diff options
-rw-r--r-- | test/e2e/common_test.go | 1 | ||||
-rw-r--r-- | test/e2e/libpod_suite_remote_test.go | 3 | ||||
-rw-r--r-- | test/e2e/libpod_suite_test.go | 6 | ||||
-rw-r--r-- | test/e2e/libpod_suite_varlink_test.go | 3 | ||||
-rw-r--r-- | test/e2e/run_test.go | 103 | ||||
-rw-r--r-- | test/system/010-images.bats | 47 | ||||
-rw-r--r-- | test/system/060-mount.bats | 30 | ||||
-rw-r--r-- | test/system/200-pod.bats | 31 | ||||
-rw-r--r-- | test/system/500-networking.bats | 29 | ||||
-rwxr-xr-x | test/system/build-testimage | 44 | ||||
-rw-r--r-- | test/system/helpers.bash | 31 |
11 files changed, 256 insertions, 72 deletions
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 2ce3f9760..1943020c3 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -39,6 +39,7 @@ var ( ARTIFACT_DIR = "/tmp/.artifacts" RESTORE_IMAGES = []string{ALPINE, BB, nginx} defaultWaitTimeout = 90 + CGROUPSV2, _ = cgroups.IsCgroup2UnifiedMode() ) // PodmanTestIntegration struct for command line options diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go index c7e667b57..0a0b2799b 100644 --- a/test/e2e/libpod_suite_remote_test.go +++ b/test/e2e/libpod_suite_remote_test.go @@ -27,6 +27,9 @@ func SkipIfRemote(reason string) { ginkgo.Skip("[remote]: " + reason) } +func SkipIfRootlessCgroupsV1() { +} + func SkipIfRootless() { if os.Geteuid() != 0 { ginkgo.Skip("This function is not enabled for rootless podman") diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go index d6e0789eb..00d066fea 100644 --- a/test/e2e/libpod_suite_test.go +++ b/test/e2e/libpod_suite_test.go @@ -19,6 +19,12 @@ func IsRemote() bool { func SkipIfRemote(string) { } +func SkipIfRootlessCgroupsV1() { + if os.Geteuid() != 0 && !CGROUPSV2 { + Skip("Rooless requires cgroupsV2 to set limits") + } +} + func SkipIfRootless() { if os.Geteuid() != 0 { Skip("This function is not enabled for rootless podman") diff --git a/test/e2e/libpod_suite_varlink_test.go b/test/e2e/libpod_suite_varlink_test.go index 903e92647..f901cbec9 100644 --- a/test/e2e/libpod_suite_varlink_test.go +++ b/test/e2e/libpod_suite_varlink_test.go @@ -23,6 +23,9 @@ func IsRemote() bool { return true } +func SkipIfRootlessCgroupsV1() { +} + func SkipIfRemote(reason string) { ginkgo.Skip("[remote]: " + reason) } diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index c8655dcad..0bb3fe772 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -11,7 +11,6 @@ import ( "syscall" "time" - "github.com/containers/podman/v2/pkg/cgroups" . "github.com/containers/podman/v2/test/utils" "github.com/containers/storage/pkg/stringid" "github.com/mrunalp/fileutils" @@ -50,7 +49,6 @@ var _ = Describe("Podman run", func() { }) It("podman run a container based on a complex local image name", func() { - SkipIfRootless() imageName := strings.TrimPrefix(nginx, "quay.io/") session := podmanTest.Podman([]string{"run", imageName, "ls"}) session.WaitWithDefaultTimeout() @@ -311,12 +309,15 @@ USER bin` }) It("podman run limits test", func() { - SkipIfRootless() - session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) - session.WaitWithDefaultTimeout() - Expect(session.ExitCode()).To(Equal(0)) + SkipIfRootlessCgroupsV1() + + if !isRootless() { + session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + } - session = podmanTest.Podman([]string{"run", "--rm", "--ulimit", "nofile=2048:2048", fedoraMinimal, "ulimit", "-n"}) + session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "nofile=2048:2048", fedoraMinimal, "ulimit", "-n"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("2048")) @@ -326,10 +327,7 @@ USER bin` Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("1024")) - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if !cgroupsv2 { + if !CGROUPSV2 { // --oom-kill-disable not supported on cgroups v2. session = podmanTest.Podman([]string{"run", "--rm", "--oom-kill-disable=true", fedoraMinimal, "echo", "memory-hog"}) session.WaitWithDefaultTimeout() @@ -370,7 +368,7 @@ USER bin` }) It("podman run sysctl test", func() { - SkipIfRootless() + SkipIfRootless() // Network sysclts are not avalable root rootless session := podmanTest.Podman([]string{"run", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -378,17 +376,15 @@ USER bin` }) It("podman run blkio-weight test", func() { - SkipIfRootless() - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - - if !cgroupsv2 { + SkipIfRootless() // FIXME: This is blowing up because of no /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control file + // SkipIfRootlessCgroupsV1() + if !CGROUPSV2 { if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) { Skip("Kernel does not support blkio.weight") } } - if cgroupsv2 { + if CGROUPSV2 { // convert linearly from [10-1000] to [1-10000] session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.bfq.weight"}) session.WaitWithDefaultTimeout() @@ -403,14 +399,11 @@ USER bin` }) It("podman run device-read-bps test", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - + SkipIfRootless() // FIXME: Missing /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control + SkipIfRootlessCgroupsV1() var session *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) } else { session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"}) @@ -418,40 +411,34 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 Expect(session.OutputToString()).To(ContainSubstring("1048576")) } }) It("podman run device-write-bps test", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - + SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist + SkipIfRootlessCgroupsV1() var session *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) } else { session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_bps_device"}) } session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 Expect(session.OutputToString()).To(ContainSubstring("1048576")) } }) It("podman run device-read-iops test", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - + SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist + SkipIfRootlessCgroupsV1() var session *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) } else { session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_iops_device"}) @@ -459,20 +446,17 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 Expect(session.OutputToString()).To(ContainSubstring("100")) } }) It("podman run device-write-iops test", func() { - SkipIfRootless() - - cgroupsv2, err := cgroups.IsCgroup2UnifiedMode() - Expect(err).To(BeNil()) - + SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist + SkipIfRootlessCgroupsV1() var session *PodmanSessionIntegration - if cgroupsv2 { + if CGROUPSV2 { session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) } else { session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_iops_device"}) @@ -480,7 +464,7 @@ USER bin` session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 + if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2 Expect(session.OutputToString()).To(ContainSubstring("100")) } }) @@ -586,7 +570,7 @@ USER bin` }) It("podman run with FIPS mode secrets", func() { - SkipIfRootless() + SkipIfRootless() // rootless can not manipulate system-fips file fipsFile := "/etc/system-fips" err = ioutil.WriteFile(fipsFile, []byte{}, 0755) Expect(err).To(BeNil()) @@ -601,27 +585,24 @@ USER bin` }) It("podman run without group-add", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)")) + Expect(session.LineInOutputContains("27(video),777,65533(nogroup)")).To(BeFalse()) }) It("podman run with group-add", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--group-add=audio", "--group-add=nogroup", "--group-add=777", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),18(audio),20(dialout),26(tape),27(video),777,65533(nogroup)")) + Expect(session.LineInOutputContains("777,65533(nogroup)")).To(BeTrue()) }) It("podman run with user (default)", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)")) + Expect(session.LineInOutputContains("uid=0(root) gid=0(root)")).To(BeTrue()) }) It("podman run with user (integer, not in /etc/passwd)", func() { @@ -632,19 +613,17 @@ USER bin` }) It("podman run with user (integer, in /etc/passwd)", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--user=8", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)")) + Expect(session.LineInOutputContains("uid=8(mail) gid=12(mail)")).To(BeTrue()) }) It("podman run with user (username)", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--rm", "--user=mail", ALPINE, "id"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)")) + Expect(session.LineInOutputContains("uid=8(mail) gid=12(mail)")).To(BeTrue()) }) It("podman run with user:group (username:integer)", func() { @@ -910,7 +889,7 @@ USER mail` }) It("podman run --mount type=bind,bind-nonrecursive", func() { - SkipIfRootless() + SkipIfRootless() // rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug? session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -918,7 +897,6 @@ USER mail` }) It("podman run --mount type=devpts,target=/foo/bar", func() { - SkipIfRootless() session := podmanTest.Podman([]string{"run", "--mount", "type=devpts,target=/foo/bar", fedoraMinimal, "stat", "-f", "-c%T", "/foo/bar"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -1071,7 +1049,8 @@ USER mail` }) It("podman run with cgroups=disabled runs without cgroups", func() { - SkipIfRootless() + SkipIfRootless() // FIXME: I believe this should work but need to fix this test + SkipIfRootlessCgroupsV1() // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1103,7 +1082,7 @@ USER mail` }) It("podman run with cgroups=enabled makes cgroups", func() { - SkipIfRootless() + SkipIfRootlessCgroupsV1() // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") @@ -1146,7 +1125,7 @@ USER mail` }) It("podman run --device-cgroup-rule", func() { - SkipIfRootless() + SkipIfRootless() // rootless users are not allowed to mknod deviceCgroupRule := "c 42:* rwm" session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"}) session.WaitWithDefaultTimeout() diff --git a/test/system/010-images.bats b/test/system/010-images.bats index c0a8936e3..ac65e54d9 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -112,4 +112,51 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rm mytinycontainer } +# Regression test for https://github.com/containers/podman/issues/7651 +# in which "podman pull image-with-sha" causes "images -a" to crash +@test "podman images -a, after pulling by sha " { + # Get a baseline for 'images -a' + run_podman images -a + local images_baseline="$output" + + # Get the digest of our local test image. We need to do this in two steps + # because 'podman inspect' only works reliably on *IMAGE ID*, not name. + # See https://github.com/containers/podman/issues/3761 + run_podman inspect --format '{{.Id}}' $IMAGE + local iid="$output" + run_podman inspect --format '{{.Digest}}' $iid + local sha="$output" + + local imgbase="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/${PODMAN_TEST_IMAGE_NAME}" + local fqin="${imgbase}@$sha" + + # This will always pull, because even though it's the same image we + # already have, podman doesn't actually know that. + run_podman pull $fqin + is "$output" "Trying to pull ${fqin}\.\.\..*" "output of podman pull" + + # Prior to #7654, this would crash and burn. Now podman recognizes it + # as the same image and, even though it internally tags it with the + # sha, still only shows us one image (which should be our baseline) + # + # WARNING! If this test fails, we're going to see a lot of failures + # in subsequent tests due to 'podman ps' showing the '@sha' tag! + # I choose not to add a complicated teardown() (with 'rmi @sha') + # because the failure window here is small, and if it fails it + # needs attention anyway. So if you see lots of failures, but + # start here because this is the first one, fix this problem. + # You can (probably) ignore any subsequent failures showing '@sha' + # in the error output. + run_podman images -a + is "$output" "$images_baseline" "images -a, after pull: same as before" + + # Clean up: this should simply untag, not remove + run_podman rmi $fqin + is "$output" "Untagged: $fqin" "podman rmi untags, does not remove" + + # ...and now we should still have our same image. + run_podman images -a + is "$output" "$images_baseline" "after podman rmi @sha, still the same" +} + # vim: filetype=sh diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index d98a3eeb1..75c88e4ad 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -35,4 +35,34 @@ load helpers fi } + +@test "podman image mount" { + skip_if_remote "mounting remote is meaningless" + skip_if_rootless "too hard to test rootless" + + # Start with clean slate + run_podman image umount -a + + run_podman image mount $IMAGE + mount_path="$output" + + test -d $mount_path + + # Image is custom-built and has a file containing the YMD tag. Check it. + testimage_file="/home/podman/testimage-id" + test -e "$mount_path$testimage_file" + is $(< "$mount_path$testimage_file") "$PODMAN_TEST_IMAGE_TAG" \ + "Contents of $testimage_file in image" + + # 'image mount', no args, tells us what's mounted + run_podman image mount + is "$output" "$IMAGE $mount_path" "podman image mount with no args" + + # Clean up + run_podman image umount $IMAGE + + run_podman image mount + is "$output" "" "podman image mount, no args, after umount" +} + # vim: filetype=sh diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 7189d7e4b..2ae038dfe 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -173,6 +173,19 @@ function random_ip() { # FIXME: --ip=$ip fails: # Error adding network: failed to allocate all requested IPs local mac_option="--mac-address=$mac" + + # Create a custom image so we can test --infra-image and -command. + # It will have a randomly generated infra command, using the + # existing 'pause' script in our testimage. We assign a bogus + # entrypoint to confirm that --infra-command will override. + local infra_image="infra_$(random_string 10 | tr A-Z a-z)" + local infra_command="/pause_$(random_string 10)" + run_podman build -t $infra_image - << EOF +FROM $IMAGE +RUN ln /home/podman/pause $infra_command +ENTRYPOINT ["/original-entrypoint-should-be-overridden"] +EOF + if is_rootless; then mac_option= fi @@ -185,12 +198,21 @@ function random_ip() { --dns-search "$dns_search" \ --dns-opt "$dns_opt" \ --publish "$port_out:$port_in" \ - --label "${labelname}=${labelvalue}" + --label "${labelname}=${labelvalue}" \ + --infra-image "$infra_image" \ + --infra-command "$infra_command" pod_id="$output" # Check --pod-id-file is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file" + # Get ID of infra container + run_podman pod inspect --format '{{(index .Containers 0).ID}}' mypod + local infra_cid="$output" + # confirm that entrypoint is what we set + run_podman container inspect --format '{{.Config.Entrypoint}}' $infra_cid + is "$output" "$infra_command" "infra-command took effect" + # Check each of the options if [ -n "$mac_option" ]; then run_podman run --rm --pod mypod $IMAGE ip link show @@ -249,9 +271,16 @@ function random_ip() { run_podman logs $cid is "$output" "$teststring" "test string received on container" + # Finally, confirm the infra-container and -command. We run this late, + # not at pod creation, to give the infra container time to start & log. + run_podman logs $infra_cid + is "$output" "Confirmed: testimage pause invoked as $infra_command" \ + "pod ran with our desired infra container + command" + # Clean up run_podman rm $cid run_podman pod rm -f mypod + run_podman rmi $infra_image } # vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 39de8ad54..d2454fbf4 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -80,4 +80,33 @@ load helpers run_podman rm $cid } +# "network create" now works rootless, with the help of a special container +@test "podman network create" { + local mynetname=testnet-$(random_string 10) + local mysubnet=$(random_rfc1918_subnet) + + run_podman network create --subnet "${mysubnet}.0/24" $mynetname + is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'" + + # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky + run_podman run --rm --network $mynetname $IMAGE ip a + is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ + "sdfsdf" + + # Cannot create network with the same name + run_podman 125 network create $mynetname + is "$output" "Error: the network name $mynetname is already used" \ + "Trying to create an already-existing network" + + run_podman network rm $mynetname + run_podman 125 network rm $mynetname + + # rootless CNI leaves behind an image pulled by SHA, hence with no tag. + # Remove it if present; we can only remove it by ID. + run_podman images --format '{{.Id}}' rootless-cni-infra + if [ -n "$output" ]; then + run_podman rmi $output + fi +} + # vim: filetype=sh diff --git a/test/system/build-testimage b/test/system/build-testimage index 64aa46337..ef14d3afd 100755 --- a/test/system/build-testimage +++ b/test/system/build-testimage @@ -26,23 +26,51 @@ create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ') set -ex +# We'll need to create a Containerfile plus various other files to add in +# # Please document the reason for all flags, apk's, and anything non-obvious +tmpdir=$(mktemp -t -d $(basename $0).tmp.XXXXXXX) +cd $tmpdir + +# 'image mount' test will confirm that this file exists and has our YMD tag +echo $YMD >testimage-id + +# 'pod' test will use this for --infra-command +cat >pause <<EOF +#!/bin/sh # -# --squash-all : needed by 'tree' test in 070-build.bats -# busybox-extras : provides httpd needed in 500-networking.bats +# Trivial little pause script, used in one of the pod tests # -podman rmi -f testimage &> /dev/null || true -podman build --squash-all -t testimage - <<EOF +echo Confirmed: testimage pause invoked as \$0 +while :; do + sleep 0.1 +done +EOF +chmod 755 pause + +# alpine because it's small and light and reliable +# busybox-extras provides httpd needed in 500-networking.bats +cat >Containerfile <<EOF FROM docker.io/library/alpine:3.12.0 RUN apk add busybox-extras +ADD testimage-id pause /home/podman/ LABEL created_by=$create_script LABEL created_at=$create_time_z +WORKDIR /home/podman CMD ["/bin/echo", "This container is intended for podman CI testing"] EOF +# --squash-all : needed by 'tree' test in 070-build.bats +podman rmi -f testimage &> /dev/null || true +podman build --squash-all -t testimage . + +# Clean up +cd /tmp +rm -rf $tmpdir + # Tag and push to quay. -podman tag testimage quay.io/edsantiago/testimage:$YMD -podman push quay.io/edsantiago/testimage:$YMD +podman tag testimage quay.io/libpod/testimage:$YMD +podman push quay.io/libpod/testimage:$YMD # Side note: there should always be a testimage tagged ':00000000' # (eight zeroes) in the same location; this is used by tests which @@ -54,6 +82,6 @@ podman push quay.io/edsantiago/testimage:$YMD # # podman pull docker.io/library/busybox:1.32.0 # podman tag docker.io/library/busybox:1.32.0 \ -# quay.io/edsantiago/testimage:00000000 -# podman push quay.io/edsantiago/testimage:00000000 +# quay.io/libpod/testimage:00000000 +# podman push quay.io/libpod/testimage:00000000 # diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 112b73962..78571901d 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -7,7 +7,7 @@ PODMAN=${PODMAN:-podman} PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"} PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} -PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200902"} +PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200917"} PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG" # Because who wants to spell that out each time? @@ -402,6 +402,35 @@ function random_string() { } +########################### +# random_rfc1918_subnet # +########################### +# +# Use the class B set, because much of our CI environment (Google, RH) +# already uses up much of the class A, and it's really hard to test +# if a block is in use. +# +# This returns THREE OCTETS! It is up to our caller to append .0/24, .255, &c. +# +function random_rfc1918_subnet() { + local retries=1024 + + while [ "$retries" -gt 0 ];do + local cidr=172.$(( 16 + $RANDOM % 16 )).$(( $RANDOM & 255 )) + + in_use=$(ip route list | fgrep $cidr) + if [ -z "$in_use" ]; then + echo "$cidr" + return + fi + + retries=$(( retries - 1 )) + done + + die "Could not find a random not-in-use rfc1918 subnet" +} + + ######################### # find_exec_pid_files # Returns nothing or exec_pid hash files ######################### |