diff options
| -rw-r--r-- | .cirrus.yml | 57 | ||||
| -rwxr-xr-x | API.md | 10 | ||||
| -rw-r--r-- | CONTRIBUTING.md | 2 | ||||
| -rw-r--r-- | Makefile | 7 | ||||
| -rw-r--r-- | cmd/podman/varlink/io.podman.varlink | 10 | ||||
| -rwxr-xr-x | contrib/cirrus/logcollector.sh | 36 | ||||
| l---------[-rwxr-xr-x] | contrib/cirrus/system_test.sh | 22 | ||||
| -rw-r--r-- | docs/podman.1.md | 4 | ||||
| -rw-r--r-- | libpod/container_internal_linux.go | 2 | ||||
| -rw-r--r-- | libpod/image/pull.go | 8 | ||||
| -rw-r--r-- | test/system/030-run.bats | 4 |
11 files changed, 85 insertions, 77 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 848dc2b6d..3b1c60638 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -21,12 +21,10 @@ env: CIRRUS_SHELL: "/bin/bash" # Save a little typing (path relative to $CIRRUS_WORKING_DIR) SCRIPT_BASE: "./contrib/cirrus" - # Command to prefix every output line with a timestamp + CIRRUS_CLONE_DEPTH: 50 + # Command to prefix output lines with timing information # (can't do inline awk script, Cirrus-CI or YAML mangles quoting) TIMESTAMP: "awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk" - # Command to log critical filesystems, types, and sizes. - DFCMD: "df -lhTx tmpfs" - CIRRUS_CLONE_DEPTH: 50 #### #### Cache-image names to test with @@ -280,18 +278,16 @@ testing_task: setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' unit_test_script: '$SCRIPT_BASE/unit_test.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' - ginkgo_node_logs_script: 'cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log || echo "Ginkgo node logs not found"' - df_script: '${DFCMD}' - audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log' - journalctl_b_script: 'journalctl -b' + system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}' on_failure: failed_master_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_master_failure.sh' - # Job has already failed, don't fail again and miss collecting data - failed_ginkgo_node_logs_script: 'cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log || echo "Ginkgo node logs not found"' - failed_df_script: '${DFCMD}' - failed_audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log || echo "Uh oh, cat audit.log failed"' - failed_journalctl_b_script: 'journalctl -b || echo "Uh oh, journalctl -b failed"' + + always: &standardlogs + ginkgo_node_logs_script: '$SCRIPT_BASE/logcollector.sh ginkgo' + df_script: '$SCRIPT_BASE/logcollector.sh df' + audit_log_script: '$SCRIPT_BASE/logcollector.sh audit' + journal_script: '$SCRIPT_BASE/logcollector.sh journal' # This task executes tests under unique environments/conditions @@ -316,16 +312,14 @@ special_testing_rootless_task: setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' - df_script: '${DFCMD}' - audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log' - journalctl_b_script: 'journalctl -b' + system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}' on_failure: failed_master_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_master_failure.sh' - # Job has already failed, don't fail again and miss collecting data - failed_df_script: '${DFCMD}' - failed_audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log || echo "Uh oh, cat audit.log failed"' - failed_journalctl_b_script: 'journalctl -b || echo "Uh oh, journalctl -b failed"' + + always: + <<: *standardlogs + special_testing_in_podman_task: @@ -344,16 +338,12 @@ special_testing_in_podman_task: setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' - df_script: '${DFCMD}' - audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log' - journalctl_b_script: 'journalctl -b' on_failure: failed_master_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_master_failure.sh' - # Job has already failed, don't fail again and miss collecting data - failed_df_script: '${DFCMD}' - failed_audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log || echo "Uh oh, cat audit.log failed"' - failed_journalctl_b_script: 'journalctl -b || echo "Uh oh, journalctl -b failed"' + + always: + <<: *standardlogs # Test building of new cache-images for future PR testing, in this PR. @@ -416,16 +406,9 @@ verify_test_built_images_task: environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' - ginkgo_node_logs_script: 'cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log || echo "Ginkgo node logs not found"' - df_script: '${DFCMD}' - audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log' - journalctl_b_script: 'journalctl -b' - on_failure: - # Job has already failed, don't fail again and miss collecting data - failed_ginkgo_node_logs_script: 'cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log || echo "Ginkgo node logs not found"' - failed_df_script: '${DFCMD}' - failed_audit_log_script: 'cat /var/log/audit/audit.log || cat /var/log/kern.log || echo "Uh oh, cat audit.log failed"' - failed_journalctl_b_script: 'journalctl -b || echo "Uh oh, journalctl -b failed"' + + always: + <<: *standardlogs # Build new cache-images for future PR testing, but only after a PR merge. @@ -286,7 +286,7 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> method Attach(name: [string](https://godoc.org/builtin#string), detachKeys: [string](https://godoc.org/builtin#string), start: [bool](https://godoc.org/builtin#bool)) </div> -Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start +Attach takes the name or ID of a container and sets up the ability to remotely attach to its console. The start bool is whether you wish to start the container in question first. ### <a name="AttachControl"></a>func AttachControl <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> @@ -459,7 +459,7 @@ $ varlink call -m unix:/run/podman/io.podman/io.podman.ExportContainer '{"name": method ExportImage(name: [string](https://godoc.org/builtin#string), destination: [string](https://godoc.org/builtin#string), compress: [bool](https://godoc.org/builtin#bool), tags: [[]string](#[]string)) [string](https://godoc.org/builtin#string)</div> ExportImage takes the name or ID of an image and exports it to a destination like a tarball. There is also -a booleon option to force compression. It also takes in a string array of tags to be able to save multiple +a boolean option to force compression. It also takes in a string array of tags to be able to save multiple tags of the same image to a tarball (each tag should be of the form <image>:<tag>). Upon completion, the ID of the image is returned. If the image cannot be found in local storage, an [ImageNotFound](#ImageNotFound) error will be returned. See also [ImportImage](ImportImage). @@ -729,14 +729,14 @@ error will be returned if the container cannot be found. See also [InspectImage] <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> method InspectImage(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div> -InspectImage takes the name or ID of an image and returns a string respresentation of data associated with the +InspectImage takes the name or ID of an image and returns a string representation of data associated with the mage. You must serialize the string into JSON to use it further. An [ImageNotFound](#ImageNotFound) error will be returned if the image cannot be found. ### <a name="InspectPod"></a>func InspectPod <div style="background-color: #E8E8E8; padding: 15px; margin: 10px; border-radius: 10px;"> method InspectPod(name: [string](https://godoc.org/builtin#string)) [string](https://godoc.org/builtin#string)</div> -InspectPod takes the name or ID of an image and returns a string respresentation of data associated with the +InspectPod takes the name or ID of an image and returns a string representation of data associated with the pod. You must serialize the string into JSON to use it further. A [PodNotFound](#PodNotFound) error will be returned if the pod cannot be found. ### <a name="KillContainer"></a>func KillContainer @@ -1650,7 +1650,7 @@ name [string](https://godoc.org/builtin#string) star_count [int](https://godoc.org/builtin#int) ### <a name="InfoDistribution"></a>type InfoDistribution -InfoDistribution describes the the host's distribution +InfoDistribution describes the host's distribution distribution [string](https://godoc.org/builtin#string) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b7544ba0..b86f3e345 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -315,7 +315,7 @@ branches, which you may occasionally see [red bars on the status graph .](https://cirrus-ci.com/github/containers/libpod/master) When the graph shows mostly green bars on the right, it's a good indication -the master branch is currently stable. Alternating red/green bars is indicitave +the master branch is currently stable. Alternating red/green bars is indicative of a testing "flake", and should be examined (anybody can do this): * *One or a small handful of tests, on a single task, (i.e. specific distro/version) @@ -220,8 +220,11 @@ localintegration: varlink_generate test-binaries ginkgo remoteintegration: varlink_generate test-binaries ginkgo-remote -localsystem: .install.ginkgo - ginkgo -v -noColor test/system/ +localsystem: + if timeout -v 1 true; then PODMAN=./bin/podman bats test/system/; else echo "Skipping localsystem: 'timeout -v' unavailable'"; fi + +remotesystem: + @echo "remotesystem - unimplemented" system.test-binary: .install.ginkgo $(GO) test -c ./test/system diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink index 5b3d5ae4c..9410b9459 100644 --- a/cmd/podman/varlink/io.podman.varlink +++ b/cmd/podman/varlink/io.podman.varlink @@ -207,7 +207,7 @@ type ContainerNameSpace ( ipc: string ) -# InfoDistribution describes the the host's distribution +# InfoDistribution describes the host's distribution type InfoDistribution ( distribution: string, version: string @@ -671,7 +671,7 @@ method PauseContainer(name: string) -> (container: string) # See also [PauseContainer](#PauseContainer). method UnpauseContainer(name: string) -> (container: string) -# Attach takes the name or ID of a container and sets up a the ability to remotely attach to its console. The start +# Attach takes the name or ID of a container and sets up the ability to remotely attach to its console. The start # bool is whether you wish to start the container in question first. method Attach(name: string, detachKeys: string, start: bool) -> () @@ -744,7 +744,7 @@ method BuildImage(build: BuildInfo) -> (image: MoreResponse) # This function is not implemented yet. # method CreateImage() -> (notimplemented: NotImplemented) -# InspectImage takes the name or ID of an image and returns a string respresentation of data associated with the +# InspectImage takes the name or ID of an image and returns a string representation of data associated with the #image. You must serialize the string into JSON to use it further. An [ImageNotFound](#ImageNotFound) error will # be returned if the image cannot be found. method InspectImage(name: string) -> (image: string) @@ -810,7 +810,7 @@ method Commit(name: string, image_name: string, changes: []string, author: strin method ImportImage(source: string, reference: string, message: string, changes: []string, delete: bool) -> (image: string) # ExportImage takes the name or ID of an image and exports it to a destination like a tarball. There is also -# a booleon option to force compression. It also takes in a string array of tags to be able to save multiple +# a boolean option to force compression. It also takes in a string array of tags to be able to save multiple # tags of the same image to a tarball (each tag should be of the form <image>:<tag>). Upon completion, the ID # of the image is returned. If the image cannot be found in local storage, an [ImageNotFound](#ImageNotFound) # error will be returned. See also [ImportImage](ImportImage). @@ -915,7 +915,7 @@ method ListPods() -> (pods: []ListPodData) # ~~~ method GetPod(name: string) -> (pod: ListPodData) -# InspectPod takes the name or ID of an image and returns a string respresentation of data associated with the +# InspectPod takes the name or ID of an image and returns a string representation of data associated with the # pod. You must serialize the string into JSON to use it further. A [PodNotFound](#PodNotFound) error will # be returned if the pod cannot be found. method InspectPod(name: string) -> (pod: string) diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh new file mode 100755 index 000000000..425a619b0 --- /dev/null +++ b/contrib/cirrus/logcollector.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +source $(dirname $0)/lib.sh + +req_env_var CIRRUS_WORKING_DIR OS_RELEASE_ID + +# Assume there are other log collection commands to follow - Don't +# let one break another that may be useful, but also keep any +# actual script-problems fatal so they are noticed right away. +showrun() { + echo '+ '$(printf " %q" "$@") + set +e + echo '------------------------------------------------------------' + "$@" + local status=$? + [[ $status -eq 0 ]] || \ + echo "[ rc = $status -- proceeding anyway ]" + echo '------------------------------------------------------------' + set -e +} + +case $1 in + audit) + case $OS_RELEASE_ID in + ubuntu) showrun cat /var/log/kern.log ;; + fedora) showrun cat /var/log/audit/audit.log ;; + *) bad_os_id_ver ;; + esac + ;; + df) showrun df -lhTx tmpfs ;; + ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;; + journal) showrun journalctl -b ;; + *) die 1 "Warning, $(basename $0) doesn't know how to handle the parameter '$1'" +esac diff --git a/contrib/cirrus/system_test.sh b/contrib/cirrus/system_test.sh index a2cc1af05..cbc481d6b 100755..120000 --- a/contrib/cirrus/system_test.sh +++ b/contrib/cirrus/system_test.sh @@ -1,21 +1 @@ -#!/bin/bash - -set -e -source $(dirname $0)/lib.sh - -req_env_var GOSRC OS_RELEASE_ID OS_RELEASE_VER - -set -x -cd "$GOSRC" - -case "${OS_RELEASE_ID}" in - ubuntu) ;& # Continue to the next item - fedora) - make install.tools - make - make test-binaries - ;; - *) bad_os_id_ver ;; -esac - -make localsystem +integration_test.sh
\ No newline at end of file diff --git a/docs/podman.1.md b/docs/podman.1.md index a150ca373..c23075718 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -108,13 +108,13 @@ the exit codes follow the `chroot` standard, see below: Error: unknown flag: --foo 125 -**_126_** if executing a **_contained command_** and the the **_command_** cannot be invoked +**_126_** if executing a **_contained command_** and the **_command_** cannot be invoked $ podman run busybox /etc; echo $? Error: container_linux.go:346: starting container process caused "exec: \"/etc\": permission denied": OCI runtime error 126 -**_127_** if executing a **_contained command_** and the the **_command_** cannot be found +**_127_** if executing a **_contained command_** and the **_command_** cannot be found $ podman run busybox foo; echo $? Error: container_linux.go:346: starting container process caused "exec: \"foo\": executable file not found in $PATH": OCI runtime error 127 diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 0be5427d9..55cc5089b 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -424,7 +424,7 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { // It also expects to be able to write to /sys/fs/cgroup/systemd and /var/log/journal func (c *Container) setupSystemd(mounts []spec.Mount, g generate.Generator) error { options := []string{"rw", "rprivate", "noexec", "nosuid", "nodev"} - for _, dest := range []string{"/run"} { + for _, dest := range []string{"/run", "/run/lock"} { if MountExists(mounts, dest) { continue } diff --git a/libpod/image/pull.go b/libpod/image/pull.go index cb7411ce5..644a9ae86 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -149,6 +149,13 @@ func (ir *Runtime) pullGoalFromImageReference(ctx context.Context, srcRef types. // Need to load in all the repo tags from the manifest res := []pullRefPair{} for _, dst := range manifest[0].RepoTags { + //check if image exists and gives a warning of untagging + localImage, err := ir.NewFromLocal(dst) + imageID := strings.TrimSuffix(manifest[0].Config, ".json") + if err == nil && imageID != localImage.ID() { + logrus.Errorf("the image %s already exists, renaming the old one with ID %s to empty string", dst, localImage.ID()) + } + pullInfo, err := ir.getPullRefPair(srcRef, dst) if err != nil { return nil, err @@ -168,7 +175,6 @@ func (ir *Runtime) pullGoalFromImageReference(ctx context.Context, srcRef types. if err != nil { return nil, errors.Wrapf(err, "error loading manifest for %q", srcRef) } - var dest string if manifest.Annotations == nil || manifest.Annotations["org.opencontainers.image.ref.name"] == "" { // If the input image has no image.ref.name, we need to feed it a dest anyways diff --git a/test/system/030-run.bats b/test/system/030-run.bats index a29b1adc3..cefff0e2c 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -9,8 +9,8 @@ true | 0 | false | 1 | sh -c 'exit 32' | 32 | echo $rand | 0 | $rand -/no/such/command | 127 | Error: container create failed:.*exec:.* no such file or dir -/etc | 126 | Error: container create failed:.*exec:.* permission denied +/no/such/command | 127 | Error: .*: starting container process caused .*exec:.*stat /no/such/command: no such file or directory +/etc | 126 | Error: .*: starting container process caused .*exec:.* permission denied " while read cmd expected_rc expected_output; do |