diff options
-rw-r--r-- | cmd/podman/machine/start.go | 8 | ||||
-rw-r--r-- | docs/source/markdown/podman-info.1.md | 191 | ||||
-rw-r--r-- | libpod/define/info.go | 1 | ||||
-rw-r--r-- | libpod/info.go | 1 | ||||
-rw-r--r-- | pkg/auth/auth.go | 20 | ||||
-rw-r--r-- | pkg/auth/auth_test.go | 66 | ||||
-rw-r--r-- | test/system/005-info.bats | 1 | ||||
-rw-r--r-- | test/upgrade/helpers.bash | 8 | ||||
-rw-r--r-- | test/upgrade/test-upgrade.bats | 62 |
9 files changed, 250 insertions, 108 deletions
diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index a5ba74599..4ae31e6de 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -3,6 +3,8 @@ package machine import ( + "fmt" + "github.com/containers/podman/v3/cmd/podman/registry" "github.com/containers/podman/v3/pkg/machine" "github.com/containers/podman/v3/pkg/machine/qemu" @@ -58,5 +60,9 @@ func start(cmd *cobra.Command, args []string) error { if err != nil { return err } - return vm.Start(vmName, machine.StartOptions{}) + if err := vm.Start(vmName, machine.StartOptions{}); err != nil { + return err + } + fmt.Printf("Machine %q started successfully\n", vmName) + return nil } diff --git a/docs/source/markdown/podman-info.1.md b/docs/source/markdown/podman-info.1.md index 227fbd92d..7127f9026 100644 --- a/docs/source/markdown/podman-info.1.md +++ b/docs/source/markdown/podman-info.1.md @@ -31,23 +31,18 @@ Run podman info with plain text response: $ podman info host: arch: amd64 - buildahVersion: 1.19.0-dev - cgroupControllers: - - cpuset - - cpu - - io - - memory - - pids + buildahVersion: 1.22.3 + cgroupControllers: [] cgroupManager: systemd cgroupVersion: v2 conmon: - package: conmon-2.0.22-2.fc33.x86_64 + package: conmon-2.0.29-2.fc34.x86_64 path: /usr/bin/conmon - version: 'conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01' + version: 'conmon version 2.0.29, commit: ' cpus: 8 distribution: distribution: fedora - version: "33" + version: "34" eventLogger: journald hostname: localhost.localdomain idMappings: @@ -65,108 +60,112 @@ host: - container_id: 1 host_id: 100000 size: 65536 - kernel: 5.9.11-200.fc33.x86_64 + kernel: 5.13.13-200.fc34.x86_64 linkmode: dynamic - memFree: 837505024 - memTotal: 16416481280 + logDriver: journald + memFree: 1351262208 + memTotal: 16401895424 ociRuntime: name: crun - package: crun-0.16-1.fc33.x86_64 + package: crun-1.0-1.fc34.x86_64 path: /usr/bin/crun version: |- - crun version 0.16 - commit: eb0145e5ad4d8207e84a327248af76663d4e50dd + crun version 1.0 + commit: 139dc6971e2f1d931af520188763e984d6cdfbf8 spec: 1.0.0 - +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL + +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL os: linux remoteSocket: - exists: true path: /run/user/3267/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true + seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true + serviceIsRemote: false slirp4netns: executable: /bin/slirp4netns - package: slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64 + package: slirp4netns-1.1.12-2.fc34.x86_64 version: |- - slirp4netns version 1.1.4+dev - commit: eecccdb96f587b11d7764556ffacfeaffe4b6e11 - libslirp: 4.3.1 + slirp4netns version 1.1.12 + commit: 7a104a101aa3278a2152351a082a6df71f57c9a3 + libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.0 - swapFree: 6509203456 - swapTotal: 12591292416 - uptime: 264h 14m 32.73s (Approximately 11.00 days) + swapFree: 16818888704 + swapTotal: 16886259712 + uptime: 33h 57m 32.85s (Approximately 1.38 days) +plugins: + log: + - k8s-file + - none + - journald + network: + - bridge + - macvlan + volume: + - local registries: + localhost:5000: + Blocked: false + Insecure: true + Location: localhost:5000 + MirrorByDigestOnly: false + Mirrors: null + Prefix: localhost:5000 search: - registry.fedoraproject.org - registry.access.redhat.com - - registry.centos.org - docker.io store: configFile: /home/dwalsh/.config/containers/storage.conf containerStore: - number: 3 + number: 2 paused: 0 - running: 0 - stopped: 3 + running: 1 + stopped: 1 graphDriverName: overlay - graphOptions: - overlay.mount_program: - Executable: /home/dwalsh/bin/fuse-overlayfs - Package: Unknown - Version: |- - fusermount3 version: 3.9.3 - fuse-overlayfs: version 0.7.2 - FUSE library version 3.9.3 - using FUSE kernel interface version 7.31 + graphOptions: {} graphRoot: /home/dwalsh/.local/share/containers/storage graphStatus: Backing Filesystem: extfs - Native Overlay Diff: "false" + Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" imageStore: - number: 77 + number: 37 runRoot: /run/user/3267/containers volumePath: /home/dwalsh/.local/share/containers/storage/volumes version: - APIVersion: 3.0.0 - Built: 1608562922 - BuiltTime: Mon Dec 21 10:02:02 2020 - GitCommit: d6925182cdaf94225908a386d02eae8fd3e01123-dirty - GoVersion: go1.15.5 + APIVersion: 3.3.1 + Built: 1631137208 + BuiltTime: Wed Sep 8 17:40:08 2021 + GitCommit: ab272d1e9bf4daac224fb230e0c9b5c56c4cab4d-dirty + GoVersion: go1.16.6 OsArch: linux/amd64 - Version: 3.0.0-dev - + Version: 3.3.1 ``` Run podman info with JSON formatted response: ``` +$ ./bin/podman info --format json { "host": { "arch": "amd64", - "buildahVersion": "1.19.0-dev", + "buildahVersion": "1.22.3", "cgroupManager": "systemd", "cgroupVersion": "v2", - "cgroupControllers": [ - "cpuset", - "cpu", - "io", - "memory", - "pids" - ], + "cgroupControllers": [], "conmon": { - "package": "conmon-2.0.22-2.fc33.x86_64", + "package": "conmon-2.0.29-2.fc34.x86_64", "path": "/usr/bin/conmon", - "version": "conmon version 2.0.22, commit: 1be6c73605006a85f7ed60b7f76a51e28eb67e01" + "version": "conmon version 2.0.29, commit: " }, "cpus": 8, "distribution": { "distribution": "fedora", - "version": "33" + "version": "34" }, "eventLogger": "journald", "hostname": "localhost.localdomain", @@ -196,81 +195,99 @@ Run podman info with JSON formatted response: } ] }, - "kernel": "5.9.11-200.fc33.x86_64", - "memFree": 894574592, - "memTotal": 16416481280, + "kernel": "5.13.13-200.fc34.x86_64", + "logDriver": "journald", + "memFree": 1274040320, + "memTotal": 16401895424, "ociRuntime": { "name": "crun", - "package": "crun-0.16-1.fc33.x86_64", + "package": "crun-1.0-1.fc34.x86_64", "path": "/usr/bin/crun", - "version": "crun version 0.16\ncommit: eb0145e5ad4d8207e84a327248af76663d4e50dd\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL" + "version": "crun version 1.0\ncommit: 139dc6971e2f1d931af520188763e984d6cdfbf8\nspec: 1.0.0\n+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL" }, "os": "linux", "remoteSocket": { - "path": "/run/user/3267/podman/podman.sock", - "exists": true + "path": "/run/user/3267/podman/podman.sock" }, + "serviceIsRemote": false, "security": { "apparmorEnabled": false, "capabilities": "CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT", "rootless": true, "seccompEnabled": true, + "seccompProfilePath": "/usr/share/containers/seccomp.json", "selinuxEnabled": true }, "slirp4netns": { "executable": "/bin/slirp4netns", - "package": "slirp4netns-1.1.4-4.dev.giteecccdb.fc33.x86_64", - "version": "slirp4netns version 1.1.4+dev\ncommit: eecccdb96f587b11d7764556ffacfeaffe4b6e11\nlibslirp: 4.3.1\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" + "package": "slirp4netns-1.1.12-2.fc34.x86_64", + "version": "slirp4netns version 1.1.12\ncommit: 7a104a101aa3278a2152351a082a6df71f57c9a3\nlibslirp: 4.4.0\nSLIRP_CONFIG_VERSION_MAX: 3\nlibseccomp: 2.5.0" }, - "swapFree": 6509203456, - "swapTotal": 12591292416, - "uptime": "264h 13m 12.39s (Approximately 11.00 days)", + "swapFree": 16818888704, + "swapTotal": 16886259712, + "uptime": "33h 59m 25.69s (Approximately 1.38 days)", "linkmode": "dynamic" }, "store": { "configFile": "/home/dwalsh/.config/containers/storage.conf", "containerStore": { - "number": 3, + "number": 2, "paused": 0, - "running": 0, - "stopped": 3 + "running": 1, + "stopped": 1 }, "graphDriverName": "overlay", "graphOptions": { - "overlay.mount_program": { - "Executable": "/home/dwalsh/bin/fuse-overlayfs", - "Package": "Unknown", - "Version": "fusermount3 version: 3.9.3\nfuse-overlayfs: version 0.7.2\nFUSE library version 3.9.3\nusing FUSE kernel interface version 7.31" -} }, "graphRoot": "/home/dwalsh/.local/share/containers/storage", "graphStatus": { "Backing Filesystem": "extfs", - "Native Overlay Diff": "false", + "Native Overlay Diff": "true", "Supports d_type": "true", "Using metacopy": "false" }, "imageStore": { - "number": 77 + "number": 37 }, "runRoot": "/run/user/3267/containers", "volumePath": "/home/dwalsh/.local/share/containers/storage/volumes" }, "registries": { + "localhost:5000": { + "Prefix": "localhost:5000", + "Location": "localhost:5000", + "Insecure": true, + "Mirrors": null, + "Blocked": false, + "MirrorByDigestOnly": false +}, "search": [ "registry.fedoraproject.org", "registry.access.redhat.com", - "registry.centos.org", "docker.io" ] }, + "plugins": { + "volume": [ + "local" + ], + "network": [ + "bridge", + "macvlan" + ], + "log": [ + "k8s-file", + "none", + "journald" + ] + }, "version": { - "APIVersion": "3.0.0", - "Version": "3.0.0-dev", - "GoVersion": "go1.15.5", - "GitCommit": "d6925182cdaf94225908a386d02eae8fd3e01123-dirty", - "BuiltTime": "Mon Dec 21 10:02:02 2020", - "Built": 1608562922, + "APIVersion": "3.3.1", + "Version": "3.3.1", + "GoVersion": "go1.16.6", + "GitCommit": "", + "BuiltTime": "Mon Aug 30 16:46:36 2021", + "Built": 1630356396, "OsArch": "linux/amd64" } } diff --git a/libpod/define/info.go b/libpod/define/info.go index 95c1196dd..73df80087 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -36,6 +36,7 @@ type HostInfo struct { Hostname string `json:"hostname"` IDMappings IDMappings `json:"idMappings,omitempty"` Kernel string `json:"kernel"` + LogDriver string `json:"logDriver"` MemFree int64 `json:"memFree"` MemTotal int64 `json:"memTotal"` OCIRuntime *OCIRuntimeInfo `json:"ociRuntime"` diff --git a/libpod/info.go b/libpod/info.go index 8f4c7f015..31ec9cdc1 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -126,6 +126,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { Linkmode: linkmode.Linkmode(), CPUs: runtime.NumCPU(), Distribution: hostDistributionInfo, + LogDriver: r.config.Containers.LogDriver, EventLogger: r.eventer.String(), Hostname: host, IDMappings: define.IDMappings{}, diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index ecfa6651c..6aff880f4 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -259,7 +259,9 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin // tested, and we make sure to use the same code as the image backend. sys := types.SystemContext{AuthFilePath: authFilePath} for server, config := range authConfigs { - // Note that we do not validate the credentials here. Wassume + server = normalize(server) + + // Note that we do not validate the credentials here. We assume // that all credentials are valid. They'll be used on demand // later. if err := imageAuth.SetAuthentication(&sys, server, config.Username, config.Password); err != nil { @@ -270,6 +272,22 @@ func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (strin return authFilePath, nil } +// normalize takes a server and removes the leading "http[s]://" prefix as well +// as removes path suffixes from docker registries. +func normalize(server string) string { + stripped := strings.TrimPrefix(server, "http://") + stripped = strings.TrimPrefix(stripped, "https://") + + /// Normalize docker registries + if strings.HasPrefix(stripped, "index.docker.io/") || + strings.HasPrefix(stripped, "registry-1.docker.io/") || + strings.HasPrefix(stripped, "docker.io/") { + stripped = strings.SplitN(stripped, "/", 2)[0] + } + + return stripped +} + // dockerAuthToImageAuth converts a docker auth config to one we're using // internally from c/image. Note that the Docker types look slightly // different, so we need to convert to be extra sure we're not running into diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go new file mode 100644 index 000000000..da2d9a5c5 --- /dev/null +++ b/pkg/auth/auth_test.go @@ -0,0 +1,66 @@ +package auth + +import ( + "io/ioutil" + "testing" + + "github.com/containers/image/v5/types" + "github.com/stretchr/testify/assert" +) + +func TestAuthConfigsToAuthFile(t *testing.T) { + for _, tc := range []struct { + name string + server string + shouldErr bool + expectedContains string + }{ + { + name: "empty auth configs", + server: "", + shouldErr: false, + expectedContains: "{}", + }, + { + name: "registry with prefix", + server: "my-registry.local/username", + shouldErr: false, + expectedContains: `"my-registry.local/username":`, + }, + { + name: "normalize https:// prefix", + server: "http://my-registry.local/username", + shouldErr: false, + expectedContains: `"my-registry.local/username":`, + }, + { + name: "normalize docker registry with https prefix", + server: "http://index.docker.io/v1/", + shouldErr: false, + expectedContains: `"index.docker.io":`, + }, + { + name: "normalize docker registry without https prefix", + server: "docker.io/v2/", + shouldErr: false, + expectedContains: `"docker.io":`, + }, + } { + configs := map[string]types.DockerAuthConfig{} + if tc.server != "" { + configs[tc.server] = types.DockerAuthConfig{} + } + + filePath, err := authConfigsToAuthFile(configs) + + if tc.shouldErr { + assert.NotNil(t, err) + assert.Empty(t, filePath) + } else { + assert.Nil(t, err) + content, err := ioutil.ReadFile(filePath) + assert.Nil(t, err) + assert.Contains(t, string(content), tc.expectedContains) + } + } +} diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 96ca2c1bd..0ea0f8356 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -9,6 +9,7 @@ load helpers buildahVersion: *[0-9.]\\\+ conmon:\\\s\\\+package: distribution: +logDriver: ociRuntime:\\\s\\\+name: os: rootless: diff --git a/test/upgrade/helpers.bash b/test/upgrade/helpers.bash index 41d9279e6..16fedb053 100644 --- a/test/upgrade/helpers.bash +++ b/test/upgrade/helpers.bash @@ -9,3 +9,11 @@ setup() { teardown() { : } + +# skip a test when the given version is older than the currently tested one +skip_if_version_older() { + # use ${PODMAN_UPGRADE_FROM##v} to trim the leading "v" + if printf '%s\n%s\n' "${PODMAN_UPGRADE_FROM##v}" "$1" | sort --check=quiet --version-sort; then + skip "${2-test is only meaningful when upgrading from $1 or later}" + fi +} diff --git a/test/upgrade/test-upgrade.bats b/test/upgrade/test-upgrade.bats index ca478e263..5cb302a85 100644 --- a/test/upgrade/test-upgrade.bats +++ b/test/upgrade/test-upgrade.bats @@ -21,9 +21,7 @@ if [ -z "${RANDOM_STRING_1}" ]; then export LABEL_CREATED=$(random_string 16) export LABEL_FAILED=$(random_string 17) export LABEL_RUNNING=$(random_string 18) - - # FIXME: randomize this - HOST_PORT=34567 + export HOST_PORT=$(random_free_port) fi # Version string of the podman we're actually testing, e.g. '3.0.0-dev-d1a26013' @@ -44,7 +42,8 @@ setup() { false fi - export _PODMAN_TEST_OPTS="--root=$PODMAN_UPGRADE_WORKDIR/root --runroot=$PODMAN_UPGRADE_WORKDIR/runroot --tmpdir=$PODMAN_UPGRADE_WORKDIR/tmp" + # cgroup-manager=systemd does not work inside a container + export _PODMAN_TEST_OPTS="--cgroup-manager=cgroupfs --root=$PODMAN_UPGRADE_WORKDIR/root --runroot=$PODMAN_UPGRADE_WORKDIR/runroot --tmpdir=$PODMAN_UPGRADE_WORKDIR/tmp" } ############################################################################### @@ -76,8 +75,8 @@ setup() { cat >| $pmscript <<EOF #!/bin/bash -# cgroup-manager=systemd does not work inside a container -opts="--cgroup-manager=cgroupfs --events-backend=file $_PODMAN_TEST_OPTS" +# events-backend=journald does not work inside a container +opts="--events-backend=file $_PODMAN_TEST_OPTS" set -ex @@ -95,22 +94,17 @@ podman \$opts run --name mydonecontainer $IMAGE echo ++$RANDOM_STRING_1++ podman \$opts run --name myfailedcontainer --label mylabel=$LABEL_FAILED \ $IMAGE sh -c 'exit 17' || true -# FIXME: add "-p $HOST_PORT:80" -# ...I tried and tried, and could not get this to work. I could never -# connect to the port from the host, nor even from the podman_parent -# container; I could never see the port listed in 'ps' nor 'inspect'. -# And, finally, I ended up in a state where the container wouldn't -# even start, and via complicated 'podman logs' found out: -# httpd: bind: Address in use -# So I just give up for now. -# podman \$opts run -d --name myrunningcontainer --label mylabel=$LABEL_RUNNING \ + --network bridge \ + -p $HOST_PORT:80 \ -v $pmroot/var/www:/var/www \ -w /var/www \ $IMAGE /bin/busybox-extras httpd -f -p 80 podman \$opts pod create --name mypod +podman \$opts network create mynetwork + echo READY while :;do if [ -e /stop ]; then @@ -140,6 +134,7 @@ EOF # # mount /etc/containers/storage.conf to use the same storage settings as on the host # mount /dev/shm because the container locks are stored there + # mount /var/lib/cni and /etc/cni/net.d for cni networking # $PODMAN run -d --name podman_parent --pid=host \ --privileged \ @@ -149,6 +144,9 @@ EOF -v /etc/containers/storage.conf:/etc/containers/storage.conf \ -v /dev/fuse:/dev/fuse \ -v /run/crun:/run/crun \ + -v /run/netns:/run/netns:rshared \ + -v /var/lib/cni:/var/lib/cni \ + -v /etc/cni/net.d:/etc/cni/net.d \ -v /dev/shm:/dev/shm \ -v $pmroot:$pmroot \ $OLD_PODMAN $pmroot/setup @@ -187,7 +185,7 @@ EOF is "${lines[1]}" "mycreatedcontainer--Created----$LABEL_CREATED" "created" is "${lines[2]}" "mydonecontainer--Exited (0).*----<no value>" "done" is "${lines[3]}" "myfailedcontainer--Exited (17) .*----$LABEL_FAILED" "fail" - is "${lines[4]}" "myrunningcontainer--Up .*----$LABEL_RUNNING" "running" + is "${lines[4]}" "myrunningcontainer--Up .*--0.0.0.0:$HOST_PORT->80/tcp--$LABEL_RUNNING" "running" # For debugging: dump containers and IDs if [[ -n "$PODMAN_UPGRADE_TEST_DEBUG" ]]; then @@ -212,6 +210,30 @@ failed | exited | 17 done < <(parse_table "$tests") } +@test "network - curl" { + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on running container" +} + +# IMPORTANT: connect should happen before restart, we want to check +# if we can connect on an existing running container +@test "network - connect" { + skip_if_version_older 2.2.0 + run_podman network connect mynetwork myrunningcontainer + run_podman network disconnect podman myrunningcontainer + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on container with second network connected" +} + +@test "network - restart" { + # restart the container and check if we can still use the port + run_podman stop -t0 myrunningcontainer + run_podman start myrunningcontainer + run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt + is "$output" "$RANDOM_STRING_1" "curl on restarted container" +} + + @test "logs" { run_podman logs mydonecontainer is "$output" "++$RANDOM_STRING_1++" "podman logs on stopped container" @@ -235,7 +257,7 @@ failed | exited | 17 run_podman pod inspect mypod is "$output" ".*mypod.*" - run_podman --cgroup-manager=cgroupfs pod start mypod + run_podman pod start mypod is "$output" "[0-9a-f]\\{64\\}" "podman pod start" run_podman pod ps @@ -245,7 +267,7 @@ failed | exited | 17 run_podman pod stop mypod is "$output" "[0-9a-f]\\{64\\}" "podman pod stop" - run_podman --cgroup-manager=cgroupfs pod rm mypod + run_podman pod rm mypod # FIXME: CI runs show this (non fatal) error: # Error updating pod <ID> conmon cgroup PID limit: open /sys/fs/cgroup/libpod_parent/<ID>/conmon/pids.max: no such file or directory # Investigate how to fix this (likely a race condition) @@ -257,7 +279,7 @@ failed | exited | 17 @test "start" { - run_podman --cgroup-manager=cgroupfs start -a mydonecontainer + run_podman start -a mydonecontainer is "$output" "++$RANDOM_STRING_1++" "start on already-run container" } @@ -295,6 +317,8 @@ failed | exited | 17 run_podman logs podman_parent run_podman rm -f podman_parent + run_podman network rm -f mynetwork + umount $PODMAN_UPGRADE_WORKDIR/root/overlay || true rm -rf $PODMAN_UPGRADE_WORKDIR |