the podman generate systemd command will generate a systemd unit file
based on the attributes of an existing container and user inputs. the
command outputs the unit file to stdout for the user to copy or
redirect. it is enabled for the remote client as well.
users can set a restart policy as well as define a stop timeout
override for the container.
Signed-off-by: baude <bbaude@redhat.com>
When running inside Podman, we get an extra `nodev` mount option.
It doesn't seem to be a bug, more an artifact of running in a
somewhat locked-down container. So instead of checking explicitly
for a set of mount options, just verify the ones we set are
present.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Existing code was not working due to a bash gotcha ('exit'
from a pipeline). It also had unnecessary duplication.
New version is safer; also includes unit tests run under localunit.
Existing invocations of req_env_var replaced via:
$ [ edit setup_environment.sh, move one closing quote to its own line ]
$ perl -ni -e 's/(?<=req_env_var )"(\S+)\s+\$\1"/$1/; if (/req_env_var "$/ .. /^\s*"/) { chomp; s/(?<=\S)\s.*//; if (/^\s*"/) { print "\n" } else { unless (/req_env_var/) { s/^\s+//; print " ";} print;} } else { print }' $(ack -l req_env_var)
$ [ hand-massage an incorrect instance of '@' in lib.sh:ircmsg() ]
Signed-off-by: Ed Santiago <santiago@redhat.com>
We merged #2950 with some nits still remaining, as Giuseppe was
going on PTO. This addresses those small requested changes.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
As part of this, rework the number of workers used by various
Podman tasks to match original behavior - need an explicit
fallthrough in the switch statement for that block to work as
expected.
Also, trivial change to Podman cleanup to work on initialized
containers - we need to reset to a different state after cleaning
up the OCI runtime.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This ensures that all tmpfs mounts added by the user, even with
the --mount flag, share a few common options (nosuid, noexec,
nodev), and options for tmpfs mounts are properly validated to
ensure they are correct.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
As part of this, move bind mount option validity parsing and
modification (adding e.g. rbind on bind mounts that are missing
it), which requires test changes (expected values have changed).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We were unconditionally resetting volume mount options for all
mount points (and by the looks of things, completely dropping
tmpfs mounts), which was causing runc to refuse to run containers
and all the tests to consequently fail.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Several changes made in the interface of pkg/spec make
interacting with it without a runtime difficult to impossible,
so move the existing limited testing from cmd/podman (which
mostly tested pkg/spec) into pkg/spec itself where we can call
individual functions that don't break things.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Unify handling for the --volume, --mount, --volumes-from, --tmpfs
and --init flags into a single file and set of functions. This
will greatly improve readability and maintainability.
Further, properly handle superceding and conflicting mounts. Our
current patchwork has serious issues when mounts conflict, or
when a mount from --volumes-from or an image volume should be
overwritten by a user volume or named volume.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Play kube was passing the pod, but CreateConfig was not. Unify it
so they both do, so we can remove some unnecessary duplicate
lookup code.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The goal here is to keep only the configuration directly used to
build the container in CreateConfig, and scrub temporary state
and helpers that we need to generate. We'll keep those internally
in MakeContainerConfig.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Right now, there are two major API calls necessary to turn a
filled-in CreateConfig into the options and OCI spec necessary to
make a libpod Container. I'm intending on refactoring both of
these extensively to unify a few things, so make a common
frontend to both that will prevent API changes from leaking out
of the package.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
add the port command to the remote client. this allows users to displa
port information about their host system from the remote client
Signed-off-by: baude <bbaude@redhat.com>
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
