diff options
| -rw-r--r-- | docs/tutorials/podman-for-windows.md | 6 | ||||
| -rw-r--r-- | libpod/events.go | 4 | ||||
| -rw-r--r-- | libpod/events/events.go | 2 | ||||
| -rw-r--r-- | libpod/runtime.go | 2 | ||||
| -rw-r--r-- | libpod/runtime_renumber.go | 2 | ||||
| -rw-r--r-- | pkg/autoupdate/autoupdate.go | 3 | ||||
| -rw-r--r-- | pkg/specgen/generate/kube/kube.go | 16 | ||||
| -rw-r--r-- | pkg/specgen/generate/kube/volume.go | 31 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 147 | ||||
| -rw-r--r-- | test/system/255-auto-update.bats | 12 |
10 files changed, 215 insertions, 10 deletions
diff --git a/docs/tutorials/podman-for-windows.md b/docs/tutorials/podman-for-windows.md index bb9674774..4e929a14a 100644 --- a/docs/tutorials/podman-for-windows.md +++ b/docs/tutorials/podman-for-windows.md @@ -233,15 +233,15 @@ Linux container. This supports several notation schemes, including: Windows Style Paths: -`podman run -it c:\Users\User\myfolder:/myfolder ubi8-micro ls /myfolder` +`podman run --rm -v c:\Users\User\myfolder:/myfolder ubi8-micro ls /myfolder` Unixy Windows Paths: -`podman run -it /c/Users/User/myfolder:/myfolder ubi8-micro ls /myfolder` +`podman run --rm -v /c/Users/User/myfolder:/myfolder ubi8-micro ls /myfolder` Linux paths local to the WSL filesystem: -`podman run -it /var/myfolder:/myfolder ubi-micro ls /myfolder` +`podman run --rm -v /var/myfolder:/myfolder ubi-micro ls /myfolder` All of the above conventions work, whether running on a Windows prompt or the WSL Linux shell. Although when using Windows paths on Linux, appropriately quote diff --git a/libpod/events.go b/libpod/events.go index 39f5786a4..f09d8402a 100644 --- a/libpod/events.go +++ b/libpod/events.go @@ -89,8 +89,8 @@ func (p *Pod) newPodEvent(status events.Status) { } } -// newSystemEvent creates a new event for libpod as a whole. -func (r *Runtime) newSystemEvent(status events.Status) { +// NewSystemEvent creates a new event for libpod as a whole. +func (r *Runtime) NewSystemEvent(status events.Status) { e := events.NewEvent(status) e.Type = events.System diff --git a/libpod/events/events.go b/libpod/events/events.go index 04417fd8d..e83c2efee 100644 --- a/libpod/events/events.go +++ b/libpod/events/events.go @@ -150,6 +150,8 @@ func StringToStatus(name string) (Status, error) { switch name { case Attach.String(): return Attach, nil + case AutoUpdate.String(): + return AutoUpdate, nil case Build.String(): return Build, nil case Checkpoint.String(): diff --git a/libpod/runtime.go b/libpod/runtime.go index 58f20ef5b..4efa7b8e8 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -930,7 +930,7 @@ func (r *Runtime) refresh(alivePath string) error { } defer file.Close() - r.newSystemEvent(events.Refresh) + r.NewSystemEvent(events.Refresh) return nil } diff --git a/libpod/runtime_renumber.go b/libpod/runtime_renumber.go index 17e1d97e5..db055f40b 100644 --- a/libpod/runtime_renumber.go +++ b/libpod/runtime_renumber.go @@ -71,7 +71,7 @@ func (r *Runtime) renumberLocks() error { } } - r.newSystemEvent(events.Renumber) + r.NewSystemEvent(events.Renumber) return nil } diff --git a/pkg/autoupdate/autoupdate.go b/pkg/autoupdate/autoupdate.go index ee530528e..0c795faed 100644 --- a/pkg/autoupdate/autoupdate.go +++ b/pkg/autoupdate/autoupdate.go @@ -12,6 +12,7 @@ import ( "github.com/containers/image/v5/transports/alltransports" "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/systemd" systemdDefine "github.com/containers/podman/v4/pkg/systemd/define" @@ -142,6 +143,8 @@ func AutoUpdate(ctx context.Context, runtime *libpod.Runtime, options entities.A } defer conn.Close() + runtime.NewSystemEvent(events.AutoUpdate) + // Update all images/container according to their auto-update policy. var allReports []*entities.AutoUpdateReport updatedRawImages := make(map[string]bool) diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index e4c149abf..f37d79798 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -381,6 +381,22 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener Options: options, } s.Volumes = append(s.Volumes, &cmVolume) + case KubeVolumeTypeCharDevice: + // We are setting the path as hostPath:mountPath to comply with pkg/specgen/generate.DeviceFromPath. + // The type is here just to improve readability as it is not taken into account when the actual device is created. + device := spec.LinuxDevice{ + Path: fmt.Sprintf("%s:%s", volumeSource.Source, volume.MountPath), + Type: "c", + } + s.Devices = append(s.Devices, device) + case KubeVolumeTypeBlockDevice: + // We are setting the path as hostPath:mountPath to comply with pkg/specgen/generate.DeviceFromPath. + // The type is here just to improve readability as it is not taken into account when the actual device is created. + device := spec.LinuxDevice{ + Path: fmt.Sprintf("%s:%s", volumeSource.Source, volume.MountPath), + Type: "b", + } + s.Devices = append(s.Devices, device) default: return nil, errors.Errorf("Unsupported volume source type") } diff --git a/pkg/specgen/generate/kube/volume.go b/pkg/specgen/generate/kube/volume.go index 27881e77a..1d6d49b9d 100644 --- a/pkg/specgen/generate/kube/volume.go +++ b/pkg/specgen/generate/kube/volume.go @@ -22,8 +22,10 @@ type KubeVolumeType int const ( KubeVolumeTypeBindMount KubeVolumeType = iota - KubeVolumeTypeNamed KubeVolumeType = iota - KubeVolumeTypeConfigMap KubeVolumeType = iota + KubeVolumeTypeNamed + KubeVolumeTypeConfigMap + KubeVolumeTypeBlockDevice + KubeVolumeTypeCharDevice ) //nolint:revive @@ -78,7 +80,30 @@ func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource) (*KubeVolume, error) if st.Mode()&os.ModeSocket != os.ModeSocket { return nil, errors.Errorf("checking HostPathSocket: path %s is not a socket", hostPath.Path) } - + case v1.HostPathBlockDev: + dev, err := os.Stat(hostPath.Path) + if err != nil { + return nil, errors.Wrap(err, "error checking HostPathBlockDevice") + } + if dev.Mode()&os.ModeCharDevice == os.ModeCharDevice { + return nil, errors.Errorf("checking HostPathDevice: path %s is not a block device", hostPath.Path) + } + return &KubeVolume{ + Type: KubeVolumeTypeBlockDevice, + Source: hostPath.Path, + }, nil + case v1.HostPathCharDev: + dev, err := os.Stat(hostPath.Path) + if err != nil { + return nil, errors.Wrap(err, "error checking HostPathCharDevice") + } + if dev.Mode()&os.ModeCharDevice != os.ModeCharDevice { + return nil, errors.Errorf("checking HostPathCharDevice: path %s is not a character device", hostPath.Path) + } + return &KubeVolume{ + Type: KubeVolumeTypeCharDevice, + Source: hostPath.Path, + }, nil case v1.HostPathDirectory: case v1.HostPathFile: case v1.HostPathUnset: diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 216c3357c..31044f68b 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -21,6 +21,7 @@ import ( "github.com/containers/podman/v4/pkg/util" . "github.com/containers/podman/v4/test/utils" "github.com/containers/storage/pkg/stringid" + "github.com/google/uuid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" "github.com/onsi/gomega/format" @@ -3685,4 +3686,150 @@ ENV OPENJ9_JAVA_OPTIONS=%q Expect(usernsInCtr).Should(Exit(0)) Expect(string(usernsInCtr.Out.Contents())).To(Not(Equal(string(initialUsernsConfig)))) }) + + // Check the block devices are exposed inside container + It("ddpodman play kube expose block device inside container", func() { + SkipIfRootless("It needs root access to create devices") + + // randomize the folder name to avoid error when running tests with multiple nodes + uuid, err := uuid.NewUUID() + Expect(err).To(BeNil()) + devFolder := fmt.Sprintf("/dev/foodev%x", uuid[:6]) + Expect(os.MkdirAll(devFolder, os.ModePerm)).To(BeNil()) + defer os.RemoveAll(devFolder) + + devicePath := fmt.Sprintf("%s/blockdevice", devFolder) + mknod := SystemExec("mknod", []string{devicePath, "b", "7", "0"}) + mknod.WaitWithDefaultTimeout() + Expect(mknod).Should(Exit(0)) + + blockVolume := getHostPathVolume("BlockDevice", devicePath) + + pod := getPod(withVolume(blockVolume), withCtr(getCtr(withImage(registry), withCmd(nil), withArg(nil), withVolumeMount(devicePath, false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // Container should be in running state + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{.State.Status}}", "testPod-" + defaultCtrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring("running")) + + // Container should have a block device /dev/loop1 + inspect = podmanTest.Podman([]string{"inspect", "--format", "{{.HostConfig.Devices}}", "testPod-" + defaultCtrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(devicePath)) + }) + + // Check the char devices are exposed inside container + It("ddpodman play kube expose character device inside container", func() { + SkipIfRootless("It needs root access to create devices") + + // randomize the folder name to avoid error when running tests with multiple nodes + uuid, err := uuid.NewUUID() + Expect(err).To(BeNil()) + devFolder := fmt.Sprintf("/dev/foodev%x", uuid[:6]) + Expect(os.MkdirAll(devFolder, os.ModePerm)).To(BeNil()) + defer os.RemoveAll(devFolder) + + devicePath := fmt.Sprintf("%s/chardevice", devFolder) + mknod := SystemExec("mknod", []string{devicePath, "c", "3", "1"}) + mknod.WaitWithDefaultTimeout() + Expect(mknod).Should(Exit(0)) + + charVolume := getHostPathVolume("CharDevice", devicePath) + + pod := getPod(withVolume(charVolume), withCtr(getCtr(withImage(registry), withCmd(nil), withArg(nil), withVolumeMount(devicePath, false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // Container should be in running state + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{.State.Status}}", "testPod-" + defaultCtrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring("running")) + + // Container should have a block device /dev/loop1 + inspect = podmanTest.Podman([]string{"inspect", "--format", "{{.HostConfig.Devices}}", "testPod-" + defaultCtrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring(devicePath)) + }) + + It("podman play kube reports error when the device does not exists", func() { + SkipIfRootless("It needs root access to create devices") + + devicePath := "/dev/foodevdir/baddevice" + + blockVolume := getHostPathVolume("BlockDevice", devicePath) + + pod := getPod(withVolume(blockVolume), withCtr(getCtr(withImage(registry), withCmd(nil), withArg(nil), withVolumeMount(devicePath, false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(125)) + }) + + It("ddpodman play kube reports error when we try to expose char device as block device", func() { + SkipIfRootless("It needs root access to create devices") + + // randomize the folder name to avoid error when running tests with multiple nodes + uuid, err := uuid.NewUUID() + Expect(err).To(BeNil()) + devFolder := fmt.Sprintf("/dev/foodev%x", uuid[:6]) + Expect(os.MkdirAll(devFolder, os.ModePerm)).To(BeNil()) + defer os.RemoveAll(devFolder) + + devicePath := fmt.Sprintf("%s/chardevice", devFolder) + mknod := SystemExec("mknod", []string{devicePath, "c", "3", "1"}) + mknod.WaitWithDefaultTimeout() + Expect(mknod).Should(Exit(0)) + + charVolume := getHostPathVolume("BlockDevice", devicePath) + + pod := getPod(withVolume(charVolume), withCtr(getCtr(withImage(registry), withCmd(nil), withArg(nil), withVolumeMount(devicePath, false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(125)) + }) + + It("ddpodman play kube reports error when we try to expose block device as char device", func() { + SkipIfRootless("It needs root access to create devices") + + // randomize the folder name to avoid error when running tests with multiple nodes + uuid, err := uuid.NewUUID() + Expect(err).To(BeNil()) + devFolder := fmt.Sprintf("/dev/foodev%x", uuid[:6]) + Expect(os.MkdirAll(devFolder, os.ModePerm)).To(BeNil()) + + devicePath := fmt.Sprintf("%s/blockdevice", devFolder) + mknod := SystemExec("mknod", []string{devicePath, "b", "7", "0"}) + mknod.WaitWithDefaultTimeout() + Expect(mknod).Should(Exit(0)) + + charVolume := getHostPathVolume("CharDevice", devicePath) + + pod := getPod(withVolume(charVolume), withCtr(getCtr(withImage(registry), withCmd(nil), withArg(nil), withVolumeMount(devicePath, false)))) + err = generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(125)) + }) + }) diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats index 6cdae2ada..6cee939fb 100644 --- a/test/system/255-auto-update.bats +++ b/test/system/255-auto-update.bats @@ -135,15 +135,27 @@ function _confirm_update() { # This test can fail in dev. environment because of SELinux. # quick fix: chcon -t container_runtime_exec_t ./bin/podman @test "podman auto-update - label io.containers.autoupdate=image" { + since=$(date --iso-8601=seconds) + run_podman auto-update + is "$output" "" + run_podman events --filter type=system --since $since --stream=false + is "$output" "" + generate_service alpine image _wait_service_ready container-$cname.service + since=$(date --iso-8601=seconds) run_podman auto-update --dry-run --format "{{.Unit}},{{.Image}},{{.Updated}},{{.Policy}}" is "$output" ".*container-$cname.service,quay.io/libpod/alpine:latest,pending,registry.*" "Image update is pending." + run_podman events --filter type=system --since $since --stream=false + is "$output" ".* system auto-update" + since=$(date --iso-8601=seconds) run_podman auto-update --format "{{.Unit}},{{.Image}},{{.Updated}},{{.Policy}}" is "$output" "Trying to pull.*" "Image is updated." is "$output" ".*container-$cname.service,quay.io/libpod/alpine:latest,true,registry.*" "Image is updated." + run_podman events --filter type=system --since $since --stream=false + is "$output" ".* system auto-update" _confirm_update $cname $ori_image } |