diff options
Diffstat (limited to 'test/system')
| -rw-r--r-- | test/system/005-info.bats | 4 | ||||
| -rw-r--r-- | test/system/010-images.bats | 47 | ||||
| -rw-r--r-- | test/system/030-run.bats | 78 | ||||
| -rw-r--r-- | test/system/060-mount.bats | 30 | ||||
| -rw-r--r-- | test/system/070-build.bats | 8 | ||||
| -rw-r--r-- | test/system/080-pause.bats | 4 | ||||
| -rw-r--r-- | test/system/120-load.bats | 41 | ||||
| -rw-r--r-- | test/system/160-volumes.bats | 1 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 31 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 29 | ||||
| -rwxr-xr-x | test/system/build-testimage | 44 | ||||
| -rw-r--r-- | test/system/helpers.bash | 48 | ||||
| -rwxr-xr-x | test/system/helpers.t | 9 |
13 files changed, 349 insertions, 25 deletions
diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 3f1efd364..7452c1901 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -19,6 +19,8 @@ graphRoot: graphStatus: imageStore:\\\s\\\+number: 1 runRoot: +cgroupManager: \\\(systemd\\\|cgroupfs\\\) +cgroupVersion: v[12] " while read expect; do is "$output" ".*$expect" "output includes '$expect'" @@ -34,6 +36,8 @@ runRoot: tests=" host.buildahVersion | [0-9.] host.conmon.path | $expr_path +host.cgroupManager | \\\(systemd\\\|cgroupfs\\\) +host.cgroupVersion | v[12] host.ociRuntime.path | $expr_path store.configFile | $expr_path store.graphDriverName | [a-z0-9]\\\+\\\$ diff --git a/test/system/010-images.bats b/test/system/010-images.bats index c0a8936e3..ac65e54d9 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -112,4 +112,51 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rm mytinycontainer } +# Regression test for https://github.com/containers/podman/issues/7651 +# in which "podman pull image-with-sha" causes "images -a" to crash +@test "podman images -a, after pulling by sha " { + # Get a baseline for 'images -a' + run_podman images -a + local images_baseline="$output" + + # Get the digest of our local test image. We need to do this in two steps + # because 'podman inspect' only works reliably on *IMAGE ID*, not name. + # See https://github.com/containers/podman/issues/3761 + run_podman inspect --format '{{.Id}}' $IMAGE + local iid="$output" + run_podman inspect --format '{{.Digest}}' $iid + local sha="$output" + + local imgbase="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/${PODMAN_TEST_IMAGE_NAME}" + local fqin="${imgbase}@$sha" + + # This will always pull, because even though it's the same image we + # already have, podman doesn't actually know that. + run_podman pull $fqin + is "$output" "Trying to pull ${fqin}\.\.\..*" "output of podman pull" + + # Prior to #7654, this would crash and burn. Now podman recognizes it + # as the same image and, even though it internally tags it with the + # sha, still only shows us one image (which should be our baseline) + # + # WARNING! If this test fails, we're going to see a lot of failures + # in subsequent tests due to 'podman ps' showing the '@sha' tag! + # I choose not to add a complicated teardown() (with 'rmi @sha') + # because the failure window here is small, and if it fails it + # needs attention anyway. So if you see lots of failures, but + # start here because this is the first one, fix this problem. + # You can (probably) ignore any subsequent failures showing '@sha' + # in the error output. + run_podman images -a + is "$output" "$images_baseline" "images -a, after pull: same as before" + + # Clean up: this should simply untag, not remove + run_podman rmi $fqin + is "$output" "Untagged: $fqin" "podman rmi untags, does not remove" + + # ...and now we should still have our same image. + run_podman images -a + is "$output" "$images_baseline" "after podman rmi @sha, still the same" +} + # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 518d902a7..b3599cc17 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -14,7 +14,7 @@ load helpers # ...but check the configured runtime engine, and switch to crun as needed run_podman info --format '{{ .Host.OCIRuntime.Path }}' if expr "$output" : ".*/crun"; then - err_no_such_cmd="Error: executable file not found in \$PATH: No such file or directory: OCI runtime command not found error" + err_no_such_cmd="Error: executable file.* not found in \$PATH: No such file or directory: OCI runtime command not found error" err_no_exec_dir="Error: open executable: Operation not permitted: OCI runtime permission denied error" fi @@ -61,8 +61,8 @@ echo $rand | 0 | $rand is "$tests_run" "$(grep . <<<$tests | wc -l)" "Ran the full set of tests" } -@test "podman run - globle runtime option" { - skip_if_remote "runtime flag is not passing over remote" +@test "podman run - global runtime option" { + skip_if_remote "runtime flag is not passed over remote" run_podman 126 --runtime-flag invalidflag run --rm $IMAGE is "$output" ".*invalidflag" "failed when passing undefined flags to the runtime" } @@ -132,8 +132,6 @@ echo $rand | 0 | $rand } @test "podman run --pull" { - skip_if_remote "podman-remote does not emit 'Trying to pull' msgs" - run_podman run --pull=missing $IMAGE true is "$output" "" "--pull=missing [present]: no output" @@ -267,8 +265,6 @@ echo $rand | 0 | $rand # symptom only manifests on a fedora container image -- we have no # reproducer on alpine. Checking directory ownership is good enough. @test "podman run : user namespace preserved root ownership" { - skip_if_remote "FIXME: pending #7195" - for priv in "" "--privileged"; do for user in "--user=0" "--user=100"; do for keepid in "" "--userns=keep-id"; do @@ -286,8 +282,6 @@ echo $rand | 0 | $rand # #6829 : add username to /etc/passwd inside container if --userns=keep-id @test "podman run : add username to /etc/passwd if --userns=keep-id" { - skip_if_remote "FIXME: pending #7195" - # Default: always run as root run_podman run --rm $IMAGE id -un is "$output" "root" "id -un on regular container" @@ -310,8 +304,6 @@ echo $rand | 0 | $rand # #6991 : /etc/passwd is modifiable @test "podman run : --userns=keep-id: passwd file is modifiable" { - skip_if_remote "FIXME: pending #7195" - run_podman run -d --userns=keep-id $IMAGE sh -c 'while ! test -e /stop; do sleep 0.1; done' cid="$output" @@ -337,4 +329,68 @@ echo $rand | 0 | $rand run_podman wait $cid } +# For #7754: json-file was equating to 'none' +@test "podman run --log-driver" { + # '-' means that LogPath will be blank and there's no easy way to test + tests=" +none | - +journald | - +k8s-file | y +json-file | f +" + while read driver do_check; do + msg=$(random_string 15) + run_podman run --name myctr --log-driver $driver $IMAGE echo $msg + + # Simple output check + # Special case: 'json-file' emits a warning, the rest do not + # ...but with podman-remote the warning is on the server only + if [[ $do_check == 'f' ]] && ! is_remote; then # 'f' for 'fallback' + is "${lines[0]}" ".* level=error msg=\"json-file logging specified but not supported. Choosing k8s-file logging instead\"" \ + "Fallback warning emitted" + is "${lines[1]}" "$msg" "basic output sanity check (driver=$driver)" + else + is "$output" "$msg" "basic output sanity check (driver=$driver)" + fi + + # Simply confirm that podman preserved our argument as-is + run_podman inspect --format '{{.HostConfig.LogConfig.Type}}' myctr + is "$output" "$driver" "podman inspect: driver" + + # If LogPath is non-null, check that it exists and has a valid log + run_podman inspect --format '{{.LogPath}}' myctr + if [[ $do_check != '-' ]]; then + is "$output" "/.*" "LogPath (driver=$driver)" + if ! test -e "$output"; then + die "LogPath (driver=$driver) does not exist: $output" + fi + # eg 2020-09-23T13:34:58.644824420-06:00 stdout F 7aiYtvrqFGJWpak + is "$(< $output)" "[0-9T:.+-]\+ stdout F $msg" \ + "LogPath contents (driver=$driver)" + else + is "$output" "" "LogPath (driver=$driver)" + fi + run_podman rm myctr + done < <(parse_table "$tests") + + # Invalid log-driver argument + run_podman 125 run --log-driver=InvalidDriver $IMAGE true + is "$output" "Error: error running container create option: invalid log driver: invalid argument" \ + "--log-driver InvalidDriver" +} + +@test "podman run --log-driver journald" { + skip_if_remote "We cannot read journalctl over remote." + + msg=$(random_string 20) + pidfile="${PODMAN_TMPDIR}/$(random_string 20)" + + run_podman run --name myctr --log-driver journald --conmon-pidfile $pidfile $IMAGE echo $msg + + journalctl --output cat _PID=$(cat $pidfile) + is "$output" "$msg" "check that journalctl output equals the container output" + + run_podman rm myctr +} + # vim: filetype=sh diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index d98a3eeb1..75c88e4ad 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -35,4 +35,34 @@ load helpers fi } + +@test "podman image mount" { + skip_if_remote "mounting remote is meaningless" + skip_if_rootless "too hard to test rootless" + + # Start with clean slate + run_podman image umount -a + + run_podman image mount $IMAGE + mount_path="$output" + + test -d $mount_path + + # Image is custom-built and has a file containing the YMD tag. Check it. + testimage_file="/home/podman/testimage-id" + test -e "$mount_path$testimage_file" + is $(< "$mount_path$testimage_file") "$PODMAN_TEST_IMAGE_TAG" \ + "Contents of $testimage_file in image" + + # 'image mount', no args, tells us what's mounted + run_podman image mount + is "$output" "$IMAGE $mount_path" "podman image mount with no args" + + # Clean up + run_podman image umount $IMAGE + + run_podman image mount + is "$output" "" "podman image mount, no args, after umount" +} + # vim: filetype=sh diff --git a/test/system/070-build.bats b/test/system/070-build.bats index e3a139b4f..1329c6168 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -268,6 +268,14 @@ Labels.$label_name | $label_value is "${lines[-1]}" "... ID: [0-9a-f]\{12\} Size: .* Top Layer of: \[localhost/build_test:latest]" \ "image tree: last layer line" + # FIXME: 'image tree --whatrequires' does not work via remote + if ! is_remote; then + run_podman image tree --whatrequires $IMAGE + is "${lines[-1]}" \ + ".*ID: .* Top Layer of: \\[localhost/build_test:latest\\]" \ + "'image tree --whatrequires' shows our built image" + fi + # Clean up run_podman rmi -f build_test } diff --git a/test/system/080-pause.bats b/test/system/080-pause.bats index 4ec0906f4..ea4c85f8f 100644 --- a/test/system/080-pause.bats +++ b/test/system/080-pause.bats @@ -6,7 +6,9 @@ load helpers @test "podman pause/unpause" { - skip_if_rootless "pause does not work rootless" + if is_rootless && ! is_cgroupsv2; then + skip "'podman pause' (rootless) only works with cgroups v2" + fi cname=$(random_string 10) run_podman run -d --name $cname $IMAGE \ diff --git a/test/system/120-load.bats b/test/system/120-load.bats index d7aa16d95..8ea9b1c69 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -147,4 +147,45 @@ verify_iid_and_name() { "Diagnostic from 'podman load' without redirection or -i" } +@test "podman load - multi-image archive" { + img1="quay.io/libpod/testimage:00000000" + img2="quay.io/libpod/testimage:20200902" + archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar + + run_podman pull $img1 + run_podman pull $img2 + + run_podman save -m -o $archive $img1 $img2 + run_podman rmi -f $img1 $img2 + run_podman load -i $archive + + run_podman image exists $img1 + run_podman image exists $img2 + run_podman rmi -f $img1 $img2 +} + +@test "podman load - multi-image archive with redirect" { + img1="quay.io/libpod/testimage:00000000" + img2="quay.io/libpod/testimage:20200902" + archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar + + run_podman pull $img1 + run_podman pull $img2 + + # We can't use run_podman because that uses the BATS 'run' function + # which redirects stdout and stderr. Here we need to guarantee + # that podman's stdout is a pipe, not any other form of redirection + $PODMAN save -m $img1 $img2 | cat >$archive + if [ "$status" -ne 0 ]; then + die "Command failed: podman save ... | cat" + fi + + run_podman rmi -f $img1 $img2 + run_podman load -i $archive + + run_podman image exists $img1 + run_podman image exists $img2 + run_podman rmi -f $img1 $img2 +} + # vim: filetype=sh diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 3f50bd3c4..1c1e0f4ae 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -186,7 +186,6 @@ EOF # Confirm that container sees the correct id @test "podman volume with --userns=keep-id" { is_rootless || skip "only meaningful when run rootless" - skip_if_remote "FIXME: pending #7195" myvoldir=${PODMAN_TMPDIR}/volume_$(random_string) mkdir $myvoldir diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 7189d7e4b..2ae038dfe 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -173,6 +173,19 @@ function random_ip() { # FIXME: --ip=$ip fails: # Error adding network: failed to allocate all requested IPs local mac_option="--mac-address=$mac" + + # Create a custom image so we can test --infra-image and -command. + # It will have a randomly generated infra command, using the + # existing 'pause' script in our testimage. We assign a bogus + # entrypoint to confirm that --infra-command will override. + local infra_image="infra_$(random_string 10 | tr A-Z a-z)" + local infra_command="/pause_$(random_string 10)" + run_podman build -t $infra_image - << EOF +FROM $IMAGE +RUN ln /home/podman/pause $infra_command +ENTRYPOINT ["/original-entrypoint-should-be-overridden"] +EOF + if is_rootless; then mac_option= fi @@ -185,12 +198,21 @@ function random_ip() { --dns-search "$dns_search" \ --dns-opt "$dns_opt" \ --publish "$port_out:$port_in" \ - --label "${labelname}=${labelvalue}" + --label "${labelname}=${labelvalue}" \ + --infra-image "$infra_image" \ + --infra-command "$infra_command" pod_id="$output" # Check --pod-id-file is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file" + # Get ID of infra container + run_podman pod inspect --format '{{(index .Containers 0).ID}}' mypod + local infra_cid="$output" + # confirm that entrypoint is what we set + run_podman container inspect --format '{{.Config.Entrypoint}}' $infra_cid + is "$output" "$infra_command" "infra-command took effect" + # Check each of the options if [ -n "$mac_option" ]; then run_podman run --rm --pod mypod $IMAGE ip link show @@ -249,9 +271,16 @@ function random_ip() { run_podman logs $cid is "$output" "$teststring" "test string received on container" + # Finally, confirm the infra-container and -command. We run this late, + # not at pod creation, to give the infra container time to start & log. + run_podman logs $infra_cid + is "$output" "Confirmed: testimage pause invoked as $infra_command" \ + "pod ran with our desired infra container + command" + # Clean up run_podman rm $cid run_podman pod rm -f mypod + run_podman rmi $infra_image } # vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 39de8ad54..d2454fbf4 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -80,4 +80,33 @@ load helpers run_podman rm $cid } +# "network create" now works rootless, with the help of a special container +@test "podman network create" { + local mynetname=testnet-$(random_string 10) + local mysubnet=$(random_rfc1918_subnet) + + run_podman network create --subnet "${mysubnet}.0/24" $mynetname + is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'" + + # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky + run_podman run --rm --network $mynetname $IMAGE ip a + is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ + "sdfsdf" + + # Cannot create network with the same name + run_podman 125 network create $mynetname + is "$output" "Error: the network name $mynetname is already used" \ + "Trying to create an already-existing network" + + run_podman network rm $mynetname + run_podman 125 network rm $mynetname + + # rootless CNI leaves behind an image pulled by SHA, hence with no tag. + # Remove it if present; we can only remove it by ID. + run_podman images --format '{{.Id}}' rootless-cni-infra + if [ -n "$output" ]; then + run_podman rmi $output + fi +} + # vim: filetype=sh diff --git a/test/system/build-testimage b/test/system/build-testimage index 64aa46337..ef14d3afd 100755 --- a/test/system/build-testimage +++ b/test/system/build-testimage @@ -26,23 +26,51 @@ create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ') set -ex +# We'll need to create a Containerfile plus various other files to add in +# # Please document the reason for all flags, apk's, and anything non-obvious +tmpdir=$(mktemp -t -d $(basename $0).tmp.XXXXXXX) +cd $tmpdir + +# 'image mount' test will confirm that this file exists and has our YMD tag +echo $YMD >testimage-id + +# 'pod' test will use this for --infra-command +cat >pause <<EOF +#!/bin/sh # -# --squash-all : needed by 'tree' test in 070-build.bats -# busybox-extras : provides httpd needed in 500-networking.bats +# Trivial little pause script, used in one of the pod tests # -podman rmi -f testimage &> /dev/null || true -podman build --squash-all -t testimage - <<EOF +echo Confirmed: testimage pause invoked as \$0 +while :; do + sleep 0.1 +done +EOF +chmod 755 pause + +# alpine because it's small and light and reliable +# busybox-extras provides httpd needed in 500-networking.bats +cat >Containerfile <<EOF FROM docker.io/library/alpine:3.12.0 RUN apk add busybox-extras +ADD testimage-id pause /home/podman/ LABEL created_by=$create_script LABEL created_at=$create_time_z +WORKDIR /home/podman CMD ["/bin/echo", "This container is intended for podman CI testing"] EOF +# --squash-all : needed by 'tree' test in 070-build.bats +podman rmi -f testimage &> /dev/null || true +podman build --squash-all -t testimage . + +# Clean up +cd /tmp +rm -rf $tmpdir + # Tag and push to quay. -podman tag testimage quay.io/edsantiago/testimage:$YMD -podman push quay.io/edsantiago/testimage:$YMD +podman tag testimage quay.io/libpod/testimage:$YMD +podman push quay.io/libpod/testimage:$YMD # Side note: there should always be a testimage tagged ':00000000' # (eight zeroes) in the same location; this is used by tests which @@ -54,6 +82,6 @@ podman push quay.io/edsantiago/testimage:$YMD # # podman pull docker.io/library/busybox:1.32.0 # podman tag docker.io/library/busybox:1.32.0 \ -# quay.io/edsantiago/testimage:00000000 -# podman push quay.io/edsantiago/testimage:00000000 +# quay.io/libpod/testimage:00000000 +# podman push quay.io/libpod/testimage:00000000 # diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 514ba249e..eb3e4c7ec 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -7,7 +7,7 @@ PODMAN=${PODMAN:-podman} PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"} PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} -PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200902"} +PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200917"} PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG" # Because who wants to spell that out each time? @@ -240,6 +240,16 @@ function is_remote() { [[ "$PODMAN" =~ -remote ]] } +function is_cgroupsv1() { + # WARNING: This will break if there's ever a cgroups v3 + ! is_cgroupsv2 +} + +function is_cgroupsv2() { + cgroup_type=$(stat -f -c %T /sys/fs/cgroup) + test "$cgroup_type" = "cgroupfs" +} + ########################### # _add_label_if_missing # make sure skip messages include rootless/remote ########################### @@ -376,7 +386,12 @@ function parse_table() { while read col; do dprint "col=<<$col>>" row+=("$col") - done < <(echo "$line" | tr '|' '\012' | sed -e 's/^ *//' -e 's/\\/\\\\/g') + done < <(echo "$line" | sed -E -e 's/(^|\s)\|(\s|$)/\n /g' | sed -e 's/^ *//' -e 's/\\/\\\\/g') + # the above seds: + # 1) Convert '|' to newline, but only if bracketed by spaces or + # at beginning/end of line (this allows 'foo|bar' in tests); + # 2) then remove leading whitespace; + # 3) then double-escape all backslashes printf "%q " "${row[@]}" printf "\n" @@ -397,6 +412,35 @@ function random_string() { } +########################### +# random_rfc1918_subnet # +########################### +# +# Use the class B set, because much of our CI environment (Google, RH) +# already uses up much of the class A, and it's really hard to test +# if a block is in use. +# +# This returns THREE OCTETS! It is up to our caller to append .0/24, .255, &c. +# +function random_rfc1918_subnet() { + local retries=1024 + + while [ "$retries" -gt 0 ];do + local cidr=172.$(( 16 + $RANDOM % 16 )).$(( $RANDOM & 255 )) + + in_use=$(ip route list | fgrep $cidr) + if [ -z "$in_use" ]; then + echo "$cidr" + return + fi + + retries=$(( retries - 1 )) + done + + die "Could not find a random not-in-use rfc1918 subnet" +} + + ######################### # find_exec_pid_files # Returns nothing or exec_pid hash files ######################### diff --git a/test/system/helpers.t b/test/system/helpers.t index 7a331174b..190e8ba35 100755 --- a/test/system/helpers.t +++ b/test/system/helpers.t @@ -85,7 +85,7 @@ while read x y z; do check_result "$x" "''" "empty string - left-hand" check_result "$y" "''" "empty string - middle" check_result "$z" "''" "empty string - right" -done < <(parse_table " | |") +done < <(parse_table " | |") # Quotes while read x y z;do @@ -108,6 +108,13 @@ while read x y z;do check_result "$3" "g" "double quotes - token split - 3" done < <(parse_table "a 'b c' | d \"e f\" g | h") +# Split on '|' only when bracketed by spaces or at beginning/end of line +while read x y z;do + check_result "$x" "|x" "pipe in strings - pipe at start" + check_result "$y" "y|y1" "pipe in strings - pipe in middle" + check_result "$z" "z|" "pipe in strings - pipe at end" +done < <(parse_table "|x | y|y1 | z|") + # END test the parse_table helper ############################################################################### # BEGIN dprint |