summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml169
-rw-r--r--cmd/podman/service.go1
-rw-r--r--contrib/cirrus/README.md35
-rwxr-xr-xcontrib/cirrus/integration_test.sh26
-rw-r--r--contrib/cirrus/lib.sh24
-rwxr-xr-xcontrib/cirrus/logcollector.sh1
-rw-r--r--contrib/cirrus/packer/Makefile11
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh176
-rw-r--r--contrib/cirrus/packer/image-builder-image_base-setup.sh6
-rw-r--r--contrib/cirrus/packer/libpod_base_images.yml12
-rw-r--r--contrib/cirrus/packer/libpod_images.yml9
-rw-r--r--contrib/cirrus/packer/ubuntu_setup.sh4
-rwxr-xr-xcontrib/cirrus/setup_environment.sh27
-rw-r--r--contrib/spec/podman.spec.in5
-rw-r--r--libpod/container_inspect.go100
-rw-r--r--libpod/networking_linux.go118
-rw-r--r--libpod/networking_unsupported.go4
-rw-r--r--pkg/api/server/server.go49
-rw-r--r--pkg/bindings/test/containers_test.go12
-rw-r--r--pkg/rootless/rootless_linux.c51
-rw-r--r--pkg/rootless/rootless_linux.go2
-rw-r--r--pkg/spec/namespaces.go2
-rw-r--r--pkg/specgen/namespaces.go2
-rw-r--r--test/apiv2/01-basic.at15
-rw-r--r--test/apiv2/40-pods.at26
-rwxr-xr-xtest/apiv2/test-apiv22
-rw-r--r--test/e2e/network_test.go80
-rw-r--r--test/e2e/run_memory_test.go6
-rw-r--r--test/e2e/run_networking_test.go11
-rw-r--r--test/e2e/run_staticip_test.go16
-rw-r--r--test/e2e/run_test.go16
-rw-r--r--test/e2e/search_test.go31
-rw-r--r--test/system/130-kill.bats27
33 files changed, 667 insertions, 409 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index 53b406804..371f902c2 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -30,10 +30,9 @@ env:
####
#### Cache-image names to test with (double-quotes around names are critical)
###
- _BUILT_IMAGE_SUFFIX: "libpod-5642998972416000"
- FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
+ _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
- SPECIAL_FEDORA_CACHE_IMAGE_NAME: "xfedora-30-${_BUILT_IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}"
PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
@@ -143,11 +142,16 @@ gating_task:
on_failure:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
+
# This task checks to make sure that we can still build an rpm from the
# source code using contrib/rpm/podman.spec.in
rpmbuild_task:
- only_if: $CIRRUS_BRANCH != $DEST_BRANCH
+ only_if: >-
+ $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
+ $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' &&
+ $CIRRUS_BRANCH != $DEST_BRANCH
+
depends_on:
- "gating"
env:
@@ -246,12 +250,8 @@ build_each_commit_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
gce_instance:
- image_project: "libpod-218412"
- zone: "us-central1-a" # Required by Cirrus for the time being
cpu: 8
memory: "8Gb"
- disk: 200
- image_name: "${FEDORA_CACHE_IMAGE_NAME}"
timeout_in: 30m
@@ -279,12 +279,8 @@ build_without_cgo_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
gce_instance:
- image_project: "libpod-218412"
- zone: "us-central1-a" # Required by Cirrus for the time being
cpu: 8
memory: "8Gb"
- disk: 200
- image_name: "${FEDORA_CACHE_IMAGE_NAME}"
timeout_in: 30m
@@ -317,7 +313,6 @@ meta_task:
IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME}
- ${SPECIAL_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME}
${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
${IMAGE_BUILDER_CACHE_IMAGE_NAME}
@@ -377,8 +372,7 @@ testing_task:
gce_instance:
matrix:
- # Images are generated separately, from build_images_task (below)
- #image_name: "${FEDORA_CACHE_IMAGE_NAME}"
+ image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
# Multiple test failures on Ubuntu 19 - Fixes TBD in future PR
# TODO: image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
@@ -416,6 +410,7 @@ testing_task:
audit_log_script: '$SCRIPT_BASE/logcollector.sh audit'
journal_script: '$SCRIPT_BASE/logcollector.sh journal'
varlink_script: '$SCRIPT_BASE/logcollector.sh varlink'
+ podman_system_info_script: '$SCRIPT_BASE/logcollector.sh podman'
# This task executes tests under unique environments/conditions
@@ -466,9 +461,20 @@ special_testing_in_podman_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
+ gce_instance:
+ matrix:
+ # FIXME: Integration testing currently broken for F31 hosts
+ # Error: container_linux.go:345: starting container process caused "process_linux.go:281: applying cgroup configuration for process caused \"mountpoint for cgroup not found\"": OCI runtime error
+ # image_name: "${FEDORA_CACHE_IMAGE_NAME}"
+ image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
+
env:
ADD_SECOND_PARTITION: true
SPECIALMODE: 'in_podman' # See docs
+ # TODO: Support both runc and crun (cgroups v1 and v2 container images)
+ # matrix:
+ # IN_PODMAN_IMAGE: "quay.io/libpod/in_podman:latest"
+ # IN_PODMAN_IMAGE: "quay.io/libpod/in_podman_cgv2:latest"
timeout_in: 60m
@@ -519,39 +525,6 @@ special_testing_cross_task:
type: "application/octet-stream"
-special_testing_cgroupv2_task:
-
- depends_on:
- - "gating"
- - "varlink_api"
- - "vendor"
-
- only_if: >-
- $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
- $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
-
- gce_instance:
- image_name: "${SPECIAL_FEDORA_CACHE_IMAGE_NAME}"
-
- env:
- SPECIALMODE: 'cgroupv2' # See docs
- matrix:
- TEST_REMOTE_CLIENT: true
- TEST_REMOTE_CLIENT: false
-
- timeout_in: 120m
-
- networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh'
- setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
- integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
-
- on_failure:
- failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
-
- always:
- <<: *standardlogs
-
-
special_testing_bindings_task:
depends_on:
@@ -577,6 +550,7 @@ special_testing_bindings_task:
always:
<<: *standardlogs
+
special_testing_endpoint_task:
depends_on:
@@ -603,22 +577,6 @@ special_testing_endpoint_task:
<<: *standardlogs
-test_building_snap_task:
-
- depends_on:
- - "gating"
-
- only_if: >-
- $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
- $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
-
- container:
- image: yakshaveinc/snapcraft:core18
- snapcraft_script:
- - 'apt-get -y update'
- - 'cd contrib/snapcraft && snapcraft'
-
-
# Test building of new cache-images for future PR testing, in this PR.
test_build_cache_images_task:
@@ -677,12 +635,13 @@ verify_test_built_images_task:
matrix:
# Required env. var. by check_image_script
PACKER_BUILDER_NAME: "fedora-30"
- #PACKER_BUILDER_NAME: "fedora-31"
- PACKER_BUILDER_NAME: "xfedora-30"
+ PACKER_BUILDER_NAME: "fedora-31"
PACKER_BUILDER_NAME: "ubuntu-18"
- # TODO support $UBUNTU_CACHE_IMAGE_NAME: PACKER_BUILDER_NAME: "ubuntu-19"
+ # Multiple test failures on ${UBUNTU_CACHE_IMAGE_NAME}
+ # PACKER_BUILDER_NAME: "ubuntu-19"
networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh'
+ installed_packages_script: '$SCRIPT_BASE/logcollector.sh packages'
environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
# Verify expectations once per image
check_image_script: >-
@@ -691,44 +650,60 @@ verify_test_built_images_task:
# Note: A truncated form of normal testing. It only needs to confirm new images
# "probably" work. A full round of testing will happen again after $*_CACHE_IMAGE_NAME
# are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***').
- integration_test_script: >-
- [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
- $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}
+ integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
build_release_script: '$SCRIPT_BASE/build_release.sh |& ${TIMESTAMP}'
- system_test_script: >-
- [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
- $SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}
+ system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}'
always:
<<: *standardlogs
- #upload_snap_task:
- # only_if: >-
- # $CIRRUS_BRANCH != $DEST_BRANCH &&
- # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
- # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
- #
- # # Only when PR or branch is merged into master
- #
- # depends_on:
- # - "test_building_snap"
- #
- # container:
- # image: yakshaveinc/snapcraft:core18
- #
- # env:
- # SNAPCRAFT_LOGIN: ENCRYPTED[d8e82eb31c6372fec07f405f413d57806026b1a9f8400033531ebcd54d6750a5e4a8b1f68e3ec65c98c65e0d9b2a6a75]
- # snapcraft_login_file:
- # path: /root/.snapcraft/login.cfg
- # variable_name: SNAPCRAFT_LOGIN
- # snapcraft_script:
- # - 'apt-get -y update'
- # - 'snapcraft login --with "/root/.snapcraft/login.cfg"'
- # - 'cd contrib/snapcraft && snapcraft && snapcraft push *.snap --release edge'
+
+#test_building_snap_task:
+#
+# depends_on:
+# - "gating"
+#
+# only_if: >-
+# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
+# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
+#
+# container:
+# image: yakshaveinc/snapcraft:core18
+# snapcraft_script:
+# - 'apt-get -y update'
+# - 'cd contrib/snapcraft && snapcraft'
+#
+#
+#upload_snap_task:
+# only_if: >-
+# $CIRRUS_BRANCH != $DEST_BRANCH &&
+# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
+# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
+#
+# # Only when PR or branch is merged into master
+#
+# depends_on:
+# - "test_building_snap"
+#
+# container:
+# image: yakshaveinc/snapcraft:core18
+#
+# env:
+# SNAPCRAFT_LOGIN: ENCRYPTED[d8e82eb31c6372fec07f405f413d57806026b1a9f8400033531ebcd54d6750a5e4a8b1f68e3ec65c98c65e0d9b2a6a75]
+# snapcraft_login_file:
+# path: /root/.snapcraft/login.cfg
+# variable_name: SNAPCRAFT_LOGIN
+# snapcraft_script:
+# - 'apt-get -y update'
+# - 'snapcraft login --with "/root/.snapcraft/login.cfg"'
+# - 'cd contrib/snapcraft && snapcraft && snapcraft push *.snap --release edge'
docs_task:
+ # Don't run this when building/testing new VM images
+ only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*'
+
depends_on:
- "gating"
@@ -757,12 +732,10 @@ success_task:
- "rpmbuild"
- "special_testing_rootless"
- "special_testing_in_podman"
- - "special_testing_cgroupv2"
- "special_testing_cross"
- "special_testing_endpoint"
- "special_testing_bindings"
- "test_build_cache_images"
- - "test_building_snap"
- "verify_test_built_images"
- "docs"
diff --git a/cmd/podman/service.go b/cmd/podman/service.go
index 3e0ff927f..7606e3009 100644
--- a/cmd/podman/service.go
+++ b/cmd/podman/service.go
@@ -143,7 +143,6 @@ func runREST(r *libpod.Runtime, uri string, timeout time.Duration) error {
if err != nil {
return errors.Wrapf(err, "unable to create socket %s", uri)
}
- defer l.Close()
listener = &l
}
server, err := api.NewServerWithSettings(r, timeout, listener)
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md
index 49f713a8f..3789965d6 100644
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@@ -216,10 +216,10 @@ the ``cache_images`` Task) some input parameters are required:
to limit the base-images produced. For example,
``PACKER_BUILDS=fedora,image-builder-image``.
-If there is an existing 'image-builder-image' within GCE, it may be utilized
-to produce base-images (in addition to cache-images). However it must be
-created with support for nested-virtualization, and with elevated cloud
-privileges (to access GCE, from within the GCE VM). For example:
+If there is no existing 'image-builder-image' within GCE, a new
+one may be bootstrapped by creating a CentOS 7 VM with support for
+nested-virtualization, and with elevated cloud privileges (to access
+GCE, from within the GCE VM). For example:
```
$ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID
@@ -229,34 +229,33 @@ $ URL=https://www.googleapis.com/auth
$ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control
# The --min-cpu-platform is critical for nested-virt.
-$ pgcloud compute instances create $USER-making-images \
- --image-family image-builder-image \
+$ pgcloud compute instances create $USER-image-builder \
+ --image-family centos-7 \
--boot-disk-size "200GB" \
--min-cpu-platform "Intel Haswell" \
--machine-type n1-standard-2 \
--scopes $SCOPES
```
-Alternatively, if there is no image-builder-image available yet, a bare-metal
-CentOS 7 machine with network access to GCE is required. Software dependencies
-can be obtained from the ``packer/image-builder-image_base_setup.sh`` script.
+Then from that VM, execute the
+``contrib/cirrus/packer/image-builder-image_base_setup.sh`` script.
+Shutdown the VM, and convert it into a new image-builder-image.
-In both cases, the following can be used to setup and build base-images.
+Building new base images is done by first creating a VM from an
+image-builder-image and copying the credentials json file to it.
```
-$ IP_ADDRESS=1.2.3.4 # EXTERNAL_IP from command output above
-$ rsync -av $PWD centos@$IP_ADDRESS:.
-$ scp $GOOGLE_APPLICATION_CREDENTIALS centos@$IP_ADDRESS:.
-$ ssh centos@$IP_ADDRESS
-...
+$ hack/get_ci_vm.sh image-builder-image-1541772081
+...in another terminal...
+$ pgcloud compute scp /path/to/gac.json $USER-image-builder-image-1541772081:.
```
-When ready, change to the ``packer`` sub-directory, and build the images:
+Then, on the VM, change to the ``packer`` sub-directory, and build the images:
```
$ cd libpod/contrib/cirrus/packer
$ make libpod_base_images GCP_PROJECT_ID=<VALUE> \
- GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \
+ GOOGLE_APPLICATION_CREDENTIALS=/path/to/gac.json \
PACKER_BUILDS=<OPTIONAL>
```
@@ -283,7 +282,5 @@ values follows:
* `rootless`: Causes a random, ordinary user account to be created
and utilized for testing.
* `in_podman`: Causes testing to occur within a container executed by
- Podman on the host.
-* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
* `windows`: See **darwin**
* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.
diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index 9fd79ab18..d5e6ec884 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -16,6 +16,16 @@ fi
cd "$GOSRC"
+# Transition workaround: runc is still the default for upstream development
+handle_crun() {
+ # For systems with crun installed, assume CgroupsV2 and use it
+ if type -P crun &> /dev/null
+ then
+ warn "Replacing runc -> crun in libpod.conf"
+ sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' /usr/share/containers/libpod.conf
+ fi
+}
+
case "$SPECIALMODE" in
in_podman)
${CONTAINER_RUNTIME} run --rm --privileged --net=host \
@@ -36,32 +46,24 @@ case "$SPECIALMODE" in
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
-o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
;;
- cgroupv2)
- setenforce 0
- dnf install -y crun
- export OCI_RUNTIME=/usr/bin/crun
- make
- make install PREFIX=/usr ETCDIR=/etc
- make install.config PREFIX=/usr
- make test-binaries
- make local${TESTSUITE}
- ;;
endpoint)
make
make install PREFIX=/usr ETCDIR=/etc
+ #handle_crun
make test-binaries
make endpoint
;;
bindings)
- make
+ make
make install PREFIX=/usr ETCDIR=/etc
- cd pkg/bindings/test && ginkgo -r
+ cd pkg/bindings/test && ginkgo -r
;;
none)
make
make install PREFIX=/usr ETCDIR=/etc
make install.config PREFIX=/usr
make test-binaries
+ handle_crun
if [[ "$TEST_REMOTE_CLIENT" == "true" ]]
then
make remote${TESTSUITE} VARLINK_LOG=$VARLINK_LOG
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 1e237085f..71ad67c74 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -7,10 +7,10 @@
source /etc/environment # not always loaded under all circumstances
# Under some contexts these values are not set, make sure they are.
-USER="$(whoami)"
-HOME="$(getent passwd $USER | cut -d : -f 6)"
-[[ -n "$UID" ]] || UID=$(getent passwd $USER | cut -d : -f 3)
-GID=$(getent passwd $USER | cut -d : -f 4)
+export USER="$(whoami)"
+export HOME="$(getent passwd $USER | cut -d : -f 6)"
+[[ -n "$UID" ]] || export UID=$(getent passwd $USER | cut -d : -f 3)
+export GID=$(getent passwd $USER | cut -d : -f 4)
# Essential default paths, many are overridden when executing under Cirrus-CI
export GOPATH="${GOPATH:-/var/tmp/go}"
@@ -59,13 +59,13 @@ PACKER_VER="1.4.2"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
# Base-images rarely change, define them here so they're out of the way.
-export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}"
-# Google-maintained base-image names
+export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}"
+# Manually produced base-image names (see $SCRIPT_BASE/README.md)
export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
-export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245"
+export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410"
+export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
# IN_PODMAN container image
IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@@ -79,8 +79,8 @@ SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes"
# Regex that finds enabled periodic apt configuration items
PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;'
# Short-cuts for retrying/timeout calls
-LILTO="timeout_attempt_delay_command 24s 5 30s"
-BIGTO="timeout_attempt_delay_command 300s 5 30s"
+LILTO="timeout_attempt_delay_command 120s 5 30s"
+BIGTO="timeout_attempt_delay_command 300s 5 60s"
# Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately)
ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)'
@@ -178,8 +178,7 @@ die() {
}
warn() {
- echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr
- echo ${1:-1} > /dev/stdout
+ echo ">>>>> ${1:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr
}
bad_os_id_ver() {
@@ -456,7 +455,6 @@ _finalize() {
echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS"
fi
echo "Re-initializing so next boot does 'first-boot' setup again."
- sudo history -c
cd /
sudo rm -rf /var/lib/cloud/instanc*
sudo rm -rf /root/.ssh/*
diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh
index 17f5eb099..1769e9362 100755
--- a/contrib/cirrus/logcollector.sh
+++ b/contrib/cirrus/logcollector.sh
@@ -32,6 +32,7 @@ case $1 in
df) showrun df -lhTx tmpfs ;;
ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;;
journal) showrun journalctl -b ;;
+ podman) showrun podman system info ;;
varlink)
if [[ "$TEST_REMOTE_CLIENT" == "true" ]]
then
diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index fa87d7019..a911cafdb 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -1,9 +1,4 @@
-
-# N/B: PACKER_BUILDS variable is required. Should contain CSV of
-# builder name(s) from applicable YAML file,
-# e.g for names see libpod_images.yml
-
-PACKER_VER ?= 1.4.2
+PACKER_VER ?= 1.4.3
GOARCH=$(shell go env GOARCH)
ARCH=$(uname -m)
PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip
@@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer
.PHONY: libpod_images
libpod_images: guard-PACKER_BUILDS libpod_images.json packer
- ./packer build -only=${PACKER_BUILDS} \
+ ./packer build \
-force \
+ $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \
@@ -82,6 +78,7 @@ cidata.iso: user-data meta-data
.PHONY: libpod_base_images
libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer
PACKER_CACHE_DIR=/tmp ./packer build \
+ $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-force \
-var TIMESTAMP=$(TIMESTAMP) \
-var TTYDEV=$(TTYDEV) \
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 6cfaa05ce..591a59a05 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -15,100 +15,106 @@ install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
-ooe.sh sudo dnf update -y
+$BIGTO ooe.sh sudo dnf update -y
echo "Enabling updates-testing repository"
-ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
-ooe.sh sudo dnf config-manager --set-enabled updates-testing
+$LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
+$LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing
-echo "Installing general build/test dependencies"
-ooe.sh sudo dnf install -y \
- atomic-registries \
- autoconf \
- automake \
- bash-completion \
- bats \
- bridge-utils \
- btrfs-progs-devel \
- bzip2 \
- conmon \
- container-selinux \
- containernetworking-plugins \
- containers-common \
- criu \
- device-mapper-devel \
- emacs-nox \
- file \
- findutils \
- fuse3 \
- fuse3-devel \
- gcc \
- git \
- glib2-devel \
- glibc-static \
- gnupg \
- go-md2man \
- golang \
- golang-github-cpuguy83-go-md2man \
- gpgme-devel \
- iproute \
- iptables \
- jq \
- libassuan-devel \
- libcap-devel \
- libmsi1 \
- libnet \
- libnet-devel \
- libnl3-devel \
- libseccomp \
- libseccomp-devel \
- libselinux-devel \
- libtool \
- libvarlink-util \
- lsof \
- make \
- msitools \
- nmap-ncat \
- pandoc \
- podman \
- procps-ng \
- protobuf \
- protobuf-c \
- protobuf-c-devel \
- protobuf-compiler \
- protobuf-devel \
- protobuf-python \
- python \
- python2-future \
- python3-dateutil \
- python3-psutil \
- python3-pytoml \
- runc \
- selinux-policy-devel \
- slirp4netns \
- unzip \
- vim \
- which \
- xz \
+echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
+REMOVE_PACKAGES=()
+INSTALL_PACKAGES=(\
+ autoconf
+ automake
+ bash-completion
+ bats
+ bridge-utils
+ btrfs-progs-devel
+ bzip2
+ conmon
+ container-selinux
+ containernetworking-plugins
+ containers-common
+ criu
+ device-mapper-devel
+ dnsmasq
+ emacs-nox
+ file
+ findutils
+ fuse3
+ fuse3-devel
+ gcc
+ git
+ glib2-devel
+ glibc-static
+ gnupg
+ go-md2man
+ golang
+ gpgme-devel
+ iproute
+ iptables
+ jq
+ libassuan-devel
+ libcap-devel
+ libmsi1
+ libnet
+ libnet-devel
+ libnl3-devel
+ libseccomp
+ libseccomp-devel
+ libselinux-devel
+ libtool
+ libvarlink-util
+ lsof
+ make
+ msitools
+ nmap-ncat
+ pandoc
+ podman
+ procps-ng
+ protobuf
+ protobuf-c
+ protobuf-c-devel
+ protobuf-devel
+ protobuf-python
+ python
+ python3-dateutil
+ python3-psutil
+ python3-pytoml
+ selinux-policy-devel
+ skopeo
+ slirp4netns
+ unzip
+ vim
+ which
+ xz
zip
+)
+case "$OS_RELEASE_VER" in
+ 30)
+ INSTALL_PACKAGES+=(\
+ atomic-registries
+ golang-github-cpuguy83-go-md2man
+ python2-future
+ runc
+ )
+ ;;
+ 31)
+ INSTALL_PACKAGES+=(crun)
+ REMOVE_PACKAGES+=(runc)
+ ;;
+ *)
+ bad_os_id_ver ;;
+esac
+$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]}
+[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \
+ $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]}
# Ensure there are no disruptive periodic services enabled by default in image
systemd_banish
-sudo /tmp/libpod/hack/install_catatonit.sh
-
-# Same script is used for several related contexts
-case "$PACKER_BUILDER_NAME" in
- xfedora*)
- echo "Configuring CGroups v2 enabled on next boot"
- sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
- sudo dnf install -y crun
- ;& # continue to next matching item
- *)
- echo "Finalizing $PACKER_BUILDER_NAME VM image"
- ;;
-esac
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
rh_finalize
diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh
index 43cfa7180..78772da09 100644
--- a/contrib/cirrus/packer/image-builder-image_base-setup.sh
+++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh
@@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \
libvirt-client \
libvirt-daemon \
make \
- python34 \
- python34 \
- python34-PyYAML \
- python34-PyYAML \
+ python36 \
+ python36-PyYAML \
qemu-img \
qemu-kvm \
qemu-kvm-tools \
diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml
index bcca440ae..21f3795f1 100644
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@@ -17,14 +17,14 @@ variables:
PRIOR_UBUNTU_BASE_IMAGE:
# Latest Fedora release
- FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
- FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
- FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
+ FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2"
+ FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM"
+ FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9'
# Prior Fedora release
- PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2"
- PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM"
- PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2' # Name to use in GCE
+ PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
+ PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
+ PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
# The name of the image in GCE used for packer build libpod_images.yml
IBI_BASE_NAME: 'image-builder-image'
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index 01a65d867..074a813af 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -51,17 +51,12 @@ builders:
source_image_family: 'prior-ubuntu-base'
- <<: *gce_hosted_image
- name: 'fedora-30'
- source_image: '{{user `FEDORA_BASE_IMAGE`}}'
- source_image_family: 'fedora-base'
-
- - <<: *gce_hosted_image
- name: 'xfedora-30'
+ name: 'fedora-31'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
source_image_family: 'fedora-base'
- <<: *gce_hosted_image
- name: 'fedora-29'
+ name: 'fedora-30'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
source_image_family: 'prior-fedora-base'
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 118ee062a..7c39a76f8 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -59,6 +59,8 @@ $BIGTO $SUDOAPTGET install \
cri-o-runc \
criu \
curl \
+ conmon \
+ dnsmasq \
e2fslibs-dev \
emacs-nox \
file \
@@ -129,7 +131,7 @@ then
ooe.sh sudo update-grub
fi
-sudo /tmp/libpod/hack/install_catatonit.sh
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
ubuntu_finalize
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index edd793bb9..5364dd510 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -47,6 +47,30 @@ case "${OS_RELEASE_ID}" in
setsebool container_manage_cgroup true
if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then
bash "$SCRIPT_BASE/add_second_partition.sh"; fi
+
+ if [[ "$OS_RELEASE_VER" == "31" ]]; then
+ warn "Switching io schedular to deadline to avoid RHBZ 1767539"
+ warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447"
+ echo "mq-deadline" > /sys/block/sda/queue/scheduler
+ cat /sys/block/sda/queue/scheduler
+
+ warn "Forcing systemd cgroup manager"
+ X=$(echo "export CGROUP_MANAGER=systemd" | \
+ tee -a /etc/environment) && eval "$X" && echo "$X"
+
+ warn "Testing with crun instead of runc"
+ X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \
+ tee -a /etc/environment) && eval "$X" && echo "$X"
+
+ warn "Upgrading to the latest crun"
+ # Normally not something to do for stable testing
+ # but crun is new, and late-breaking fixes may be required
+ # on short notice
+ dnf update -y crun
+
+ #warn "Setting SELinux into Permissive mode"
+ #setenforce 0
+ fi
;;
centos) # Current VM is an image-builder-image no local podman/testing
echo "No further setup required for VM image building"
@@ -62,9 +86,6 @@ source "$SCRIPT_BASE/lib.sh"
make install.tools
case "$SPECIALMODE" in
- cgroupv2)
- remove_packaged_podman_files # we're building from source
- ;;
none)
[[ -n "$CROSS_PLATFORM" ]] || \
remove_packaged_podman_files
diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in
index 276dd327e..a9c3bc3be 100644
--- a/contrib/spec/podman.spec.in
+++ b/contrib/spec/podman.spec.in
@@ -43,6 +43,11 @@
%global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7})
Name: podman
+%if 0%{?fedora}
+Epoch: 99
+%else
+Epoch: 0
+%endif
Version: 1.8.1
Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
Summary: Manage Pods, Containers and Container Images
diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go
index 641bc8a91..a543a19c0 100644
--- a/libpod/container_inspect.go
+++ b/libpod/container_inspect.go
@@ -606,11 +606,45 @@ type InspectContainerState struct {
Healthcheck HealthCheckResults `json:"Healthcheck,omitempty"`
}
+// InspectBasicNetworkConfig holds basic configuration information (e.g. IP
+// addresses, MAC address, subnet masks, etc) that are common for all networks
+// (both additional and main).
+type InspectBasicNetworkConfig struct {
+ // EndpointID is unused, maintained exclusively for compatibility.
+ EndpointID string `json:"EndpointID"`
+ // Gateway is the IP address of the gateway this network will use.
+ Gateway string `json:"Gateway"`
+ // IPAddress is the IP address for this network.
+ IPAddress string `json:"IPAddress"`
+ // IPPrefixLen is the length of the subnet mask of this network.
+ IPPrefixLen int `json:"IPPrefixLen"`
+ // SecondaryIPAddresses is a list of extra IP Addresses that the
+ // container has been assigned in this network.
+ SecondaryIPAddresses []string `json:"SecondaryIPAddresses,omitempty"`
+ // IPv6Gateway is the IPv6 gateway this network will use.
+ IPv6Gateway string `json:"IPv6Gateway"`
+ // GlobalIPv6Address is the global-scope IPv6 Address for this network.
+ GlobalIPv6Address string `json:"GlobalIPv6Address"`
+ // GlobalIPv6PrefixLen is the length of the subnet mask of this network.
+ GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"`
+ // SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the
+ // container has been assigned in this networ.
+ SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses,omitempty"`
+ // MacAddress is the MAC address for the interface in this network.
+ MacAddress string `json:"MacAddress"`
+ // AdditionalMacAddresses is a set of additional MAC Addresses beyond
+ // the first. CNI may configure more than one interface for a single
+ // network, which can cause this.
+ AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"`
+}
+
// InspectNetworkSettings holds information about the network settings of the
// container.
// Many fields are maintained only for compatibility with `docker inspect` and
// are unused within Libpod.
type InspectNetworkSettings struct {
+ InspectBasicNetworkConfig
+
Bridge string `json:"Bridge"`
SandboxID string `json:"SandboxID"`
HairpinMode bool `json:"HairpinMode"`
@@ -618,16 +652,30 @@ type InspectNetworkSettings struct {
LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"`
Ports []ocicni.PortMapping `json:"Ports"`
SandboxKey string `json:"SandboxKey"`
- SecondaryIPAddresses []string `json:"SecondaryIPAddresses"`
- SecondaryIPv6Addresses []string `json:"SecondaryIPv6Addresses"`
- EndpointID string `json:"EndpointID"`
- Gateway string `json:"Gateway"`
- GlobalIPv6Address string `json:"GlobalIPv6Address"`
- GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"`
- IPAddress string `json:"IPAddress"`
- IPPrefixLen int `json:"IPPrefixLen"`
- IPv6Gateway string `json:"IPv6Gateway"`
- MacAddress string `json:"MacAddress"`
+ // Networks contains information on non-default CNI networks this
+ // container has joined.
+ // It is a map of network name to network information.
+ Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"`
+}
+
+// InspectAdditionalNetwork holds information about non-default CNI networks the
+// container has been connected to.
+// As with InspectNetworkSettings, many fields are unused and maintained only
+// for compatibility with Docker.
+type InspectAdditionalNetwork struct {
+ InspectBasicNetworkConfig
+
+ // Name of the network we're connecting to.
+ NetworkID string `json:"NetworkID,omitempty"`
+ // DriverOpts is presently unused and maintained exclusively for
+ // compatibility.
+ DriverOpts map[string]string `json:"DriverOpts"`
+ // IPAMConfig is presently unused and maintained exlusively for
+ // compabitility.
+ IPAMConfig map[string]string `json:"IPAMConfig"`
+ // Links is presently unused and maintained exclusively for
+ // compatibility.
+ Links []string `json:"Links"`
}
// inspectLocked inspects a container for low-level information.
@@ -754,27 +802,7 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data)
GraphDriver: driverData,
Mounts: inspectMounts,
Dependencies: c.Dependencies(),
- NetworkSettings: &InspectNetworkSettings{
- Bridge: "", // TODO
- SandboxID: "", // TODO - is this even relevant?
- HairpinMode: false, // TODO
- LinkLocalIPv6Address: "", // TODO - do we even support IPv6?
- LinkLocalIPv6PrefixLen: 0, // TODO - do we even support IPv6?
-
- Ports: []ocicni.PortMapping{}, // TODO - maybe worth it to put this in Docker format?
- SandboxKey: "", // Network namespace path
- SecondaryIPAddresses: nil, // TODO - do we support this?
- SecondaryIPv6Addresses: nil, // TODO - do we support this?
- EndpointID: "", // TODO - is this even relevant?
- Gateway: "", // TODO
- GlobalIPv6Address: "",
- GlobalIPv6PrefixLen: 0,
- IPAddress: "",
- IPPrefixLen: 0,
- IPv6Gateway: "",
- MacAddress: "", // TODO
- },
- IsInfra: c.IsInfra(),
+ IsInfra: c.IsInfra(),
}
if c.state.ConfigPath != "" {
@@ -792,13 +820,11 @@ func (c *Container) getContainerInspectData(size bool, driverData *driver.Data)
}
}
- // Copy port mappings into network settings
- if config.PortMappings != nil {
- data.NetworkSettings.Ports = config.PortMappings
+ networkConfig, err := c.getContainerNetworkInfo()
+ if err != nil {
+ return nil, err
}
-
- // Get information on the container's network namespace (if present)
- data = c.getContainerNetworkInfo(data)
+ data.NetworkSettings = networkConfig
inspectConfig, err := c.generateInspectContainerConfig(ctrSpec)
if err != nil {
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index fa8593f20..d57b1a8eb 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -12,13 +12,13 @@ import (
"os"
"os/exec"
"path/filepath"
- "strconv"
"strings"
"syscall"
"time"
cnitypes "github.com/containernetworking/cni/pkg/types/current"
"github.com/containernetworking/plugins/pkg/ns"
+ "github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/pkg/errorhandling"
"github.com/containers/libpod/pkg/netns"
"github.com/containers/libpod/pkg/rootless"
@@ -556,37 +556,105 @@ func getContainerNetIO(ctr *Container) (*netlink.LinkStatistics, error) {
return netStats, err
}
-func (c *Container) getContainerNetworkInfo(data *InspectContainerData) *InspectContainerData {
- if c.state.NetNS != nil && len(c.state.NetworkStatus) > 0 {
- // Report network settings from the first pod network
- result := c.state.NetworkStatus[0]
- // Go through our IP addresses
- for _, ctrIP := range result.IPs {
- ipWithMask := ctrIP.Address.String()
- splitIP := strings.Split(ipWithMask, "/")
- mask, _ := strconv.Atoi(splitIP[1])
- if ctrIP.Version == "4" {
- data.NetworkSettings.IPAddress = splitIP[0]
- data.NetworkSettings.IPPrefixLen = mask
- data.NetworkSettings.Gateway = ctrIP.Gateway.String()
- } else {
- data.NetworkSettings.GlobalIPv6Address = splitIP[0]
- data.NetworkSettings.GlobalIPv6PrefixLen = mask
- data.NetworkSettings.IPv6Gateway = ctrIP.Gateway.String()
+// Produce an InspectNetworkSettings containing information on the container
+// network.
+func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) {
+ settings := new(InspectNetworkSettings)
+ settings.Ports = []ocicni.PortMapping{}
+ if c.config.PortMappings != nil {
+ // TODO: This may not be safe.
+ settings.Ports = c.config.PortMappings
+ }
+
+ // We can't do more if the network is down.
+ if c.state.NetNS == nil {
+ return settings, nil
+ }
+
+ // Set network namespace path
+ settings.SandboxKey = c.state.NetNS.Path()
+
+ // If this is empty, we're probably slirp4netns
+ if len(c.state.NetworkStatus) == 0 {
+ return settings, nil
+ }
+
+ // If we have CNI networks - handle that here
+ if len(c.config.Networks) > 0 {
+ if len(c.config.Networks) != len(c.state.NetworkStatus) {
+ return nil, errors.Wrapf(define.ErrInternal, "network inspection mismatch: asked to join %d CNI networks but have information on %d networks", len(c.config.Networks), len(c.state.NetworkStatus))
+ }
+
+ settings.Networks = make(map[string]*InspectAdditionalNetwork)
+
+ // CNI results should be in the same order as the list of
+ // networks we pass into CNI.
+ for index, name := range c.config.Networks {
+ cniResult := c.state.NetworkStatus[index]
+ addedNet := new(InspectAdditionalNetwork)
+ addedNet.NetworkID = name
+
+ basicConfig, err := resultToBasicNetworkConfig(cniResult)
+ if err != nil {
+ return nil, err
}
+ addedNet.InspectBasicNetworkConfig = basicConfig
+
+ settings.Networks[name] = addedNet
}
- // Set network namespace path
- data.NetworkSettings.SandboxKey = c.state.NetNS.Path()
+ return settings, nil
+ }
+
+ // If not joining networks, we should have at most 1 result
+ if len(c.state.NetworkStatus) > 1 {
+ return nil, errors.Wrapf(define.ErrInternal, "should have at most 1 CNI result if not joining networks, instead got %d", len(c.state.NetworkStatus))
+ }
+
+ if len(c.state.NetworkStatus) == 1 {
+ basicConfig, err := resultToBasicNetworkConfig(c.state.NetworkStatus[0])
+ if err != nil {
+ return nil, err
+ }
- // Set MAC address of interface linked with network namespace path
- for _, i := range result.Interfaces {
- if i.Sandbox == data.NetworkSettings.SandboxKey {
- data.NetworkSettings.MacAddress = i.Mac
+ settings.InspectBasicNetworkConfig = basicConfig
+ }
+
+ return settings, nil
+}
+
+// resultToBasicNetworkConfig produces an InspectBasicNetworkConfig from a CNI
+// result
+func resultToBasicNetworkConfig(result *cnitypes.Result) (InspectBasicNetworkConfig, error) {
+ config := InspectBasicNetworkConfig{}
+
+ for _, ctrIP := range result.IPs {
+ size, _ := ctrIP.Address.Mask.Size()
+ switch {
+ case ctrIP.Version == "4" && config.IPAddress == "":
+ config.IPAddress = ctrIP.Address.IP.String()
+ config.IPPrefixLen = size
+ config.Gateway = ctrIP.Gateway.String()
+ if ctrIP.Interface != nil && *ctrIP.Interface < len(result.Interfaces) && *ctrIP.Interface > 0 {
+ config.MacAddress = result.Interfaces[*ctrIP.Interface].Mac
+ }
+ case ctrIP.Version == "4" && config.IPAddress != "":
+ config.SecondaryIPAddresses = append(config.SecondaryIPAddresses, ctrIP.Address.String())
+ if ctrIP.Interface != nil && *ctrIP.Interface < len(result.Interfaces) && *ctrIP.Interface > 0 {
+ config.AdditionalMacAddresses = append(config.AdditionalMacAddresses, result.Interfaces[*ctrIP.Interface].Mac)
}
+ case ctrIP.Version == "6" && config.IPAddress == "":
+ config.GlobalIPv6Address = ctrIP.Address.IP.String()
+ config.GlobalIPv6PrefixLen = size
+ config.IPv6Gateway = ctrIP.Gateway.String()
+ case ctrIP.Version == "6" && config.IPAddress != "":
+ config.SecondaryIPv6Addresses = append(config.SecondaryIPv6Addresses, ctrIP.Address.String())
+ default:
+ return config, errors.Wrapf(define.ErrInternal, "unrecognized IP version %q", ctrIP.Version)
}
}
- return data
+
+ return config, nil
}
type logrusDebugWriter struct {
diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go
index d9b3730aa..7f343cf35 100644
--- a/libpod/networking_unsupported.go
+++ b/libpod/networking_unsupported.go
@@ -20,6 +20,6 @@ func (r *Runtime) createNetNS(ctr *Container) (err error) {
return define.ErrNotImplemented
}
-func (c *Container) getContainerNetworkInfo(data *InspectContainerData) *InspectContainerData {
- return nil
+func (c *Container) getContainerNetworkInfo() (*InspectNetworkSettings, error) {
+ return nil, define.ErrNotImplemented
}
diff --git a/pkg/api/server/server.go b/pkg/api/server/server.go
index e7b2a5525..a5922e5d7 100644
--- a/pkg/api/server/server.go
+++ b/pkg/api/server/server.go
@@ -140,36 +140,31 @@ func newServer(runtime *libpod.Runtime, duration time.Duration, listener *net.Li
func (s *APIServer) Serve() error {
// stalker to count the connections. Should the timer expire it will shutdown the service.
go func() {
- for {
- select {
- case delta := <-s.ConnectionCh:
- // Always stop the current timer, things will change...
+ for delta := range s.ConnectionCh {
+ switch delta {
+ case EnterHandler:
s.Timer.Stop()
- switch delta {
- case EnterHandler:
- s.ActiveConnections += 1
- s.TotalConnections += 1
- case ExitHandler:
- s.ActiveConnections -= 1
- if s.ActiveConnections == 0 {
- // Server will be shutdown iff the timer expires before being reset or stopped
- s.Timer = time.AfterFunc(s.Duration, func() {
- if err := s.Shutdown(); err != nil {
- logrus.Errorf("Failed to shutdown APIServer: %v", err)
- os.Exit(1)
- }
- })
- } else {
- s.Timer.Reset(s.Duration)
- }
- case NOOPHandler:
- // push the check out another duration...
+ s.ActiveConnections += 1
+ s.TotalConnections += 1
+ case ExitHandler:
+ s.Timer.Stop()
+ s.ActiveConnections -= 1
+ if s.ActiveConnections == 0 {
+ // Server will be shutdown iff the timer expires before being reset or stopped
+ s.Timer = time.AfterFunc(s.Duration, func() {
+ if err := s.Shutdown(); err != nil {
+ logrus.Errorf("Failed to shutdown APIServer: %v", err)
+ os.Exit(1)
+ }
+ })
+ } else {
s.Timer.Reset(s.Duration)
- default:
- logrus.Errorf("ConnectionCh received unsupported input %d", delta)
}
+ case NOOPHandler:
+ // push the check out another duration...
+ s.Timer.Reset(s.Duration)
default:
- time.Sleep(1 * time.Second)
+ logrus.Errorf("ConnectionCh received unsupported input %d", delta)
}
}
}()
@@ -212,7 +207,7 @@ func (s *APIServer) Shutdown() error {
go func() {
err := s.Server.Shutdown(ctx)
- if err != nil && err != context.Canceled {
+ if err != nil && err != context.Canceled && err != http.ErrServerClosed {
logrus.Errorf("Failed to cleanly shutdown APIServer: %s", err.Error())
}
}()
diff --git a/pkg/bindings/test/containers_test.go b/pkg/bindings/test/containers_test.go
index f6ef4abec..6756e81c7 100644
--- a/pkg/bindings/test/containers_test.go
+++ b/pkg/bindings/test/containers_test.go
@@ -3,10 +3,12 @@ package test_bindings
import (
"context"
"net/http"
+ "strconv"
"time"
"github.com/containers/libpod/pkg/bindings"
"github.com/containers/libpod/pkg/bindings/containers"
+ "github.com/containers/libpod/test/utils"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/onsi/gomega/gexec"
@@ -175,6 +177,14 @@ var _ = Describe("Podman containers ", func() {
})
It("podman remove a paused container by id with force", func() {
+ // FIXME: Skip on F31 and later
+ host := utils.GetHostDistributionInfo()
+ osVer, err := strconv.Atoi(host.Version)
+ Expect(err).To(BeNil())
+ if host.Distribution == "fedora" && osVer >= 31 {
+ Skip("FIXME: https://github.com/containers/libpod/issues/5325")
+ }
+
// Removing a paused container with force should work
var name = "top"
bt.RunTopContainer(&name, &falseFlag, nil)
@@ -225,7 +235,7 @@ var _ = Describe("Podman containers ", func() {
Expect(data.State.Status).To(Equal("exited"))
})
- It("podman stop a running container by ID)", func() {
+ It("podman stop a running container by ID", func() {
// Stopping a running container by ID should work
var name = "top"
bt.RunTopContainer(&name, &falseFlag, nil)
diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c
index 83f4f3254..db898e706 100644
--- a/pkg/rootless/rootless_linux.c
+++ b/pkg/rootless/rootless_linux.c
@@ -58,7 +58,7 @@ static const char *_max_user_namespaces = "/proc/sys/user/max_user_namespaces";
static const char *_unprivileged_user_namespaces = "/proc/sys/kernel/unprivileged_userns_clone";
static int open_files_max_fd;
-fd_set open_files_set;
+static fd_set *open_files_set;
static uid_t rootless_uid_init;
static gid_t rootless_gid_init;
@@ -240,17 +240,39 @@ static void __attribute__((constructor)) init()
if (d)
{
struct dirent *ent;
+ size_t size = 0;
- FD_ZERO (&open_files_set);
for (ent = readdir (d); ent; ent = readdir (d))
{
- int fd = atoi (ent->d_name);
- if (fd != dirfd (d))
+ int fd;
+
+ if (ent->d_name[0] == '.')
+ continue;
+
+ fd = atoi (ent->d_name);
+ if (fd == dirfd (d))
+ continue;
+
+ if (fd >= size * FD_SETSIZE)
{
- if (fd > open_files_max_fd)
- open_files_max_fd = fd;
- FD_SET (fd, &open_files_set);
+ int i;
+ size_t new_size;
+
+ new_size = (fd / FD_SETSIZE) + 1;
+ open_files_set = realloc (open_files_set, new_size * sizeof (fd_set));
+ if (open_files_set == NULL)
+ _exit (EXIT_FAILURE);
+
+ for (i = size; i < new_size; i++)
+ FD_ZERO (&(open_files_set[i]));
+
+ size = new_size;
}
+
+ if (fd > open_files_max_fd)
+ open_files_max_fd = fd;
+
+ FD_SET (fd % FD_SETSIZE, &(open_files_set[fd / FD_SETSIZE]));
}
closedir (d);
}
@@ -553,10 +575,8 @@ reexec_userns_join (int userns, int mountns, char *pause_pid_file_path)
/* We passed down these fds, close them. */
int f;
for (f = 3; f < open_files_max_fd; f++)
- {
- if (FD_ISSET (f, &open_files_set))
- close (f);
- }
+ if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE])))
+ close (f);
return pid;
}
@@ -747,10 +767,11 @@ reexec_in_user_namespace (int ready, char *pause_pid_file_path, char *file_to_re
num_fds = strtol (listen_fds, NULL, 10);
if (num_fds != LONG_MIN && num_fds != LONG_MAX)
{
- long i;
- for (i = 3; i < num_fds + 3; i++)
- if (FD_ISSET (i, &open_files_set))
- close (i);
+ int f;
+
+ for (f = 3; f < num_fds + 3; f++)
+ if (open_files_set == NULL || FD_ISSET (f % FD_SETSIZE, &(open_files_set[f / FD_SETSIZE])))
+ close (f);
}
unsetenv ("LISTEN_PID");
unsetenv ("LISTEN_FDS");
diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index f71d55776..5ddfab7ad 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -510,7 +510,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st
}
}
}
- if !foundProcess {
+ if !foundProcess && pausePidPath != "" {
return BecomeRootInUserNS(pausePidPath)
}
if lastErr != nil {
diff --git a/pkg/spec/namespaces.go b/pkg/spec/namespaces.go
index 1f98e6e25..838d95c54 100644
--- a/pkg/spec/namespaces.go
+++ b/pkg/spec/namespaces.go
@@ -422,7 +422,7 @@ func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig
if hostname == "" {
switch {
case utsCtrID != "":
- utsCtr, err := runtime.GetContainer(utsCtrID)
+ utsCtr, err := runtime.LookupContainer(utsCtrID)
if err != nil {
return errors.Wrapf(err, "unable to retrieve hostname from dependency container %s", utsCtrID)
}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index 025cb31e0..17b180cde 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -276,7 +276,7 @@ func (s *SpecGenerator) utsConfigureGenerator(g *generate.Generator, runtime *li
if hostname == "" {
switch {
case s.UtsNS.IsContainer():
- utsCtr, err := runtime.GetContainer(s.UtsNS.Value)
+ utsCtr, err := runtime.LookupContainer(s.UtsNS.Value)
if err != nil {
return errors.Wrapf(err, "unable to retrieve hostname from dependency container %s", s.UtsNS.Value)
}
diff --git a/test/apiv2/01-basic.at b/test/apiv2/01-basic.at
index a54063260..b8a049cdf 100644
--- a/test/apiv2/01-basic.at
+++ b/test/apiv2/01-basic.at
@@ -47,4 +47,19 @@ t GET info 200 \
.DefaultRuntime=runc \
.MemTotal~[0-9]\\+
+# Timing: make sure server stays responsive
+t0=$SECONDS
+for i in $(seq 1 10); do
+ # FIXME: someday: refactor t(), separate out the 'curl' logic so we
+ # can call it directly. Then we won't get ten annoying 'ok' lines.
+ t GET info 200
+done
+t1=$SECONDS
+delta_t=$((t1 - t2))
+if [ $delta_t -le 5 ]; then
+ _show_ok 1 "Time for ten /info requests ($delta_t seconds) <= 5s"
+else
+ _show_ok 0 "Time for ten /info requests" "<= 5 seconds" "$delta_t seconds"
+fi
+
# vim: filetype=sh
diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at
index 705de94d2..8b5651cff 100644
--- a/test/apiv2/40-pods.at
+++ b/test/apiv2/40-pods.at
@@ -3,18 +3,20 @@
# test pod-related endpoints
#
-# FIXME! Shouldn't /create give an actual pod ID?
-expected_id='machine.slice'
-if rootless; then
- expected_id=/libpod_parent
-fi
-
t GET libpod/pods/json 200 null
-t POST libpod/pods/create name=foo 201 .id=$expected_id
+t POST libpod/pods/create name=foo 201 .id~[0-9a-f]\\{64\\}
+pod_id=$(jq -r .id <<<"$output")
t GET libpod/pods/foo/exists 204
+t GET libpod/pods/$pod_id/exists 204
t GET libpod/pods/notfoo/exists 404
-t GET libpod/pods/foo/json 200 .Config.name=foo .Containers=null
-t GET libpod/pods/json 200 .[0].Config.name=foo .[0].Containers=null
+t GET libpod/pods/foo/json 200 \
+ .Config.name=foo \
+ .Config.id=$pod_id \
+ .Containers=null
+t GET libpod/pods/json 200 \
+ .[0].Config.name=foo \
+ .[0].Config.id=$pod_id \
+ .[0].Containers=null
# Cannot create a dup pod with the same name
t POST libpod/pods/create name=foo 409 .cause="pod already exists"
@@ -35,8 +37,10 @@ t POST libpod/pods/foo/restart '' 500 .cause="no such container"
t POST libpod/pods/bar/restart '' 404
-#t POST libpod/pods/prune '' 200 # FIXME: unimplemented, returns 500
-#t POST libpod/pods/prune 'a=b' 400 # FIXME: unimplemented, returns 500
+# FIXME: I'm not sure what 'prune' is supposed to do; as of 20200224 it
+# just returns 200 (ok) with empty result list.
+#t POST libpod/pods/prune '' 200 # FIXME: 2020-02-24 returns 200 {}
+#t POST libpod/pods/prune 'a=b' 400 # FIXME: 2020-02-24 returns 200
# Clean up; and try twice, making sure that the second time fails
t DELETE libpod/pods/foo 204
diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2
index fffd7b085..bc2ed142c 100755
--- a/test/apiv2/test-apiv2
+++ b/test/apiv2/test-apiv2
@@ -253,7 +253,7 @@ function start_service() {
die "Cannot start service on non-localhost ($HOST)"
fi
- $PODMAN_BIN --root $WORKDIR system service --timeout 15000 tcp:127.0.0.1:$PORT \
+ $PODMAN_BIN --root $WORKDIR system service --timeout 15 tcp:127.0.0.1:$PORT \
&> $WORKDIR/server.log &
service_pid=$!
diff --git a/test/e2e/network_test.go b/test/e2e/network_test.go
index 9aed5351a..440d307b5 100644
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@@ -4,13 +4,15 @@ package integration
import (
"fmt"
+ "io/ioutil"
+ "os"
+ "path/filepath"
+ "strings"
+
. "github.com/containers/libpod/test/utils"
"github.com/containers/storage/pkg/stringid"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
- "io/ioutil"
- "os"
- "path/filepath"
)
func writeConf(conf []byte, confPath string) {
@@ -155,4 +157,76 @@ var _ = Describe("Podman network", func() {
Expect(session.IsJSONOutputValid()).To(BeTrue())
})
+ It("podman inspect container single CNI network", func() {
+ SkipIfRootless()
+ netName := "testNetSingleCNI"
+ network := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.50.0/24", netName})
+ network.WaitWithDefaultTimeout()
+ Expect(network.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork(netName)
+
+ ctrName := "testCtr"
+ container := podmanTest.Podman([]string{"run", "-dt", "--network", netName, "--name", ctrName, ALPINE, "top"})
+ container.WaitWithDefaultTimeout()
+ Expect(container.ExitCode()).To(BeZero())
+
+ inspect := podmanTest.Podman([]string{"inspect", ctrName})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(BeZero())
+ conData := inspect.InspectContainerToJSON()
+ Expect(len(conData)).To(Equal(1))
+ Expect(len(conData[0].NetworkSettings.Networks)).To(Equal(1))
+ net, ok := conData[0].NetworkSettings.Networks[netName]
+ Expect(ok).To(BeTrue())
+ Expect(net.NetworkID).To(Equal(netName))
+ Expect(net.IPPrefixLen).To(Equal(24))
+ Expect(strings.HasPrefix(net.IPAddress, "10.50.50.")).To(BeTrue())
+
+ // Necessary to ensure the CNI network is removed cleanly
+ rmAll := podmanTest.Podman([]string{"rm", "-f", ctrName})
+ rmAll.WaitWithDefaultTimeout()
+ Expect(rmAll.ExitCode()).To(BeZero())
+ })
+
+ It("podman inspect container two CNI networks", func() {
+ SkipIfRootless()
+ netName1 := "testNetTwoCNI1"
+ network1 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.0/25", netName1})
+ network1.WaitWithDefaultTimeout()
+ Expect(network1.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork(netName1)
+
+ netName2 := "testNetTwoCNI2"
+ network2 := podmanTest.Podman([]string{"network", "create", "--subnet", "10.50.51.128/26", netName2})
+ network2.WaitWithDefaultTimeout()
+ Expect(network2.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork(netName2)
+
+ ctrName := "testCtr"
+ container := podmanTest.Podman([]string{"run", "-dt", "--network", fmt.Sprintf("%s,%s", netName1, netName2), "--name", ctrName, ALPINE, "top"})
+ container.WaitWithDefaultTimeout()
+ Expect(container.ExitCode()).To(BeZero())
+
+ inspect := podmanTest.Podman([]string{"inspect", ctrName})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(BeZero())
+ conData := inspect.InspectContainerToJSON()
+ Expect(len(conData)).To(Equal(1))
+ Expect(len(conData[0].NetworkSettings.Networks)).To(Equal(2))
+ net1, ok := conData[0].NetworkSettings.Networks[netName1]
+ Expect(ok).To(BeTrue())
+ Expect(net1.NetworkID).To(Equal(netName1))
+ Expect(net1.IPPrefixLen).To(Equal(25))
+ Expect(strings.HasPrefix(net1.IPAddress, "10.50.51.")).To(BeTrue())
+ net2, ok := conData[0].NetworkSettings.Networks[netName2]
+ Expect(ok).To(BeTrue())
+ Expect(net2.NetworkID).To(Equal(netName2))
+ Expect(net2.IPPrefixLen).To(Equal(26))
+ Expect(strings.HasPrefix(net2.IPAddress, "10.50.51.")).To(BeTrue())
+
+ // Necessary to ensure the CNI network is removed cleanly
+ rmAll := podmanTest.Podman([]string{"rm", "-f", ctrName})
+ rmAll.WaitWithDefaultTimeout()
+ Expect(rmAll.ExitCode()).To(BeZero())
+ })
})
diff --git a/test/e2e/run_memory_test.go b/test/e2e/run_memory_test.go
index a45735a8a..d60f2a8cd 100644
--- a/test/e2e/run_memory_test.go
+++ b/test/e2e/run_memory_test.go
@@ -70,7 +70,11 @@ var _ = Describe("Podman run memory", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("41943040"))
+ if cgroupsv2 {
+ Expect(session.OutputToString()).To(Equal("max"))
+ } else {
+ Expect(session.OutputToString()).To(Equal("41943040"))
+ }
})
It("podman run memory-swappiness test", func() {
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 5e587b198..5be9db810 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -146,6 +146,17 @@ var _ = Describe("Podman run networking", func() {
Expect(match).Should(BeTrue())
})
+ It("podman run --net container: and --uts container:", func() {
+ ctrName := "ctrToJoin"
+ ctr1 := podmanTest.RunTopContainer(ctrName)
+ ctr1.WaitWithDefaultTimeout()
+ Expect(ctr1.ExitCode()).To(Equal(0))
+
+ ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--uts=container:" + ctrName, ALPINE, "true"})
+ ctr2.WaitWithDefaultTimeout()
+ Expect(ctr2.ExitCode()).To(Equal(0))
+ })
+
It("podman run --net container: copies hosts and resolv", func() {
SkipIfRootless()
ctrName := "ctr1"
diff --git a/test/e2e/run_staticip_test.go b/test/e2e/run_staticip_test.go
index 5b4842fea..5ad8f9fb0 100644
--- a/test/e2e/run_staticip_test.go
+++ b/test/e2e/run_staticip_test.go
@@ -3,7 +3,10 @@
package integration
import (
+ "fmt"
+ "net/http"
"os"
+ "time"
. "github.com/containers/libpod/test/utils"
. "github.com/onsi/ginkgo"
@@ -65,9 +68,20 @@ var _ = Describe("Podman run with --ip flag", func() {
It("Podman run two containers with the same IP", func() {
ip := GetRandomIPAddress()
- result := podmanTest.Podman([]string{"run", "-d", "--ip", ip, ALPINE, "sleep", "999"})
+ result := podmanTest.Podman([]string{"run", "-dt", "--ip", ip, nginx})
result.WaitWithDefaultTimeout()
Expect(result.ExitCode()).To(Equal(0))
+ for i := 0; i < 10; i++ {
+ fmt.Println("Waiting for nginx", err)
+ time.Sleep(1 * time.Second)
+ response, err := http.Get(fmt.Sprintf("http://%s", ip))
+ if err != nil {
+ continue
+ }
+ if response.StatusCode == http.StatusOK {
+ break
+ }
+ }
result = podmanTest.Podman([]string{"run", "-ti", "--ip", ip, ALPINE, "ip", "addr"})
result.WaitWithDefaultTimeout()
Expect(result).To(ExitWithError())
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 3eb93b84a..9b6de6f65 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -374,7 +374,9 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(ContainSubstring("1048576"))
+ if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ Expect(session.OutputToString()).To(ContainSubstring("1048576"))
+ }
})
It("podman run device-write-bps test", func() {
@@ -392,7 +394,9 @@ var _ = Describe("Podman run", func() {
}
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(ContainSubstring("1048576"))
+ if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ Expect(session.OutputToString()).To(ContainSubstring("1048576"))
+ }
})
It("podman run device-read-iops test", func() {
@@ -411,7 +415,9 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(ContainSubstring("100"))
+ if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ Expect(session.OutputToString()).To(ContainSubstring("100"))
+ }
})
It("podman run device-write-iops test", func() {
@@ -430,7 +436,9 @@ var _ = Describe("Podman run", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(ContainSubstring("100"))
+ if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ Expect(session.OutputToString()).To(ContainSubstring("100"))
+ }
})
It("podman run notify_socket", func() {
diff --git a/test/e2e/search_test.go b/test/e2e/search_test.go
index a697831ab..6d762d338 100644
--- a/test/e2e/search_test.go
+++ b/test/e2e/search_test.go
@@ -5,15 +5,13 @@ package integration
import (
"bytes"
"fmt"
+ . "github.com/containers/libpod/test/utils"
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
"io/ioutil"
"os"
"strconv"
"text/template"
- "time"
-
- . "github.com/containers/libpod/test/utils"
- . "github.com/onsi/ginkgo"
- . "github.com/onsi/gomega"
)
type endpoint struct {
@@ -165,21 +163,6 @@ registries = ['{{.Host}}:{{.Port}}']`
}
})
- It("podman search v2 registry with empty query", func() {
- var search *PodmanSessionIntegration
- for i := 0; i < 5; i++ {
- search = podmanTest.Podman([]string{"search", "registry.fedoraproject.org/"})
- search.WaitWithDefaultTimeout()
- if search.ExitCode() == 0 {
- break
- }
- fmt.Println("Search failed; sleeping & retrying...")
- time.Sleep(2 * time.Second)
- }
- Expect(search.ExitCode()).To(Equal(0))
- Expect(len(search.OutputToStringArray())).To(BeNumerically(">=", 1))
- })
-
It("podman search attempts HTTP if tls-verify flag is set false", func() {
if podmanTest.Host.Arch == "ppc64le" {
Skip("No registry image for ppc64le")
@@ -234,6 +217,14 @@ registries = ['{{.Host}}:{{.Port}}']`
Expect(search.ExitCode()).To(Equal(0))
Expect(search.OutputToString()).ShouldNot(BeEmpty())
+
+ // podman search v2 registry with empty query
+ searchEmpty := podmanTest.PodmanNoCache([]string{"search", fmt.Sprintf("%s/", registryEndpoints[3].Address()), "--tls-verify=false"})
+ searchEmpty.WaitWithDefaultTimeout()
+ Expect(searchEmpty.ExitCode()).To(BeZero())
+ Expect(len(searchEmpty.OutputToStringArray())).To(BeNumerically(">=", 1))
+ match, _ := search.GrepString("my-alpine")
+ Expect(match).Should(BeTrue())
})
It("podman search attempts HTTP if registry is in registries.insecure and force secure is false", func() {
diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats
index 5e098d754..7c2b9bed8 100644
--- a/test/system/130-kill.bats
+++ b/test/system/130-kill.bats
@@ -6,10 +6,29 @@
load helpers
@test "podman kill - test signal handling in containers" {
+ # podman-remote and crun interact poorly in f31: crun seems to gobble up
+ # some signals.
+ # Workaround: run 'env --default-signal sh' instead of just 'sh' in
+ # the container. Since env on our regular alpine image doesn't support
+ # that flag, we need to pull fedora-minimal. See:
+ # https://github.com/containers/libpod/issues/5004
+ # FIXME: remove this kludge once we get rid of podman-remote
+ local _image=$IMAGE
+ local _sh_cmd="sh"
+ if is_remote; then
+ _image=quay.io/libpod/fedora-minimal:latest
+ _sh_cmd="env --default-signal sh"
+ fi
+
# Start a container that will handle all signals by emitting 'got: N'
local -a signals=(1 2 3 4 5 6 8 10 12 13 14 15 16 20 21 22 23 24 25 26 64)
- run_podman run -d $IMAGE sh -c "for i in ${signals[*]}; do trap \"echo got: \$i\" \$i; done; echo READY; while ! test -e /stop; do sleep 0.05; done;echo DONE"
- cid="$output"
+ run_podman run -d $_image $_sh_cmd -c \
+ "for i in ${signals[*]}; do trap \"echo got: \$i\" \$i; done;
+ echo READY;
+ while ! test -e /stop; do sleep 0.05; done;
+ echo DONE"
+ # Ignore output regarding pulling/processing container images
+ cid=$(echo "$output" | tail -1)
# Run 'logs -f' on that container, but run it in the background with
# redirection to a named pipe from which we (foreground job) read
@@ -62,6 +81,10 @@ load helpers
run_podman wait $cid
run_podman rm $cid
wait $podman_log_pid
+
+ if [[ $_image != $IMAGE ]]; then
+ run_podman rmi $_image
+ fi
}
@test "podman kill - rejects invalid args" {