diff options
| -rw-r--r-- | cmd/podman/inspect/inspect.go | 4 | ||||
| -rw-r--r-- | cmd/podman/machine/start.go | 8 | ||||
| -rw-r--r-- | cmd/podman/pods/inspect.go | 4 | ||||
| -rw-r--r-- | docs/source/markdown/podman-create.1.md | 12 | ||||
| -rw-r--r-- | docs/source/markdown/podman-run.1.md | 12 | ||||
| -rw-r--r-- | pkg/domain/infra/abi/play.go | 7 | ||||
| -rw-r--r-- | test/e2e/build/envwithtab/Dockerfile | 3 | ||||
| -rw-r--r-- | test/e2e/inspect_test.go | 18 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 66 |
9 files changed, 114 insertions, 20 deletions
diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go index bd3060882..4c7fa33a4 100644 --- a/cmd/podman/inspect/inspect.go +++ b/cmd/podman/inspect/inspect.go @@ -254,7 +254,9 @@ func printTmpl(typ, row string, data []interface{}) error { if err != nil { return err } - return t.Execute(w, data) + err = t.Execute(w, data) + w.Flush() + return err } func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]interface{}, []error, error) { diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index a5ba74599..4ae31e6de 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -3,6 +3,8 @@ package machine import ( + "fmt" + "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" "github.com/containers/podman/v3/pkg/machine/qemu" @@ -58,5 +60,9 @@ func start(cmd *cobra.Command, args []string) error { if err != nil { return err } - return vm.Start(vmName, machine.StartOptions{}) + if err := vm.Start(vmName, machine.StartOptions{}); err != nil { + return err + } + fmt.Printf("Machine %q started successfully\n", vmName) + return nil } diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go index 4bb88f48a..96eaec3b9 100644 --- a/cmd/podman/pods/inspect.go +++ b/cmd/podman/pods/inspect.go @@ -80,5 +80,7 @@ func inspect(cmd *cobra.Command, args []string) error { if err != nil { return err } - return t.Execute(w, *responses) + err = t.Execute(w, *responses) + w.Flush() + return err } diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 0e32fb20d..00e94b41d 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -1125,21 +1125,21 @@ Example: `containers:2147483647:2147483648`. Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode - Valid `auto`options: + Valid `auto` options: - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace. - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace. - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace. -- **container:**_id_: join the user namespace of the specified container. +**container:**_id_: join the user namespace of the specified container. -- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). +**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). -- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. -- **ns:**_namespace_: run the container in the given existing user namespace. +**ns:**_namespace_: run the container in the given existing user namespace. -- **private**: create a new namespace for the container. +**private**: create a new namespace for the container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 3bbe41cc2..63224b49d 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -1184,21 +1184,21 @@ Example: `containers:2147483647:2147483648`. Podman allocates unique ranges of UIDs and GIDs from the `containers` subpordinate user ids. The size of the ranges is based on the number of UIDs required in the image. The number of UIDs and GIDs can be overridden with the `size` option. The `auto` options currently does not work in rootless mode - Valid `auto`options: + Valid `auto` options: - *gidmapping*=_CONTAINER_GID:HOST_GID:SIZE_: to force a GID mapping to be present in the user namespace. - *size*=_SIZE_: to specify an explicit size for the automatic user namespace. e.g. `--userns=auto:size=8192`. If `size` is not specified, `auto` will estimate a size for the user namespace. - *uidmapping*=_CONTAINER_UID:HOST_UID:SIZE_: to force a UID mapping to be present in the user namespace. -- **container:**_id_: join the user namespace of the specified container. +**container:**_id_: join the user namespace of the specified container. -- **host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). +**host**: run in the user namespace of the caller. The processes running in the container will have the same privileges on the host as any other process launched by the calling user (default). -- **keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. +**keep-id**: creates a user namespace where the current rootless user's UID:GID are mapped to the same values in the container. This option is ignored for containers created by the root user. -- **ns:**_namespace_: run the container in the given existing user namespace. +**ns:**_namespace_: run the container in the given existing user namespace. -- **private**: create a new namespace for the container. +**private**: create a new namespace for the container. This option is incompatible with **--gidmap**, **--uidmap**, **--subuidname** and **--subgidname**. diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index c9a6930f7..c6d5dcc3d 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -269,12 +269,9 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY } if podOpt.Infra { - imagePull := config.DefaultInfraImage - if podOpt.InfraImage != config.DefaultInfraImage && podOpt.InfraImage != "" { - imagePull = podOpt.InfraImage - } + containerConfig := util.DefaultContainerConfig() - pulledImages, err := pullImage(ic, writer, imagePull, options, config.PullPolicyNewer) + pulledImages, err := pullImage(ic, writer, containerConfig.Engine.InfraImage, options, config.PullPolicyNewer) if err != nil { return nil, err } diff --git a/test/e2e/build/envwithtab/Dockerfile b/test/e2e/build/envwithtab/Dockerfile new file mode 100644 index 000000000..0d8480c04 --- /dev/null +++ b/test/e2e/build/envwithtab/Dockerfile @@ -0,0 +1,3 @@ +FROM alpine + +ENV TEST=" t" diff --git a/test/e2e/inspect_test.go b/test/e2e/inspect_test.go index 89859e74f..59615d009 100644 --- a/test/e2e/inspect_test.go +++ b/test/e2e/inspect_test.go @@ -50,6 +50,24 @@ var _ = Describe("Podman inspect", func() { Expect(session).To(ExitWithError()) }) + It("podman inspect filter should work if result contains tab", func() { + session := podmanTest.Podman([]string{"build", "--tag", "envwithtab", "build/envwithtab"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // Verify that OS and Arch are being set + inspect := podmanTest.Podman([]string{"inspect", "-f", "{{ .Config.Env }}", "envwithtab"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + // output should not be empty + // test validates fix for https://github.com/containers/podman/issues/8785 + Expect(strings.Contains(inspect.OutputToString(), "TEST")) + + session = podmanTest.Podman([]string{"rmi", "envwithtab"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + }) + It("podman inspect with GO format", func() { session := podmanTest.Podman([]string{"inspect", "--format", "{{.ID}}", ALPINE}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 5d875effd..fa30f068c 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -11,6 +11,7 @@ import ( "text/template" "time" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v3/pkg/util" . "github.com/containers/podman/v3/test/utils" "github.com/containers/storage/pkg/stringid" @@ -30,6 +31,22 @@ metadata: spec: hostname: unknown ` +var checkInfraImagePodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + labels: + app: check-infra-image + name: check-infra-image +spec: + containers: + - name: alpine + image: quay.io/libpod/alpine:latest + command: + - sleep + - 24h +status: {} +` var sharedNamespacePodYaml = ` apiVersion: v1 kind: Pod @@ -1098,6 +1115,55 @@ var _ = Describe("Podman play kube", func() { Expect(label).To(ContainSubstring("unconfined_u:system_r:spc_t:s0")) }) + It("podman play kube should use default infra_image", func() { + err := writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"inspect", "check-infra-image", "--format", "{{ .InfraContainerID }}"}) + podInspect.WaitWithDefaultTimeout() + infraContainerID := podInspect.OutputToString() + + conInspect := podmanTest.Podman([]string{"inspect", infraContainerID, "--format", "{{ .ImageName }}"}) + conInspect.WaitWithDefaultTimeout() + infraContainerImage := conInspect.OutputToString() + Expect(infraContainerImage).To(Equal(config.DefaultInfraImage)) + }) + + It("podman play kube should use customized infra_image", func() { + conffile := filepath.Join(podmanTest.TempDir, "container.conf") + + infraImage := "k8s.gcr.io/pause:3.2" + err := ioutil.WriteFile(conffile, []byte(fmt.Sprintf("[engine]\ninfra_image=\"%s\"\n", infraImage)), 0644) + Expect(err).To(BeNil()) + + os.Setenv("CONTAINERS_CONF", conffile) + defer os.Unsetenv("CONTAINERS_CONF") + + if IsRemote() { + podmanTest.RestartRemoteService() + } + + err = writeYaml(checkInfraImagePodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + podInspect := podmanTest.Podman([]string{"inspect", "check-infra-image", "--format", "{{ .InfraContainerID }}"}) + podInspect.WaitWithDefaultTimeout() + infraContainerID := podInspect.OutputToString() + + conInspect := podmanTest.Podman([]string{"inspect", infraContainerID, "--format", "{{ .ImageName }}"}) + conInspect.WaitWithDefaultTimeout() + infraContainerImage := conInspect.OutputToString() + Expect(infraContainerImage).To(Equal(infraImage)) + }) + It("podman play kube should share ipc,net,uts when shareProcessNamespace is set", func() { SkipIfRootless("Requires root privileges for sharing few namespaces") err := writeYaml(sharedNamespacePodYaml, kubeYaml) |