2.100:8443:0 server certificate does NOT include an ID which matches the server name
[Tue Jan 22 12:59:38.998876 2019] [lbmethod_heartbeat:notice] [pid 1:tid 140100965338496] AH02282: No slotmem from mod_heartmonitor
[Tue Jan 22 12:59:39.001562 2019] [cgid:error] [pid 28:tid 140100965338496] (13)Permission denied: AH01243: Couldn't bind unix domain socket /run/httpd/cgisock.1
[Tue Jan 22 12:59:39.006051 2019] [mpm_event:notice] [pid 1:tid 140100965338496] AH00489: Apache/2.4.37 (Fedora) OpenSSL/1.1.1-pre9 configured -- resuming normal operations
[Tue Jan 22 12:59:39.006164 2019] [core:notice] [pid 1:tid 140100965338496] AH00094: Command line: 'httpd -D FOREGROUND'
[Tue Jan 22 12:59:39.006445 2019] [cgid:crit] [pid 1:tid 140100965338496] AH01238: cgid daemon failed to initialize
[kus@asus-vivobook libpod]$ podman top 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
USER PID PPID %CPU ELAPSED TTY TIME COMMAND
default 1 0 0.000 2m10.968144627s pts/0 0s httpd -D FOREGROUND
default 24 1 0.000 2m9.968688975s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 25 1 0.000 2m9.968784295s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 26 1 0.000 2m9.968880829s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 27 1 0.000 2m9.968997468s pts/0 0s /usr/bin/coreutils --coreutils-prog-shebang=cat /usr/bin/cat
default 29 1 0.000 2m9.969134191s pts/0 0s httpd -D FOREGROUND
default 38 1 0.000 2m9.969239549s pts/0 0s httpd -D FOREGROUND
default 72 1 0.000 2m9.969344456s pts/0 0s httpd -D FOREGROUND
[kus@asus-vivobook libpod]$ podman container checkpoint 78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
checkpointing a container requires root
[kus@asus-vivobook libpod]$ podman stop --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
[kus@asus-vivobook libpod]$ podman ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
78917177dbf7 registry.fedoraproject.org/f29/httpd:latest container-entrypo... 3 minutes ago Exited (0) 9 seconds ago nifty_lewin
[kus@asus-vivobook libpod]$ podman rm --latest
78917177dbf7634993fdcc44e0bc90c9422482b9a9e757c85c14dfd1ee09c777
```
original:
```console
[kus@mcny ~]$ podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures
Copying blob ff3dab903f92: 80.73 MiB / 80.73 MiB [=========================] 14s
Copying blob 9347d6e9d864: 7.30 MiB / 7.30 MiB [===========================] 14s
Copying blob 2fc5c44251d4: 44.82 MiB / 44.82 MiB [=========================] 14s
Copying config 18f01f6f77ef: 6.55 KiB / 6.55 KiB [==========================] 0s
Writing manifest to image destination
Storing signatures
d0362571c3850159315778700a63a305296150177578a9339cca0d9c86ed97f1
[kus@mcny ~]$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d0362571c385 registry.fedoraproject.org/f27/httpd:latest container-entrypo... 36 seconds ago Up 36 seconds ago happy_babbage
[kus@mcny ~]$
```
Signed-off-by: Kushal <kushaldeveloper@gmail.com>
we can define multiple OCI runtimes that can be chosen with
--runtime.
in libpod.conf is possible to specify them with:
[runtimes]
foo = [
"/usr/bin/foo",
"/usr/sbin/foo",
]
bar = [
"/usr/bin/foo",
"/usr/sbin/foo",
]
If the argument to --runtime is an absolute path then it is used
directly without any lookup in the configuration.
Closes: https://github.com/containers/libpod/issues/1750
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There's been a lot of discussion over in [1] about how to support the
NVIDIA folks and others who want to be able to create devices
(possibly after having loaded kernel modules) and bind userspace
libraries into the container. Currently that's happening in the
middle of runc's create-time mount handling before the container
pivots to its new root directory with runc's incorrectly-timed
prestart hook trigger [2]. With this commit, we extend hooks with a
'precreate' stage to allow trusted parties to manipulate the config
JSON before calling the runtime's 'create'.
I'm recycling the existing Hook schema from pkg/hooks for this,
because we'll want Timeout for reliability and When to avoid the
expense of fork/exec when a given hook does not need to make config
changes [3].
[1]: https://github.com/opencontainers/runc/pull/1811
[2]: https://github.com/opencontainers/runc/issues/1710
[3]: https://github.com/containers/libpod/issues/1828#issuecomment-439888059
Signed-off-by: W. Trevor King <wking@tremily.us>
The --sig-proxy option in both 'podman attach' and 'podman run' default
to true, and there's no reason for 'podman start --attach' to be any
different. However, since it only makes sense to proxy signals when
the container is attached, 'podman start --sig-proxy' will continue to
error if --attach isn't used.
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
Generate a signature claim for an image using user keyring (--sign-by). The signature file will be stored in simple json format under the default or the given directory (--directory or yaml file in /etc/containers/registries.d/).
Signed-off-by: Qi Wang <qiwan@redhat.com>
Users have no idea what storage configuration file is used to setup
storage, so adding this to podman info, should make it easier to
discover.
This requires a revendor of containers/storage
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonitFixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
A common failure with people building container images is the
creation of large sparse files, particularly useradd creating
the lastlog file.
This PR Documents the failures.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Allow multiple alias for listing containers and images.
Also fix documentation for umount and unmount
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman play kube adds the ability for the user to recreate pods and containers
from a Kubernetes YAML file in libpod.
Signed-off-by: baude <bbaude@redhat.com>
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
We need to recommend that users use Systemd unit files if they want
the container to restart automatically.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
no longer require the service object be output to a different file; we should be
doing this inline with the pods for user convenience.
Signed-off-by: baude <bbaude@redhat.com>
Returns user if user is logged-in to the registry. Returns error
if not logged in with non-zero status code.
Signed-off-by: Theodore Cowan <theodore-cowan@pluralsight.com>
like podman stop of containers, we should allow the user to specify
a timeout override when stopping pods; otherwise they have to wait
the full timeout time specified during the pod/container creation.
Signed-off-by: baude <bbaude@redhat.com>
Following SystemContext.DockerInsecureSkipTLSVerify, make the
DockerRegistryOne also an OptionalBool, and update callers.
Explicitly document that --tls-verify=true and --tls-verify unset
have different behavior in those commands where the behavior changed
(or where it hasn't changed but the documentation needed updating).
Also make the --tls-verify man page sections a tiny bit more consistent
throughout.
This is a minimal fix, without changing the existing "--tls-verify=true"
paths nor existing manual insecure registry lookups.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Per discussion with Dan, it would be better to automatically
handle potential runtime errors by automatically syncing if they
occur. Retaining the flag for `ps` makes sense, as we won't even
be calling the OCI runtime and as such won't see errors if the
state desyncs, but rm can be handled automatically.
The automatic desync handling code will take some additional work
so we'll land this as-is (sync on ps is enough to solve most
desync issues).
Signed-off-by: Matthew Heon <mheon@redhat.com>
The previous commit added support for --sync to podman rm to
ensure state inconsistencies would not prevent containers from
being removed.
Add the flag to podman ps as well, so that all containers can be
forcibly synced and all state inconsistencies resolved.
Signed-off-by: Matthew Heon <mheon@redhat.com>
With the changes made recently to ensure Podman does not hit the
OCI runtime as often to sync state, we can find ourselves in a
situation where the runtime's state does not match ours.
Add a --sync flag to podman rm to ensure we can still remove
containers when this happens.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Add support for podman volume and its subcommands.
The commands supported are:
podman volume create
podman volume inspect
podman volume ls
podman volume rm
podman volume prune
This is a tool to manage volumes used by podman. For now it only handle
named volumes, but eventually it will handle all volumes used by podman.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Allow user to prune unused/unnamed images, the layer images from building,
via podman rmi --prune.
Allow user to prune stopped/exiuted containers via podman rm --prune.
This should resolve#1910
Signed-off-by: baude <bbaude@redhat.com>
when a user specifies --pod to podman create|run, we should create that pod
automatically. the port bindings from the container are then inherited by
the infra container. this signicantly improves the workflow of running
containers inside pods with podman. the user is still encouraged to use
podman pod create to have more granular control of the pod create options.
Signed-off-by: baude <bbaude@redhat.com>
Part of the motivation for 800eb863 (Hooks supports two directories,
process default and override, 2018-09-17, #1487) was [1]:
> We only use this for override. The reason this was caught is people
> are trying to get hooks to work with CoreOS. You are not allowed to
> write to /usr/share... on CoreOS, so they wanted podman to also look
> at /etc, where users and third parties can write.
But we'd also been disabling hooks completely for rootless users. And
even for root users, the override logic was tricky when folks actually
had content in both directories. For example, if you wanted to
disable a hook from the default directory, you'd have to add a no-op
hook to the override directory.
Also, the previous implementation failed to handle the case where
there hooks defined in the override directory but the default
directory did not exist:
$ podman version
Version: 0.11.2-dev
Go Version: go1.10.3
Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214"
Built: Sun Dec 2 21:30:06 2018
OS/Arch: linux/amd64
$ ls -l /etc/containers/oci/hooks.d/test.json
-rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json
$ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook
time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d"
time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)"
With this commit:
$ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook
time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d"
time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d"
time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json"
time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]"
time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory"
time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\""
(I'd setup the hook to error out). You can see that it's silenly
ignoring the ENOENT for /usr/share/containers/oci/hooks.d and
continuing on to load hooks from /etc/containers/oci/hooks.d.
When it loads the hook, it also logs a warning-level message
suggesting that callers explicitly configure their hook directories.
That will help consumers migrate, so we can drop the implicit hook
directories in some future release. When folks *do* explicitly
configure hook directories (via the newly-public --hooks-dir and
hooks_dir options), we error out if they're missing:
$ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container'
error setting up OCI Hooks: open /does/not/exist: no such file or directory
I've dropped the trailing "path" from the old, hidden --hooks-dir-path
and hooks_dir_path because I think "dir(ectory)" is already enough
context for "we expect a path argument". I consider this name change
non-breaking because the old forms were undocumented.
Coming back to rootless users, I've enabled hooks now. I expect they
were previously disabled because users had no way to avoid
/usr/share/containers/oci/hooks.d which might contain hooks that
required root permissions. But now rootless users will have to
explicitly configure hook directories, and since their default config
is from ~/.config/containers/libpod.conf, it's a misconfiguration if
it contains hooks_dir entries which point at directories with hooks
that require root access. We error out so they can fix their
libpod.conf.
[1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355
Signed-off-by: W. Trevor King <wking@tremily.us>
like containers and images, users would benefit from being able to check
if a pod exists in local storage. if the pod exists, the return code is 0.
if the pod does not exists, the return code is 1. Any other return code
indicates a real errors, such as permissions or runtime.
Signed-off-by: baude <bbaude@redhat.com>
We now default to setting storage options to "nodev", when running
privileged containers, we need to turn this off so the processes can
manipulate the image.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add an exists subcommand to podman container and podman image that allows
users to verify the existence of a container or image by ID or name. The return
code can be 0 (success), 1 (failed to find), or 125 (failed to work with runtime).
Issue #1845
Signed-off-by: baude <bbaude@redhat.com>
This adds the '--leave-running, -R' to the container-checkpoint man
page. As the information for '--all, -a' and '--latest, -l' was also
still missing it is included in this commit.
Signed-off-by: Adrian Reber <areber@redhat.com>
we need to allow users to expose ports to the host for the purposes
of networking, like a webserver. the port exposure must be done at
the time the pod is created.
strictly speaking, the port exposure occurs on the infra container.
Signed-off-by: baude <bbaude@redhat.com>
For the shell examples related to building and installing podman, remove the
shell prompt indicator character '$'.
This makes copying and pasting lines much easier.
Retain the prompt indicator for the post-install shell examples, since they
(often) mix shell commands and shell command output, so it serves a useful
purpose to distinguish them.
Signed-off-by: Jonathan Dowland <jdowland@redhat.com>
Need to return an error pointing user in right direction if rootless podman
fails, because of no /etc/subuid or /etc/subgid files.
Also fix up man pages to better describe rootless podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We now can remove a paused container by sending it a kill signal while it
is paused. We then unpause the container and it is immediately killed.
Also, reworked how the parallelWorker results are handled to provide a
more consistent approach to how each subcommand implements it. It also
fixes a bug where if one container errors, the error message is duplicated
when printed out.
Signed-off-by: baude <bbaude@redhat.com>
If fuse-overlayfs is present, rootless containers default to use it.
This can still be overriden either via the command line with
--storage-driver or in the ~/.config/containers/storage.conf
configuration file.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Operations like kill, pause, and unpause -- which can operation on one or
more containers -- can greatly benefit from parallizing its main job (eq kill).
In the case of pauseand unpause, an --all option as was added. pause --all will
pause all **running** containers. And unpause --all will unpause all **paused**
containers.
Signed-off-by: baude <bbaude@redhat.com>
When attempting to restart many containers, we can benefit from making
the restarts parallel. For convenience, two new options are added:
--all attempts to restart all containers
--run-only when used with --all will attempt to restart only running containers
Signed-off-by: baude <bbaude@redhat.com>
* Add support for pod -- create, inspect, kill, pause, ps, rm,
restart, start, stop, top, unpause
* Update pylintrc to better reflect pep8 code standards
* Fix various pylint reported errors
* Refactor code that determines screen width to no longer
require initializing curses. Improved start up time and
pushing data blob down ssh tunnel.
* Correct pod-create man page, cgroupparent not boolean
* Abort integration tests if podman service fails to start
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Runc disables systemd cgroup support when build statically, so
don't tell people to do that now that we're defaulting to systemd
for cgroup management.
Also, fix some error messages to use the proper ID() call for
containers.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Execute the command as described by a container image. The value of the label is processed
into a command by:
1. Ensuring the first argument of the command is podman.
2. Substituting any variables with those defined by the environment or otherwise.
If no label exists in the container image, nothing is done.
podman container runlabel LABEL IMAGE extra_args
Signed-off-by: baude <bbaude@redhat.com>
For the sake of debug and problem reporting, we would benefit from knowing
what buildah version was vendored into podman. Also, knowing the distribution
and distribution version would also be handy.
Signed-off-by: baude <bbaude@redhat.com>
Also update some missing fields libpod.conf obtions in man pages.
Fix sort order of security options and add a note about disabling
labeling.
When a process requests a new label. libpod needs to reserve all
labels to make sure that their are no conflicts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1406
Approved by: mheon
ALso cleanup files section or podman man page
Add description of policy.json
Sort alphabetically.
Add more info on oci hooks
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1487
Approved by: umohnani8
Adds functionality to search registries implementing the v2
endpoint with an empty query, that is the results will be
all the available images on the registries.
If this is tried with a v1 registry an error will occur.
To search a whole registry, there needs to be a trailing slash
at the end, i.e `podman search registry.fedoraproject.org/`.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Closes: #1444
Approved by: rhatdan
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
While this is not implemented yet, it is needed for working with existing
docker scripts.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1460
Approved by: mheon
podman build docs should now reflect that the --layers default value is true.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1424
Approved by: mheon
This proposes a more comprehensible man page.
A number of things have been lost in translation and this should be reviewed:
- the former docs from --userns say that it is disabled by default. I
suppose that this is the same as --userns:host, but this should be confirmed.
It also stated that is would use options like pid=host, which confuses me
as pid namespaces are a totally different thing from user namespaces. It also
mentions the enabling of --privileged. I think the difference between using
--userns:host and not using any user namespace options at all is not clear
and maybe not very logical. Also what would be the difference between using
--userns:host and using --priveleged alone?
- I found the syntax for --gidmap at the bottom of the man page in the examples.
In the example it doesn't use '=', eg. podman run `--gidmap 0:30000:2000`.
For consistency with the other options I have used '=' for now, but if it is
optional, I would remove it everywhere, as less tokens is usually improved
readability. For now the inconsistency remains between the options doc and the
examples section.
- It wasn't very clear to me whether one should hard wrap long lines or not as the
contains a mix.
- I haven't for now looked at user namespace options on other commands, but
that should be done surely before merging.
- I didn't know which command to run to generate the groff, so that needs doing still.
from issue #1374
Signed-off-by: Naja Melan <najamelan@autistici.org>
Signed-off-by: Naja Melan <najamelan@autistici.org>
Closes: #1380
Approved by: rhatdan
All bash examples are now placed in a code section (```). The PS1
prompt is set to `$`.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
Base heading is level 2, which is identical to the level 1. However
level 3 will be indendet which is used a lot in the `## EXAMPLES`
sections.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
- second heading
- consistent mail addresses <user@domain.com>
- change order with latest changes first
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1375
Approved by: rhatdan
This will help document the defaults in podman build.
podman build --help will now show the defaults and mention
the environment variables that can be set to change them.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1364
Approved by: mheon
The `--rm` flag will only cause a container to be removed when it has
been created and started successfully. Otherwise, it will not be
removed to allow the container to be inspected and to analyze the root
cause of the failure. Document those semantics more clearly in the
manpages to avoid confusion for users.
Fixes: #1359
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1362
Approved by: rhatdan
Add a containers-mounts.conf(5) manpage. The mounts.conf is used by
other tools (e.g., CRI-O) as well. A dedicated manpage reduces
redundancy.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
Use the "containers-" prefix for all references to the
containers-registries.conf and containers-storage.conf
configuration files.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1350
Approved by: rhatdan
I am often asked about the list of capabilities availabel to a container.
We should be listing this data in the inspect command for effective
capabilities and the bounding set.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1335
Approved by: TomSweeneyRedHat
A pause container is added to the pod if the user opts in. The default pause image and command can be overridden. Pause containers are ignored in ps unless the -a option is present. Pod inspect and pod ps show shared namespaces and pause container. A pause container can't be removed with podman rm, and a pod can be removed if it only has a pause container.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1187
Approved by: mheon
Using the vendored changes from psgo, incorporate JoinNamespaceAndProcessInfoByPids to get process information for each pid namespace of running containers in the pod. Also added a man page, and tests.
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1298
Approved by: mheon
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
Default settings for storage can be overriden by setting these environment
variables.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1282
Approved by: mheon
podman does not support nocopy so remove reference in the man page.
podman build now supports --isolation, so add documentation.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1225
Approved by: TomSweeneyRedHat
It will be handy to know the runc and conmon versions as our
code gets into the wild.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1207
Approved by: rhatdan
This adds support for Dockerfile.in and fixes some limits
issues on docker build
Also adds support for podman build to read Dockerfile from stdin.
cat Dockerfile | podman build -f - .
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1209
Approved by: mheon
podman umount will currently only unmount file system if not other
process is using it, otherwise the umount decrements the container
storage to indicate that the caller is no longer using the mount
point, once the count gets to 0, the file system is actually unmounted.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1184
Approved by: TomSweeneyRedHat
Added Pause() and Unpause() to libpod/pod.go
Added man pages, tests and completions
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #1126
Approved by: rhatdan
Better explain the inner workings of both state types in comments
to make reviews and changes easier.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Trying to play with podman top, I had a hard time
finding info on format options.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1134
Approved by: umohnani8
As well as added tests, man pages, and completions.
Also reformatted and refactored a couple of other small things in the other pod commands.
Signed-off-by: haircommander <pehunt@redhat.com>
Use github.com/containers/psgo instead of execing `ps (1)`. The psgo
library enables a much more flexible interface with respect to which
data to be printed (e.g., capabilities, seccomp mode, PID, PCPU, etc.)
while the output can be parsed reliably. The library does not use
ps (1) but parses /proc and /dev instead. To list the processes of a
given container, psgo will join the mount namespace of the given
container and extract all data from there.
Notice that this commit breaks compatibility with docker-top.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1113
Approved by: rhatdan
Most images won't work without multiple ids/gids. Error out
immediately if there are no multiple ids available.
The error code when the user is not present in /etc/sub{g,u}id looks
like:
$ bin/podman run --rm -ti alpine echo hello
ERRO[0000] No subuid ranges found for user "gscrivano"
Closes: https://github.com/projectatomic/libpod/issues/1087
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1097
Approved by: rhatdan
podman now supports --volumes-from flag, which allows users
to add all the volumes an existing container has to a new one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #931
Approved by: mheon
man-pages(7) has [1]:
> For commands, this shows the syntax of the command and its arguments
> (including options); boldface is used for as-is text and italics are
> used to indicate replaceable arguments. Brackets ([]) surround
> optional arguments, vertical bars (|) separate choices, and ellipses
> (...) can be repeated.
I've adjusted our SYNOPSIS entries to match that formatting, and
generally tried to make them more consistent with the precedent set by
the man-pages project. Outside of the SYNOPSIS entry, I prefer using
backticks for literals, although in some places I've left the **
bolding to keep things visually similar to a nearby SYNOPSIS entry.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1027
Approved by: rhatdan
When we run containers in detach mode, nothing cleans up the network stack or
the mount points. This patch will tell conmon to execute the cleanup code when
the container exits.
It can also be called to attempt to cleanup previously running containers.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #942
Approved by: mheon
Instead of setting the --registry flag to search a single registry,
prefix the registry before the image name in the input, an example is
`podman search registry.fedoraproject.org/fedora` and this will search for
the fedora image in only registry.fedoraproject.org.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #1011
Approved by: rhatdan
Since podman search requires credentials to search private registries,
add the --authfile flag to allow users to pass in credentials from a
different authfile than the default one.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #998
Approved by: rhatdan
podman image and podman container have alternate CLI
to standard CLI for a lot of commands. The man pages
can be shared between both. This patch adds links so that
of some executes
`podman image load`, they will actually see the `podman load` man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #993
Approved by: mheon
Signals are proxied to the container process whether or not
the tty is used
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #984
Approved by: mheon
Also podman ps now allows user to only output size of root FS, changed language of images and ps --sort to be by "created" as opposed to "time", and refactored the way templates are created (converted from psJSONParams type).
Signed-off-by: haircommander <pehunt@redhat.com>
Closes: #948
Approved by: rhatdan
podman images will not show intermediate images by default.
To view all images, including intermediate images created during
a build, use the --all flag.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #947
Approved by: rhatdan
Went through the docs and fixed the alignment so they
all match up and look readable when doing 'man podman [command]"
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #943
Approved by: rhatdan
This will add --layers support.
Also add missing information in man pages on podman build features.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #938
Approved by: umohnani8
Until podman build supports caching, their are no intermediary builds,
but people might still use scripts that use the --all option.
Adding this will not hurt anything and could fix scripts.
Also fixed sorting issues in options handling of images
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #896
Approved by: mheon
Also add annotations from the image the container was created
from.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #886
Approved by: rhatdan
Format md files to work properly when converted to man pages.
Add sed command to cleanup table in podman man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #842
Approved by: mheon
We only want root to be allowed to access this socket.
Also move socket to /run/podman directory. This requires
us to drop a podman.conf tmpfiles.d file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #806
Approved by: mheon
Collecting the Podman/libpod specifics in one place allows us use the
hooks documentation which the previous commit made more generic.
The re-ordered SEE ALSO is because [1]:
> The list should be ordered by section number and then alphabetically
> by name.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #772
Approved by: mheon
Currently podman build http://remote.com/Dockerfile does not work.
podman always treats this file as an Archive.
Vendoring in the latest buildah code fixes this issue. Also updated
the man pages to better explain the syntax.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #775
Approved by: TomSweeneyRedHat
document --format|-f in the commit man page. also, improve the error
message when user tries to use -m with the oci image format.
Resolves: 765
Signed-off-by: baude <bbaude@redhat.com>
Closes: #768
Approved by: rhatdan
Fixes a bug where the force bool was being ignored when deleting images
via the varlink interface.
Also, minor fix to the docs to add a line break between methods and types in
the doc index.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #753
Approved by: rhatdan
We have decided to alphabetize things in the API documentation to help users
find things easier. It also solves an issue where when being made, the API.md doc
would remake itself in a different order resulting in massive diffs in the pull
requests but no new content.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #739
Approved by: baude
Using varlink's idl parser, we generate API documentation for the podman
API relying on the .varlink file as the source.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #734
Approved by: baude
file names for podman load, save, export, and import cannot
contain ":" in them. It is a reserved character for parsing
filenames.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #694
Approved by: rhatdan
This fixes an issue where if you did
man -k podman-run
podman-run (1) - (unknown subject)
Now you will see
man -k podman-run
podman-run (1) - Run a command in a new container
More importantly
man -k containers | grep podman
podman (1) - Simple management tool for containers and images
podman-kill (1) - Kills one or more containers with a signal
podman-pause (1) - Pause one or more containers
podman-ps (1) - Prints out information about containers
podman-rm (1) - Remove one or more containers
podman-start (1) - Start one or more containers
podman-stats (1) - Display a live stream of 1 or more containers' resource usage statistics
podman-stop (1) - Stop one or more containers
podman-unpause (1) - Unpause one or more containers
podman-wait (1) - Waits on one or more containers to stop and prints exit code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #676
Approved by: mheon
If a container is already running, and a user asks to start it -a (attach), we should
honor this and attach to the container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #634
Approved by: baude
In the case where podman needs to pull an image, if that registry that the image
resides on is known to be insesure (as defined in /etc/containers/registries.conf),
tls-verify should be altered on the fly.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #626
Approved by: mheon
Format the examples in podman-diff.md better.
The description for --type in the inspect docs was slightly different
from that in the inline help.
Also stated what values to use in the Go template for the --format flag.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #620
Approved by: mheon
podman does not support autorestart. Should use systemd if you
want containers to restart
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #487
Approved by: edsantiago
The progress should not be show for import, load, and commit. It makes machine
parsing of the output much more difficult. Also, each command should output an
image ID or name for the user.
Added a --verbose flag for users that still want to see progress.
Resolves issue #450
Signed-off-by: baude <bbaude@redhat.com>
Closes: #456
Approved by: rhatdan
(minor) One example in the podman-top man page results in an
error when actually invoked:
unable to find PID field in ps output. try a different set of ps arguments
Cause: commit 6cb1c31d (PR #400) has to check PIDs in order to
filter those in the container.
Solution: add 'pid' to the list of requested output fields in
the sample command.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Closes: #457
Approved by: rhatdan
update man page with example outputs. tidy up the man page
where applicable.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #429
Approved by: rhatdan
When trying to tag an alias (tag) of an image using only the shortname
and no tag, we were unable to find the image in storage. This corrects
that issue and adds an integration test to protect against regression. I
also updated the man page per the filed issue.
While writing the integration test, I discovered that inspect could also
not find a tagged image without its :tag.
Resolves Issue #385
Resolves Issue #384
Signed-off-by: baude <bbaude@redhat.com>
Closes: #398
Approved by: mheon
--image-volumes tells podman what to do with the image volumes in the image config
There are 3 options: bind, tmpfs, and ignore
bind puts the volume contents in /var/lib/containers/storage/container-id/volumes/vol-dir
and bind mounts it into the container at /vol-dir
tmpfs mounts /vol-dir as a tmps into the container
ignore doesn't mount the image volumes onto the container
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #377
Approved by: rhatdan
Inspect should be able to inspect one or more containers depending
on the user input. Therefore, inspect output should be in array
format so the consumer could potentially iterate it. This PR allows
users to specify one more or containers|images|or a mix for
inspection. The output, as stated, is therefore in array form. This
holds true even for a singular image.
In the case that the user enters an invalid container|image "name", we
handle that gracefully. Podman will output json for the valid names
until it reaches the invalid one. For example:
In this case, podman will out the json for alpine and then print an
error about 123 being invalid. It will not continute onto busybox.
This behavior imatates docker.
This addresses issue #360
Signed-off-by: baude <bbaude@redhat.com>
Closes: #371
Approved by: baude
When using podman to pull an image, print the image id after
the image is pulled.
Resolves issue #329
Signed-off-by: baude <bbaude@redhat.com>
Closes: #342
Approved by: rhatdan
Changing these fields caused the output of podman inspect to more
closely match docker inspect.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #306
Approved by: mheon
Fix issues with tailing of container logs as described
in issue #16. Also add in the ability to use a duration or
known time stamp formats for the --since flag.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #317
Approved by: mheon
sudo is not required when running as root, and # indicates
that you are already root. $ indicates you are not root.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Made a change to make sure that the output paths of podman inspect
matches that of docker inspect. For example to get the stop signal
you should be able to do podman inspect ctr --format {{.Config.StopSignal}}
and the same thing in docker will give the same results.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #292
Approved by: rhatdan
podman search queries a registry for a matching image and prints
the output.
I added a new flag called "registry" giving the user the option
to search a specific registry if they don't want to search all
their default registries.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #241
Approved by: rhatdan
Issue #169 describes a common failure when running podman top where
if the commands inside the container container a space in them, podman
will panic. This was occuring because we take the output from ps and
attempt to format it nicely for output and things like JSON. Given that
this cannot be predicted or dealt with programatically, the decision was
made to deprecate the format switch and simply output what ps provides
us.
Migrated top integration tests to ginkgo.
Resolves Issue: https://github.com/projectatomic/libpod/issues/169
Signed-off-by: baude <bbaude@redhat.com>
Closes: #291
Approved by: rhatdan
QE found issues with formatting the go template and
the man page was lacking information.
Changed the format of the output to match latest docker.
Add shortID function that returns the truncated ID
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #258
Approved by: rhatdan
podman port reports the port mappings per container. it can be used
to report the ports ofa single container or latest container or all
containers.
in the case of a single container, the user can add an option filter for
port and protocol.
Signed-off-by: baude <bbaude@redhat.com>
podman command has storage options as a global option,
these should be set there, rather then in the create and
run commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #234
Approved by: baude
It is desirable to have a --latest switch on the podman wait
command so we can wait on the latest container created to end.
Also, fixes a panic with latest where no containers are available.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #201
Approved by: baude
It is desirable to have a shortcut for the most
recently created container. We can now use "**latest"
to represent the most recent container instead of its
container ID or name. For example:
Signed-off-by: baude <bbaude@redhat.com>
Closes: #179
Approved by: baude