summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-11-18 16:51:33 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2020-11-19 14:48:10 -0500
commit977094781841f57c82b71e3ccc32dad952a8c0e5 (patch)
tree819a8b0856d3d500c4938efaf5af62b488f34734 /test
parenta18365c908d45a8ee9348c5e32a240a7b9a4091b (diff)
downloadpodman-977094781841f57c82b71e3ccc32dad952a8c0e5.tar.gz
podman-977094781841f57c82b71e3ccc32dad952a8c0e5.tar.bz2
podman-977094781841f57c82b71e3ccc32dad952a8c0e5.zip
Document containers.conf settings for remote connections
Currently we don't document which end of the podman-remote client server operations uses the containers.conf. This PR begins documenting this and then testing to make sure the defaults follow the rules. Fixes: https://github.com/containers/podman/issues/7657 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/config/containers-remote.conf51
-rw-r--r--test/e2e/containers_conf_test.go68
2 files changed, 119 insertions, 0 deletions
diff --git a/test/e2e/config/containers-remote.conf b/test/e2e/config/containers-remote.conf
new file mode 100644
index 000000000..bc9eab951
--- /dev/null
+++ b/test/e2e/config/containers-remote.conf
@@ -0,0 +1,51 @@
+[containers]
+
+# A list of ulimits to be set in containers by default, specified as
+# "<ulimit name>=<soft limit>:<hard limit>", for example:
+# "nofile=1024:2048"
+# See setrlimit(2) for a list of resource names.
+# Any limit not specified here will be inherited from the process launching the
+# container engine.
+# Ulimits has limits for non privileged container engines.
+#
+default_ulimits = [
+ "nofile=100:100",
+]
+
+# Environment variable list for the conmon process; used for passing necessary
+# environment variables to conmon or the runtime.
+#
+env = [
+ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+ "foo=bar1",
+]
+
+# container engines use container separation using MAC(SELinux) labeling.
+# Flag is ignored on label disabled systems.
+#
+label = false
+
+# Size of /dev/shm. Specified as <number><unit>.
+# Unit is optional, values:
+# b (bytes), k (kilobytes), m (megabytes), or g (gigabytes).
+# If the unit is omitted, the system uses bytes.
+#
+shm_size = "202k"
+
+# List of devices. Specified as
+# "<device-on-host>:<device-on-container>:<permissions>", for example:
+# "/dev/sdc:/dev/xvdc:rwm".
+# If it is empty or commented out, only the default devices will be used
+#
+devices = []
+
+default_sysctls = [
+ "net.ipv4.ping_group_range=0 0",
+]
+
+dns_searches=[ "barfoo.com", ]
+dns_servers=[ "4.3.2.1", ]
+
+tz = "America/New_York"
+
+umask = "0022"
diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go
index 1d5be218b..906153c0f 100644
--- a/test/e2e/containers_conf_test.go
+++ b/test/e2e/containers_conf_test.go
@@ -177,6 +177,9 @@ var _ = Describe("Podman run", func() {
}
os.Setenv("CONTAINERS_CONF", conffile)
+ if IsRemote() {
+ podmanTest.RestartRemoteService()
+ }
result := podmanTest.Podman([]string{"run", ALPINE, "ls", tempdir})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
@@ -224,6 +227,17 @@ var _ = Describe("Podman run", func() {
Expect(session.LineInOuputStartsWith("search")).To(BeFalse())
})
+ It("podman run use containers.conf search domain", func() {
+ session := podmanTest.Podman([]string{"run", ALPINE, "cat", "/etc/resolv.conf"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.LineInOuputStartsWith("search")).To(BeTrue())
+ Expect(session.OutputToString()).To(ContainSubstring("foobar.com"))
+
+ Expect(session.OutputToString()).To(ContainSubstring("1.2.3.4"))
+ Expect(session.OutputToString()).To(ContainSubstring("debug"))
+ })
+
It("podman run containers.conf timezone", func() {
//containers.conf timezone set to Pacific/Honolulu
session := podmanTest.Podman([]string{"run", ALPINE, "date", "+'%H %Z'"})
@@ -231,6 +245,7 @@ var _ = Describe("Podman run", func() {
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring("HST"))
})
+
It("podman run containers.conf umask", func() {
//containers.conf umask set to 0002
if !strings.Contains(podmanTest.OCIRuntime, "crun") {
@@ -243,4 +258,57 @@ var _ = Describe("Podman run", func() {
Expect(session.OutputToString()).To(Equal("0002"))
})
+ It("podman-remote test localcontainers.conf versus remote containers.conf", func() {
+ if !IsRemote() {
+ Skip("this test is only for remote")
+ }
+
+ os.Setenv("CONTAINERS_CONF", "config/containers-remote.conf")
+ // Configuration that comes from remote server
+ // env
+ session := podmanTest.Podman([]string{"run", ALPINE, "printenv", "foo"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal("bar"))
+
+ // dns-search, server, options
+ session = podmanTest.Podman([]string{"run", ALPINE, "cat", "/etc/resolv.conf"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.LineInOuputStartsWith("search")).To(BeTrue())
+ Expect(session.OutputToString()).To(ContainSubstring("foobar.com"))
+ Expect(session.OutputToString()).To(ContainSubstring("1.2.3.4"))
+ Expect(session.OutputToString()).To(ContainSubstring("debug"))
+
+ // sysctls
+ session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/proc/sys/net/ipv4/ping_group_range"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring("1000"))
+
+ // shm-size
+ session = podmanTest.Podman([]string{"run", ALPINE, "grep", "shm", "/proc/self/mounts"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring("size=200k"))
+
+ // ulimits
+ session = podmanTest.Podman([]string{"run", "--rm", fedoraMinimal, "ulimit", "-n"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring("500"))
+
+ // Configuration that comes from remote client
+ // Timezone
+ session = podmanTest.Podman([]string{"run", ALPINE, "date", "+'%H %Z'"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring("EST"))
+
+ // Umask
+ session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "sh", "-c", "umask"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal("0022"))
+ })
})