summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/common_test.go1
-rw-r--r--test/e2e/libpod_suite_remote_test.go3
-rw-r--r--test/e2e/libpod_suite_test.go6
-rw-r--r--test/e2e/libpod_suite_varlink_test.go3
-rw-r--r--test/e2e/run_test.go103
-rw-r--r--test/system/010-images.bats47
-rw-r--r--test/system/060-mount.bats30
-rw-r--r--test/system/200-pod.bats31
-rw-r--r--test/system/500-networking.bats29
-rwxr-xr-xtest/system/build-testimage44
-rw-r--r--test/system/helpers.bash31
11 files changed, 256 insertions, 72 deletions
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 2ce3f9760..1943020c3 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -39,6 +39,7 @@ var (
ARTIFACT_DIR = "/tmp/.artifacts"
RESTORE_IMAGES = []string{ALPINE, BB, nginx}
defaultWaitTimeout = 90
+ CGROUPSV2, _ = cgroups.IsCgroup2UnifiedMode()
)
// PodmanTestIntegration struct for command line options
diff --git a/test/e2e/libpod_suite_remote_test.go b/test/e2e/libpod_suite_remote_test.go
index c7e667b57..0a0b2799b 100644
--- a/test/e2e/libpod_suite_remote_test.go
+++ b/test/e2e/libpod_suite_remote_test.go
@@ -27,6 +27,9 @@ func SkipIfRemote(reason string) {
ginkgo.Skip("[remote]: " + reason)
}
+func SkipIfRootlessCgroupsV1() {
+}
+
func SkipIfRootless() {
if os.Geteuid() != 0 {
ginkgo.Skip("This function is not enabled for rootless podman")
diff --git a/test/e2e/libpod_suite_test.go b/test/e2e/libpod_suite_test.go
index d6e0789eb..00d066fea 100644
--- a/test/e2e/libpod_suite_test.go
+++ b/test/e2e/libpod_suite_test.go
@@ -19,6 +19,12 @@ func IsRemote() bool {
func SkipIfRemote(string) {
}
+func SkipIfRootlessCgroupsV1() {
+ if os.Geteuid() != 0 && !CGROUPSV2 {
+ Skip("Rooless requires cgroupsV2 to set limits")
+ }
+}
+
func SkipIfRootless() {
if os.Geteuid() != 0 {
Skip("This function is not enabled for rootless podman")
diff --git a/test/e2e/libpod_suite_varlink_test.go b/test/e2e/libpod_suite_varlink_test.go
index 903e92647..f901cbec9 100644
--- a/test/e2e/libpod_suite_varlink_test.go
+++ b/test/e2e/libpod_suite_varlink_test.go
@@ -23,6 +23,9 @@ func IsRemote() bool {
return true
}
+func SkipIfRootlessCgroupsV1() {
+}
+
func SkipIfRemote(reason string) {
ginkgo.Skip("[remote]: " + reason)
}
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index c8655dcad..0bb3fe772 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -11,7 +11,6 @@ import (
"syscall"
"time"
- "github.com/containers/podman/v2/pkg/cgroups"
. "github.com/containers/podman/v2/test/utils"
"github.com/containers/storage/pkg/stringid"
"github.com/mrunalp/fileutils"
@@ -50,7 +49,6 @@ var _ = Describe("Podman run", func() {
})
It("podman run a container based on a complex local image name", func() {
- SkipIfRootless()
imageName := strings.TrimPrefix(nginx, "quay.io/")
session := podmanTest.Podman([]string{"run", imageName, "ls"})
session.WaitWithDefaultTimeout()
@@ -311,12 +309,15 @@ USER bin`
})
It("podman run limits test", func() {
- SkipIfRootless()
- session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"})
- session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(Equal(0))
+ SkipIfRootlessCgroupsV1()
+
+ if !isRootless() {
+ session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "rtprio=99", "--cap-add=sys_nice", fedoraMinimal, "cat", "/proc/self/sched"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ }
- session = podmanTest.Podman([]string{"run", "--rm", "--ulimit", "nofile=2048:2048", fedoraMinimal, "ulimit", "-n"})
+ session := podmanTest.Podman([]string{"run", "--rm", "--ulimit", "nofile=2048:2048", fedoraMinimal, "ulimit", "-n"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring("2048"))
@@ -326,10 +327,7 @@ USER bin`
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring("1024"))
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
- if !cgroupsv2 {
+ if !CGROUPSV2 {
// --oom-kill-disable not supported on cgroups v2.
session = podmanTest.Podman([]string{"run", "--rm", "--oom-kill-disable=true", fedoraMinimal, "echo", "memory-hog"})
session.WaitWithDefaultTimeout()
@@ -370,7 +368,7 @@ USER bin`
})
It("podman run sysctl test", func() {
- SkipIfRootless()
+ SkipIfRootless() // Network sysclts are not avalable root rootless
session := podmanTest.Podman([]string{"run", "--rm", "--sysctl", "net.core.somaxconn=65535", ALPINE, "sysctl", "net.core.somaxconn"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -378,17 +376,15 @@ USER bin`
})
It("podman run blkio-weight test", func() {
- SkipIfRootless()
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
- if !cgroupsv2 {
+ SkipIfRootless() // FIXME: This is blowing up because of no /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control file
+ // SkipIfRootlessCgroupsV1()
+ if !CGROUPSV2 {
if _, err := os.Stat("/sys/fs/cgroup/blkio/blkio.weight"); os.IsNotExist(err) {
Skip("Kernel does not support blkio.weight")
}
}
- if cgroupsv2 {
+ if CGROUPSV2 {
// convert linearly from [10-1000] to [1-10000]
session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.bfq.weight"})
session.WaitWithDefaultTimeout()
@@ -403,14 +399,11 @@ USER bin`
})
It("podman run device-read-bps test", func() {
- SkipIfRootless()
-
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
+ SkipIfRootless() // FIXME: Missing /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control
+ SkipIfRootlessCgroupsV1()
var session *PodmanSessionIntegration
- if cgroupsv2 {
+ if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"})
} else {
session = podmanTest.Podman([]string{"run", "--rm", "--device-read-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"})
@@ -418,40 +411,34 @@ USER bin`
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
Expect(session.OutputToString()).To(ContainSubstring("1048576"))
}
})
It("podman run device-write-bps test", func() {
- SkipIfRootless()
-
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
+ SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist
+ SkipIfRootlessCgroupsV1()
var session *PodmanSessionIntegration
- if cgroupsv2 {
+ if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"})
} else {
session = podmanTest.Podman([]string{"run", "--rm", "--device-write-bps=/dev/zero:1mb", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_bps_device"})
}
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
Expect(session.OutputToString()).To(ContainSubstring("1048576"))
}
})
It("podman run device-read-iops test", func() {
- SkipIfRootless()
-
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
+ SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist
+ SkipIfRootlessCgroupsV1()
var session *PodmanSessionIntegration
- if cgroupsv2 {
+ if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"})
} else {
session = podmanTest.Podman([]string{"run", "--rm", "--device-read-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_iops_device"})
@@ -459,20 +446,17 @@ USER bin`
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
Expect(session.OutputToString()).To(ContainSubstring("100"))
}
})
It("podman run device-write-iops test", func() {
- SkipIfRootless()
-
- cgroupsv2, err := cgroups.IsCgroup2UnifiedMode()
- Expect(err).To(BeNil())
-
+ SkipIfRootless() // FIXME /sys/fs/cgroup/user.slice/user-14467.slice/user@14467.service/cgroup.subtree_control does not exist
+ SkipIfRootlessCgroupsV1()
var session *PodmanSessionIntegration
- if cgroupsv2 {
+ if CGROUPSV2 {
session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"})
} else {
session = podmanTest.Podman([]string{"run", "--rm", "--device-write-iops=/dev/zero:100", ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.write_iops_device"})
@@ -480,7 +464,7 @@ USER bin`
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- if !cgroupsv2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
+ if !CGROUPSV2 { // TODO: Test Simplification. For now, we only care about exit(0) w/ cgroupsv2
Expect(session.OutputToString()).To(ContainSubstring("100"))
}
})
@@ -586,7 +570,7 @@ USER bin`
})
It("podman run with FIPS mode secrets", func() {
- SkipIfRootless()
+ SkipIfRootless() // rootless can not manipulate system-fips file
fipsFile := "/etc/system-fips"
err = ioutil.WriteFile(fipsFile, []byte{}, 0755)
Expect(err).To(BeNil())
@@ -601,27 +585,24 @@ USER bin`
})
It("podman run without group-add", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)"))
+ Expect(session.LineInOutputContains("27(video),777,65533(nogroup)")).To(BeFalse())
})
It("podman run with group-add", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--group-add=audio", "--group-add=nogroup", "--group-add=777", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),18(audio),20(dialout),26(tape),27(video),777,65533(nogroup)"))
+ Expect(session.LineInOutputContains("777,65533(nogroup)")).To(BeTrue())
})
It("podman run with user (default)", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)"))
+ Expect(session.LineInOutputContains("uid=0(root) gid=0(root)")).To(BeTrue())
})
It("podman run with user (integer, not in /etc/passwd)", func() {
@@ -632,19 +613,17 @@ USER bin`
})
It("podman run with user (integer, in /etc/passwd)", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--user=8", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)"))
+ Expect(session.LineInOutputContains("uid=8(mail) gid=12(mail)")).To(BeTrue())
})
It("podman run with user (username)", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--rm", "--user=mail", ALPINE, "id"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
- Expect(session.OutputToString()).To(Equal("uid=8(mail) gid=12(mail) groups=12(mail)"))
+ Expect(session.LineInOutputContains("uid=8(mail) gid=12(mail)")).To(BeTrue())
})
It("podman run with user:group (username:integer)", func() {
@@ -910,7 +889,7 @@ USER mail`
})
It("podman run --mount type=bind,bind-nonrecursive", func() {
- SkipIfRootless()
+ SkipIfRootless() // rootless users are not allowed to mount bind-nonrecursive (Could this be a Kernel bug?
session := podmanTest.Podman([]string{"run", "--mount", "type=bind,bind-nonrecursive,slave,src=/,target=/host", fedoraMinimal, "findmnt", "-nR", "/host"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -918,7 +897,6 @@ USER mail`
})
It("podman run --mount type=devpts,target=/foo/bar", func() {
- SkipIfRootless()
session := podmanTest.Podman([]string{"run", "--mount", "type=devpts,target=/foo/bar", fedoraMinimal, "stat", "-f", "-c%T", "/foo/bar"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Equal(0))
@@ -1071,7 +1049,8 @@ USER mail`
})
It("podman run with cgroups=disabled runs without cgroups", func() {
- SkipIfRootless()
+ SkipIfRootless() // FIXME: I believe this should work but need to fix this test
+ SkipIfRootlessCgroupsV1()
// Only works on crun
if !strings.Contains(podmanTest.OCIRuntime, "crun") {
Skip("Test only works on crun")
@@ -1103,7 +1082,7 @@ USER mail`
})
It("podman run with cgroups=enabled makes cgroups", func() {
- SkipIfRootless()
+ SkipIfRootlessCgroupsV1()
// Only works on crun
if !strings.Contains(podmanTest.OCIRuntime, "crun") {
Skip("Test only works on crun")
@@ -1146,7 +1125,7 @@ USER mail`
})
It("podman run --device-cgroup-rule", func() {
- SkipIfRootless()
+ SkipIfRootless() // rootless users are not allowed to mknod
deviceCgroupRule := "c 42:* rwm"
session := podmanTest.Podman([]string{"run", "--name", "test", "-d", "--device-cgroup-rule", deviceCgroupRule, ALPINE, "top"})
session.WaitWithDefaultTimeout()
diff --git a/test/system/010-images.bats b/test/system/010-images.bats
index c0a8936e3..ac65e54d9 100644
--- a/test/system/010-images.bats
+++ b/test/system/010-images.bats
@@ -112,4 +112,51 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z
run_podman rm mytinycontainer
}
+# Regression test for https://github.com/containers/podman/issues/7651
+# in which "podman pull image-with-sha" causes "images -a" to crash
+@test "podman images -a, after pulling by sha " {
+ # Get a baseline for 'images -a'
+ run_podman images -a
+ local images_baseline="$output"
+
+ # Get the digest of our local test image. We need to do this in two steps
+ # because 'podman inspect' only works reliably on *IMAGE ID*, not name.
+ # See https://github.com/containers/podman/issues/3761
+ run_podman inspect --format '{{.Id}}' $IMAGE
+ local iid="$output"
+ run_podman inspect --format '{{.Digest}}' $iid
+ local sha="$output"
+
+ local imgbase="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/${PODMAN_TEST_IMAGE_NAME}"
+ local fqin="${imgbase}@$sha"
+
+ # This will always pull, because even though it's the same image we
+ # already have, podman doesn't actually know that.
+ run_podman pull $fqin
+ is "$output" "Trying to pull ${fqin}\.\.\..*" "output of podman pull"
+
+ # Prior to #7654, this would crash and burn. Now podman recognizes it
+ # as the same image and, even though it internally tags it with the
+ # sha, still only shows us one image (which should be our baseline)
+ #
+ # WARNING! If this test fails, we're going to see a lot of failures
+ # in subsequent tests due to 'podman ps' showing the '@sha' tag!
+ # I choose not to add a complicated teardown() (with 'rmi @sha')
+ # because the failure window here is small, and if it fails it
+ # needs attention anyway. So if you see lots of failures, but
+ # start here because this is the first one, fix this problem.
+ # You can (probably) ignore any subsequent failures showing '@sha'
+ # in the error output.
+ run_podman images -a
+ is "$output" "$images_baseline" "images -a, after pull: same as before"
+
+ # Clean up: this should simply untag, not remove
+ run_podman rmi $fqin
+ is "$output" "Untagged: $fqin" "podman rmi untags, does not remove"
+
+ # ...and now we should still have our same image.
+ run_podman images -a
+ is "$output" "$images_baseline" "after podman rmi @sha, still the same"
+}
+
# vim: filetype=sh
diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats
index d98a3eeb1..75c88e4ad 100644
--- a/test/system/060-mount.bats
+++ b/test/system/060-mount.bats
@@ -35,4 +35,34 @@ load helpers
fi
}
+
+@test "podman image mount" {
+ skip_if_remote "mounting remote is meaningless"
+ skip_if_rootless "too hard to test rootless"
+
+ # Start with clean slate
+ run_podman image umount -a
+
+ run_podman image mount $IMAGE
+ mount_path="$output"
+
+ test -d $mount_path
+
+ # Image is custom-built and has a file containing the YMD tag. Check it.
+ testimage_file="/home/podman/testimage-id"
+ test -e "$mount_path$testimage_file"
+ is $(< "$mount_path$testimage_file") "$PODMAN_TEST_IMAGE_TAG" \
+ "Contents of $testimage_file in image"
+
+ # 'image mount', no args, tells us what's mounted
+ run_podman image mount
+ is "$output" "$IMAGE $mount_path" "podman image mount with no args"
+
+ # Clean up
+ run_podman image umount $IMAGE
+
+ run_podman image mount
+ is "$output" "" "podman image mount, no args, after umount"
+}
+
# vim: filetype=sh
diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats
index 7189d7e4b..2ae038dfe 100644
--- a/test/system/200-pod.bats
+++ b/test/system/200-pod.bats
@@ -173,6 +173,19 @@ function random_ip() {
# FIXME: --ip=$ip fails:
# Error adding network: failed to allocate all requested IPs
local mac_option="--mac-address=$mac"
+
+ # Create a custom image so we can test --infra-image and -command.
+ # It will have a randomly generated infra command, using the
+ # existing 'pause' script in our testimage. We assign a bogus
+ # entrypoint to confirm that --infra-command will override.
+ local infra_image="infra_$(random_string 10 | tr A-Z a-z)"
+ local infra_command="/pause_$(random_string 10)"
+ run_podman build -t $infra_image - << EOF
+FROM $IMAGE
+RUN ln /home/podman/pause $infra_command
+ENTRYPOINT ["/original-entrypoint-should-be-overridden"]
+EOF
+
if is_rootless; then
mac_option=
fi
@@ -185,12 +198,21 @@ function random_ip() {
--dns-search "$dns_search" \
--dns-opt "$dns_opt" \
--publish "$port_out:$port_in" \
- --label "${labelname}=${labelvalue}"
+ --label "${labelname}=${labelvalue}" \
+ --infra-image "$infra_image" \
+ --infra-command "$infra_command"
pod_id="$output"
# Check --pod-id-file
is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file"
+ # Get ID of infra container
+ run_podman pod inspect --format '{{(index .Containers 0).ID}}' mypod
+ local infra_cid="$output"
+ # confirm that entrypoint is what we set
+ run_podman container inspect --format '{{.Config.Entrypoint}}' $infra_cid
+ is "$output" "$infra_command" "infra-command took effect"
+
# Check each of the options
if [ -n "$mac_option" ]; then
run_podman run --rm --pod mypod $IMAGE ip link show
@@ -249,9 +271,16 @@ function random_ip() {
run_podman logs $cid
is "$output" "$teststring" "test string received on container"
+ # Finally, confirm the infra-container and -command. We run this late,
+ # not at pod creation, to give the infra container time to start & log.
+ run_podman logs $infra_cid
+ is "$output" "Confirmed: testimage pause invoked as $infra_command" \
+ "pod ran with our desired infra container + command"
+
# Clean up
run_podman rm $cid
run_podman pod rm -f mypod
+ run_podman rmi $infra_image
}
# vim: filetype=sh
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 39de8ad54..d2454fbf4 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -80,4 +80,33 @@ load helpers
run_podman rm $cid
}
+# "network create" now works rootless, with the help of a special container
+@test "podman network create" {
+ local mynetname=testnet-$(random_string 10)
+ local mysubnet=$(random_rfc1918_subnet)
+
+ run_podman network create --subnet "${mysubnet}.0/24" $mynetname
+ is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'"
+
+ # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky
+ run_podman run --rm --network $mynetname $IMAGE ip a
+ is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \
+ "sdfsdf"
+
+ # Cannot create network with the same name
+ run_podman 125 network create $mynetname
+ is "$output" "Error: the network name $mynetname is already used" \
+ "Trying to create an already-existing network"
+
+ run_podman network rm $mynetname
+ run_podman 125 network rm $mynetname
+
+ # rootless CNI leaves behind an image pulled by SHA, hence with no tag.
+ # Remove it if present; we can only remove it by ID.
+ run_podman images --format '{{.Id}}' rootless-cni-infra
+ if [ -n "$output" ]; then
+ run_podman rmi $output
+ fi
+}
+
# vim: filetype=sh
diff --git a/test/system/build-testimage b/test/system/build-testimage
index 64aa46337..ef14d3afd 100755
--- a/test/system/build-testimage
+++ b/test/system/build-testimage
@@ -26,23 +26,51 @@ create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ')
set -ex
+# We'll need to create a Containerfile plus various other files to add in
+#
# Please document the reason for all flags, apk's, and anything non-obvious
+tmpdir=$(mktemp -t -d $(basename $0).tmp.XXXXXXX)
+cd $tmpdir
+
+# 'image mount' test will confirm that this file exists and has our YMD tag
+echo $YMD >testimage-id
+
+# 'pod' test will use this for --infra-command
+cat >pause <<EOF
+#!/bin/sh
#
-# --squash-all : needed by 'tree' test in 070-build.bats
-# busybox-extras : provides httpd needed in 500-networking.bats
+# Trivial little pause script, used in one of the pod tests
#
-podman rmi -f testimage &> /dev/null || true
-podman build --squash-all -t testimage - <<EOF
+echo Confirmed: testimage pause invoked as \$0
+while :; do
+ sleep 0.1
+done
+EOF
+chmod 755 pause
+
+# alpine because it's small and light and reliable
+# busybox-extras provides httpd needed in 500-networking.bats
+cat >Containerfile <<EOF
FROM docker.io/library/alpine:3.12.0
RUN apk add busybox-extras
+ADD testimage-id pause /home/podman/
LABEL created_by=$create_script
LABEL created_at=$create_time_z
+WORKDIR /home/podman
CMD ["/bin/echo", "This container is intended for podman CI testing"]
EOF
+# --squash-all : needed by 'tree' test in 070-build.bats
+podman rmi -f testimage &> /dev/null || true
+podman build --squash-all -t testimage .
+
+# Clean up
+cd /tmp
+rm -rf $tmpdir
+
# Tag and push to quay.
-podman tag testimage quay.io/edsantiago/testimage:$YMD
-podman push quay.io/edsantiago/testimage:$YMD
+podman tag testimage quay.io/libpod/testimage:$YMD
+podman push quay.io/libpod/testimage:$YMD
# Side note: there should always be a testimage tagged ':00000000'
# (eight zeroes) in the same location; this is used by tests which
@@ -54,6 +82,6 @@ podman push quay.io/edsantiago/testimage:$YMD
#
# podman pull docker.io/library/busybox:1.32.0
# podman tag docker.io/library/busybox:1.32.0 \
-# quay.io/edsantiago/testimage:00000000
-# podman push quay.io/edsantiago/testimage:00000000
+# quay.io/libpod/testimage:00000000
+# podman push quay.io/libpod/testimage:00000000
#
diff --git a/test/system/helpers.bash b/test/system/helpers.bash
index 112b73962..78571901d 100644
--- a/test/system/helpers.bash
+++ b/test/system/helpers.bash
@@ -7,7 +7,7 @@ PODMAN=${PODMAN:-podman}
PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"}
PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"}
PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"}
-PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200902"}
+PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200917"}
PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG"
# Because who wants to spell that out each time?
@@ -402,6 +402,35 @@ function random_string() {
}
+###########################
+# random_rfc1918_subnet #
+###########################
+#
+# Use the class B set, because much of our CI environment (Google, RH)
+# already uses up much of the class A, and it's really hard to test
+# if a block is in use.
+#
+# This returns THREE OCTETS! It is up to our caller to append .0/24, .255, &c.
+#
+function random_rfc1918_subnet() {
+ local retries=1024
+
+ while [ "$retries" -gt 0 ];do
+ local cidr=172.$(( 16 + $RANDOM % 16 )).$(( $RANDOM & 255 ))
+
+ in_use=$(ip route list | fgrep $cidr)
+ if [ -z "$in_use" ]; then
+ echo "$cidr"
+ return
+ fi
+
+ retries=$(( retries - 1 ))
+ done
+
+ die "Could not find a random not-in-use rfc1918 subnet"
+}
+
+
#########################
# find_exec_pid_files # Returns nothing or exec_pid hash files
#########################