diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/25-containersMore.at | 55 | ||||
| -rw-r--r-- | test/e2e/generate_systemd_test.go | 15 | ||||
| -rw-r--r-- | test/e2e/load_test.go | 8 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 49 | ||||
| -rw-r--r-- | test/e2e/pull_test.go | 43 | ||||
| -rw-r--r-- | test/e2e/run_apparmor_test.go | 13 | ||||
| -rw-r--r-- | test/e2e/run_passwd_test.go | 13 | ||||
| -rw-r--r-- | test/e2e/run_privileged_test.go | 42 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 8 | ||||
| -rw-r--r-- | test/e2e/save_test.go | 47 | ||||
| -rw-r--r-- | test/e2e/systemd_test.go | 8 | ||||
| l--------- | test/e2e/testdata/image | 1 | ||||
| -rw-r--r-- | test/system/001-basic.bats | 11 | ||||
| -rw-r--r-- | test/system/010-images.bats | 14 | ||||
| -rw-r--r-- | test/system/030-run.bats | 23 | ||||
| -rw-r--r-- | test/system/110-history.bats | 3 | ||||
| -rw-r--r-- | test/system/150-login.bats | 43 | ||||
| -rw-r--r-- | test/system/260-sdnotify.bats | 5 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 13 | ||||
| -rwxr-xr-x | test/system/build-testimage | 59 | ||||
| -rw-r--r-- | test/system/helpers.bash | 6 |
21 files changed, 413 insertions, 66 deletions
diff --git a/test/apiv2/25-containersMore.at b/test/apiv2/25-containersMore.at new file mode 100644 index 000000000..e0e6f7222 --- /dev/null +++ b/test/apiv2/25-containersMore.at @@ -0,0 +1,55 @@ +# -*- sh -*- +# +# test more container-related endpoints +# + +podman pull $IMAGE &>/dev/null + +# Ensure clean slate +podman rm -a -f &>/dev/null + +podman run -d --name foo $IMAGE top + +# Check exists for none such +t GET libpod/containers/nonesuch/exists 404 + +# Check container foo exists +t GET libpod/containers/foo/exists 204 + +# Pause the container +t POST libpod/containers/foo/pause '' 204 + +t GET libpod/containers/foo/json 200 \ + .Id~[0-9a-f]\\{64\\} \ + .State.Status=paused \ + .ImageName=$IMAGE \ + .Config.Cmd[0]=top \ + .Name=foo + +# Unpause the container +t POST libpod/containers/foo/unpause '' 204 + +t GET libpod/containers/foo/json 200 \ + .Id~[0-9a-f]\\{64\\} \ + .State.Status=running \ + .ImageName=$IMAGE \ + .Config.Cmd[0]=top \ + .Name=foo + +# List processes of the container +t GET libpod/containers/foo/top 200 \ + length=2 + +# List processes of none such +t GET libpod/containers/nonesuch/top 404 + +# Mount the container to host filesystem +t POST libpod/containers/foo/mount '' 200 +like "$output" ".*merged" "Check container mount" + +# Unmount the container +t POST libpod/containers/foo/unmount '' 204 + +t DELETE libpod/containers/foo?force=true 204 + +# vim: filetype=sh diff --git a/test/e2e/generate_systemd_test.go b/test/e2e/generate_systemd_test.go index 60d9162d1..cd3ee6e0a 100644 --- a/test/e2e/generate_systemd_test.go +++ b/test/e2e/generate_systemd_test.go @@ -1,5 +1,3 @@ -// +build !remote - package integration import ( @@ -61,7 +59,7 @@ var _ = Describe("Podman generate systemd", func() { session = podmanTest.Podman([]string{"generate", "systemd", "--restart-policy", "bogus", "foobar"}) session.WaitWithDefaultTimeout() Expect(session).To(ExitWithError()) - found, _ := session.ErrorGrepString("Error: bogus is not a valid restart policy") + found, _ := session.ErrorGrepString("bogus is not a valid restart policy") Expect(found).Should(BeTrue()) }) @@ -383,4 +381,15 @@ var _ = Describe("Podman generate systemd", func() { found, _ = session.GrepString("pod rm --ignore -f --pod-id-file %t/pod-foo.pod-id") Expect(found).To(BeTrue()) }) + + It("podman generate systemd --format json", func() { + n := podmanTest.Podman([]string{"create", "--name", "foo", ALPINE}) + n.WaitWithDefaultTimeout() + Expect(n.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"generate", "systemd", "--format", "json", "foo"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.IsJSONOutputValid()).To(BeTrue()) + }) }) diff --git a/test/e2e/load_test.go b/test/e2e/load_test.go index 6a7f15e1f..2b401a09d 100644 --- a/test/e2e/load_test.go +++ b/test/e2e/load_test.go @@ -269,4 +269,12 @@ var _ = Describe("Podman load", func() { result.WaitWithDefaultTimeout() Expect(result.ExitCode()).To(Equal(0)) }) + + It("podman load multi-image archive", func() { + result := podmanTest.PodmanNoCache([]string{"load", "-i", "./testdata/image/docker-two-images.tar.xz"}) + result.WaitWithDefaultTimeout() + Expect(result.ExitCode()).To(Equal(0)) + Expect(result.LineInOutputContains("example.com/empty:latest")).To(BeTrue()) + Expect(result.LineInOutputContains("example.com/empty/but:different")).To(BeTrue()) + }) }) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 1379cb35d..121cea017 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -42,6 +42,14 @@ metadata: spec: hostname: {{ .Hostname }} + hostAliases: +{{ range .HostAliases }} + - hostnames: + {{ range .HostName }} + - {{ . }} + {{ end }} + ip: {{ .IP }} +{{ end }} containers: {{ with .Ctrs }} {{ range . }} @@ -249,16 +257,22 @@ func generateDeploymentKubeYaml(deployment *Deployment, fileName string) error { type Pod struct { Name string Hostname string + HostAliases []HostAlias Ctrs []*Ctr Volumes []*Volume Annotations map[string]string } +type HostAlias struct { + IP string + HostName []string +} + // getPod takes a list of podOptions and returns a pod with sane defaults // and the configured options // if no containers are added, it will add the default container func getPod(options ...podOption) *Pod { - p := Pod{defaultPodName, "", make([]*Ctr, 0), make([]*Volume, 0), make(map[string]string)} + p := Pod{defaultPodName, "", nil, make([]*Ctr, 0), make([]*Volume, 0), make(map[string]string)} for _, option := range options { option(&p) } @@ -276,6 +290,15 @@ func withHostname(h string) podOption { } } +func withHostAliases(ip string, host []string) podOption { + return func(pod *Pod) { + pod.HostAliases = append(pod.HostAliases, HostAlias{ + IP: ip, + HostName: host, + }) + } +} + func withCtr(c *Ctr) podOption { return func(pod *Pod) { pod.Ctrs = append(pod.Ctrs, c) @@ -597,6 +620,30 @@ var _ = Describe("Podman generate kube", func() { Expect(inspect.OutputToString()).To(Equal(hostname)) }) + It("podman play kube test HostAliases", func() { + pod := getPod(withHostAliases("192.168.1.2", []string{ + "test1.podman.io", + "test2.podman.io", + }), + withHostAliases("192.168.1.3", []string{ + "test3.podman.io", + "test4.podman.io", + }), + ) + err := generatePodKubeYaml(pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "{{ .HostConfig.ExtraHosts }}"}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()). + To(Equal("[test1.podman.io:192.168.1.2 test2.podman.io:192.168.1.2 test3.podman.io:192.168.1.3 test4.podman.io:192.168.1.3]")) + }) + It("podman play kube cap add", func() { capAdd := "CAP_SYS_ADMIN" ctr := getCtr(withCapAdd([]string{capAdd}), withCmd([]string{"cat", "/proc/self/status"}), withArg(nil)) diff --git a/test/e2e/pull_test.go b/test/e2e/pull_test.go index 6d1cb6cbc..98b81876a 100644 --- a/test/e2e/pull_test.go +++ b/test/e2e/pull_test.go @@ -251,6 +251,49 @@ var _ = Describe("Podman pull", func() { session = podmanTest.PodmanNoCache([]string{"rmi", "alpine"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) + + // Pulling a multi-image archive without further specifying + // which image _must_ error out. Pulling is restricted to one + // image. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError := "Unexpected tar manifest.json: expected 1 item, got 2" + found, _ := session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) + + // Now pull _one_ image from a multi-image archive via the name + // and index syntax. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@0")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:example.com/empty:latest")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@1")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:example.com/empty/but:different")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Now check for some errors. + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:foo.com/does/not/exist:latest")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError = "Tag \"foo.com/does/not/exist:latest\" not found" + found, _ = session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) + + session = podmanTest.PodmanNoCache([]string{"pull", fmt.Sprintf("docker-archive:./testdata/image/docker-two-images.tar.xz:@2")}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(125)) + expectedError = "Invalid source index @2, only 2 manifest items available" + found, _ = session.ErrorGrepString(expectedError) + Expect(found).To(Equal(true)) }) It("podman pull from oci-archive", func() { diff --git a/test/e2e/run_apparmor_test.go b/test/e2e/run_apparmor_test.go index 53cac9529..7d522a752 100644 --- a/test/e2e/run_apparmor_test.go +++ b/test/e2e/run_apparmor_test.go @@ -155,4 +155,17 @@ profile aa-test-profile flags=(attach_disconnected,mediate_deleted) { inspect := podmanTest.InspectContainer(cid) Expect(inspect[0].AppArmorProfile).To(Equal("")) }) + + It("podman run apparmor disabled unconfined", func() { + skipIfAppArmorEnabled() + + session := podmanTest.Podman([]string{"create", "--security-opt", "apparmor=unconfined", ALPINE, "ls"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + cid := session.OutputToString() + // Verify that apparmor.Profile is being set + inspect := podmanTest.InspectContainer(cid) + Expect(inspect[0].AppArmorProfile).To(Equal("")) + }) }) diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 8dea7d39b..c48876dee 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -58,4 +58,17 @@ var _ = Describe("Podman run passwd", func() { Expect(session.ExitCode()).To(Equal(0)) Expect(session.LineInOutputContains("passwd")).To(BeTrue()) }) + + It("podman can run container without /etc/passwd", func() { + SkipIfRemote() + dockerfile := `FROM alpine +RUN rm -f /etc/passwd /etc/shadow /etc/group +USER 1000` + imgName := "testimg" + podmanTest.BuildImage(dockerfile, imgName, "false") + session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) + }) }) diff --git a/test/e2e/run_privileged_test.go b/test/e2e/run_privileged_test.go index ca8da981f..064ba7d2c 100644 --- a/test/e2e/run_privileged_test.go +++ b/test/e2e/run_privileged_test.go @@ -2,13 +2,36 @@ package integration import ( "os" + "strconv" "strings" . "github.com/containers/podman/v2/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" + "github.com/syndtr/gocapability/capability" ) +// helper function for confirming that container capabilities are equal +// to those of the host, but only to the extent of caps we (podman) +// know about at compile time. That is: the kernel may have more caps +// available than we are aware of, leading to host=FFF... and ctr=3FF... +// because the latter is all we request. Accept that. +func containerCapMatchesHost(ctr_cap string, host_cap string) { + ctr_cap_n, err := strconv.ParseUint(ctr_cap, 16, 64) + Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", ctr_cap) + + host_cap_n, err := strconv.ParseUint(host_cap, 16, 64) + Expect(err).NotTo(HaveOccurred(), "Error parsing %q as hex", host_cap) + + // host caps can never be zero (except rootless, which we don't test). + // and host caps must always be a superset (inclusive) of container + Expect(host_cap_n).To(BeNumerically(">", 0), "host cap %q should be nonzero", host_cap) + Expect(host_cap_n).To(BeNumerically(">=", ctr_cap_n), "host cap %q should never be less than container cap %q", host_cap, ctr_cap) + + host_cap_masked := host_cap_n & (1<<len(capability.List()) - 1) + Expect(ctr_cap_n).To(Equal(host_cap_masked), "container cap %q is not a subset of host cap %q", ctr_cap, host_cap) +} + var _ = Describe("Podman privileged container tests", func() { var ( tempdir string @@ -44,24 +67,27 @@ var _ = Describe("Podman privileged container tests", func() { It("podman privileged CapEff", func() { SkipIfRootless() - cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) - Expect(cap.ExitCode()).To(Equal(0)) + host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) + Expect(host_cap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--privileged", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + + containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString()) }) It("podman cap-add CapEff", func() { SkipIfRootless() - cap := SystemExec("grep", []string{"CapEff", "/proc/self/status"}) - Expect(cap.ExitCode()).To(Equal(0)) + // Get caps of current process + host_cap := SystemExec("awk", []string{"/^CapEff/ { print $2 }", "/proc/self/status"}) + Expect(host_cap.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "grep", "CapEff", "/proc/self/status"}) + session := podmanTest.Podman([]string{"run", "--cap-add", "all", "busybox", "awk", "/^CapEff/ { print $2 }", "/proc/self/status"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - Expect(session.OutputToString()).To(Equal(cap.OutputToString())) + + containerCapMatchesHost(session.OutputToString(), host_cap.OutputToString()) }) It("podman cap-drop CapEff", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 91b0d3e48..1ac753201 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -919,6 +919,14 @@ USER mail` Expect(session.OutputToString()).To(Not(ContainSubstring("/dev/shm type tmpfs (ro,"))) }) + It("podman run readonly container should NOT mount /run noexec", func() { + session := podmanTest.Podman([]string{"run", "--read-only", ALPINE, "sh", "-c", "mount | grep \"/run \""}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) + }) + It("podman run with bad healthcheck retries", func() { session := podmanTest.Podman([]string{"run", "-dt", "--health-cmd", "[\"foo\"]", "--health-retries", "0", ALPINE, "top"}) session.Wait() diff --git a/test/e2e/save_test.go b/test/e2e/save_test.go index e1396f1b2..1f1258be3 100644 --- a/test/e2e/save_test.go +++ b/test/e2e/save_test.go @@ -128,4 +128,51 @@ var _ = Describe("Podman save", func() { save.WaitWithDefaultTimeout() Expect(save.ExitCode()).To(Equal(0)) }) + + It("podman save --multi-image-archive (tagged images)", func() { + multiImageSave(podmanTest, RESTORE_IMAGES) + }) + + It("podman save --multi-image-archive (untagged images)", func() { + // Refer to images via ID instead of tag. + session := podmanTest.PodmanNoCache([]string{"images", "--format", "{{.ID}}"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + ids := session.OutputToStringArray() + + Expect(len(RESTORE_IMAGES), len(ids)) + multiImageSave(podmanTest, ids) + }) }) + +// Create a multi-image archive, remove all images, load it and +// make sure that all images are (again) present. +func multiImageSave(podmanTest *PodmanTestIntegration, images []string) { + // Create the archive. + outfile := filepath.Join(podmanTest.TempDir, "temp.tar") + session := podmanTest.PodmanNoCache(append([]string{"save", "-o", outfile, "--multi-image-archive"}, images...)) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Remove all images. + session = podmanTest.PodmanNoCache([]string{"rmi", "-af"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Now load the archive. + session = podmanTest.PodmanNoCache([]string{"load", "-i", outfile}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + // Grep for each image in the `podman load` output. + for _, image := range images { + found, _ := session.GrepString(image) + Expect(found).Should(BeTrue()) + } + + // Make sure that each image has really been loaded. + for _, image := range images { + session = podmanTest.PodmanNoCache([]string{"image", "exists", image}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + } +} diff --git a/test/e2e/systemd_test.go b/test/e2e/systemd_test.go index b5114e429..9a3247b77 100644 --- a/test/e2e/systemd_test.go +++ b/test/e2e/systemd_test.go @@ -146,4 +146,12 @@ WantedBy=multi-user.target Expect(len(conData)).To(Equal(1)) Expect(conData[0].Config.SystemdMode).To(BeTrue()) }) + + It("podman run --systemd container should NOT mount /run noexec", func() { + session := podmanTest.Podman([]string{"run", "--systemd", "always", ALPINE, "sh", "-c", "mount | grep \"/run \""}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + Expect(session.OutputToString()).To(Not(ContainSubstring("noexec"))) + }) }) diff --git a/test/e2e/testdata/image b/test/e2e/testdata/image new file mode 120000 index 000000000..a9e67bf9a --- /dev/null +++ b/test/e2e/testdata/image @@ -0,0 +1 @@ +../../../libpod/image/testdata/
\ No newline at end of file diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index a5a3324fb..1d5eb066b 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -69,6 +69,17 @@ function setup() { is "$output" "Error: unknown flag: --remote" "podman version --remote" } +# Check that just calling "podman-remote" prints the usage message even +# without a running endpoint. Use "podman --remote" for this as this works the same. +@test "podman-remote: check for command usage message without a running endpoint" { + if is_remote; then + skip "only applicable on a local run since this requires no endpoint" + fi + + run_podman 125 --remote + is "$output" "Error: missing command 'podman COMMAND'" "podman remote show usage message without running endpoint" +} + # This is for development only; it's intended to make sure our timeout # in run_podman continues to work. This test should never run in production # because it will, by definition, fail. diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 7fd731ca0..c0a8936e3 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -14,6 +14,8 @@ load helpers --format {{.ID}} | [0-9a-f]\\\{12\\\} --format {{.ID}} --no-trunc | sha256:[0-9a-f]\\\{64\\\} --format {{.Repository}}:{{.Tag}} | $PODMAN_TEST_IMAGE_FQN +--format {{.Labels.created_by}} | test/system/build-testimage +--format {{.Labels.created_at}} | 20[0-9-]\\\+T[0-9:]\\\+Z " parse_table "$tests" | while read fmt expect; do @@ -27,11 +29,13 @@ load helpers @test "podman images - json" { # 'created': podman includes fractional seconds, podman-remote does not tests=" -Names[0] | $PODMAN_TEST_IMAGE_FQN -Id | [0-9a-f]\\\{64\\\} -Digest | sha256:[0-9a-f]\\\{64\\\} -CreatedAt | [0-9-]\\\+T[0-9:.]\\\+Z -Size | [0-9]\\\+ +Names[0] | $PODMAN_TEST_IMAGE_FQN +Id | [0-9a-f]\\\{64\\\} +Digest | sha256:[0-9a-f]\\\{64\\\} +CreatedAt | [0-9-]\\\+T[0-9:.]\\\+Z +Size | [0-9]\\\+ +Labels.created_by | test/system/build-testimage +Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z " run_podman images -a --format json diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 198c8881d..0b92554b8 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -134,24 +134,29 @@ echo $rand | 0 | $rand run_podman run --pull=never $IMAGE true is "$output" "" "--pull=never [present]: no output" - # Now test with busybox, which we don't have present - run_podman 125 run --pull=never busybox true - is "$output" "Error: unable to find a name and tag match for busybox in repotags: no such image" "--pull=never [busybox/missing]: error" + # Now test with a remote image which we don't have present (the 00 tag) + NONLOCAL_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000000" - run_podman run --pull=missing busybox true - is "$output" "Trying to pull .*" "--pull=missing [busybox/missing]: fetches" + run_podman 125 run --pull=never $NONLOCAL_IMAGE true + is "$output" "Error: unable to find a name and tag match for $NONLOCAL_IMAGE in repotags: no such image" "--pull=never [with image not present]: error" - run_podman run --pull=always busybox true - is "$output" "Trying to pull .*" "--pull=always [busybox/present]: fetches" + run_podman run --pull=missing $NONLOCAL_IMAGE true + is "$output" "Trying to pull .*" "--pull=missing [with image NOT PRESENT]: fetches" + + run_podman run --pull=missing $NONLOCAL_IMAGE true + is "$output" "" "--pull=missing [with image PRESENT]: does not re-fetch" + + run_podman run --pull=always $NONLOCAL_IMAGE true + is "$output" "Trying to pull .*" "--pull=always [with image PRESENT]: re-fetches" run_podman rm -a - run_podman rmi busybox + run_podman rmi $NONLOCAL_IMAGE } # 'run --rmi' deletes the image in the end unless it's used by another container @test "podman run --rmi" { # Name of a nonlocal image. It should be pulled in by the first 'run' - NONLOCAL_IMAGE=busybox + NONLOCAL_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:00000000" run_podman 1 image exists $NONLOCAL_IMAGE # Run a container, without --rm; this should block subsequent --rmi diff --git a/test/system/110-history.bats b/test/system/110-history.bats index 5dc221d61..75c15b088 100644 --- a/test/system/110-history.bats +++ b/test/system/110-history.bats @@ -22,9 +22,10 @@ load helpers } @test "podman history - json" { + # Sigh. Timestamp in .created can be '...Z' or '...-06:00' tests=" id | [0-9a-f]\\\{64\\\} -created | [0-9-]\\\+T[0-9:.]\\\+Z +created | [0-9-]\\\+T[0-9:.]\\\+[Z0-9:+-]\\\+ size | -\\\?[0-9]\\\+ " diff --git a/test/system/150-login.bats b/test/system/150-login.bats index 00c60ca95..5151ab0e1 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -56,14 +56,17 @@ function setup() { AUTHDIR=${PODMAN_LOGIN_WORKDIR}/auth mkdir -p $AUTHDIR + # Registry image; copy of docker.io, but on our own registry + local REGISTRY_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/registry:2.7" + # Pull registry image, but into a separate container storage mkdir -p ${PODMAN_LOGIN_WORKDIR}/root mkdir -p ${PODMAN_LOGIN_WORKDIR}/runroot PODMAN_LOGIN_ARGS="--root ${PODMAN_LOGIN_WORKDIR}/root --runroot ${PODMAN_LOGIN_WORKDIR}/runroot" # Give it three tries, to compensate for flakes - run_podman ${PODMAN_LOGIN_ARGS} pull registry:2.6 || - run_podman ${PODMAN_LOGIN_ARGS} pull registry:2.6 || - run_podman ${PODMAN_LOGIN_ARGS} pull registry:2.6 + run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE || + run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE || + run_podman ${PODMAN_LOGIN_ARGS} pull $REGISTRY_IMAGE # Registry image needs a cert. Self-signed is good enough. CERT=$AUTHDIR/domain.crt @@ -76,10 +79,8 @@ function setup() { # Store credentials where container will see them if [ ! -e $AUTHDIR/htpasswd ]; then - run_podman ${PODMAN_LOGIN_ARGS} run --rm \ - --entrypoint htpasswd registry:2.6 \ - -Bbn ${PODMAN_LOGIN_USER} ${PODMAN_LOGIN_PASS} \ - > $AUTHDIR/htpasswd + htpasswd -Bbn ${PODMAN_LOGIN_USER} ${PODMAN_LOGIN_PASS} \ + > $AUTHDIR/htpasswd # In case $PODMAN_TEST_KEEP_LOGIN_REGISTRY is set, for testing later echo "${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS}" \ @@ -97,7 +98,7 @@ function setup() { -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \ -e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \ - registry:2.6 + $REGISTRY_IMAGE } # END first "test" - start a registry for use by other tests @@ -189,38 +190,26 @@ EOF } @test "podman push ok" { - # ARGH! We can't push $IMAGE (alpine_labels) to this registry; error is: - # - # Writing manifest to image destination - # Error: Error copying image to the remote destination: Error writing manifest: Error uploading manifest latest to localhost:${PODMAN_LOGIN_REGISTRY_PORT}/okpush: received unexpected HTTP status: 500 Internal Server Error - # - # Root cause: something to do with v1/v2 s1/s2: - # - # https://github.com/containers/skopeo/issues/651 - # - - run_podman pull busybox - - # Preserve its ID for later comparison against push/pulled image - run_podman inspect --format '{{.Id}}' busybox - id_busybox=$output + # Preserve image ID for later comparison against push/pulled image + run_podman inspect --format '{{.Id}}' $IMAGE + iid=$output destname=ok-$(random_string 10 | tr A-Z a-z)-ok # Use command-line credentials run_podman push --tls-verify=false \ --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \ - busybox localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname + $IMAGE localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname # Yay! Pull it back run_podman pull --tls-verify=false \ --creds ${PODMAN_LOGIN_USER}:${PODMAN_LOGIN_PASS} \ localhost:${PODMAN_LOGIN_REGISTRY_PORT}/$destname - # Compare to original busybox + # Compare to original image run_podman inspect --format '{{.Id}}' $destname - is "$output" "$id_busybox" "Image ID of pulled image == busybox" + is "$output" "$iid" "Image ID of pulled image == original IID" - run_podman rmi busybox $destname + run_podman rmi $destname } # END primary podman login/push/pull tests diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 62d3c1497..06aa3bba7 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -115,9 +115,10 @@ function _assert_mainpid_is_conmon() { @test "sdnotify : container" { # Sigh... we need to pull a humongous image because it has systemd-notify. + # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this + # caused CI to hang. That's why we explicitly require fedora:31) # FIXME: is there a smaller image we could use? - _FEDORA=registry.fedoraproject.org/fedora:31 - + local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31" # Pull that image. Retry in case of flakes. run_podman pull $_FEDORA || \ run_podman pull $_FEDORA || \ diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 0fae3dcd3..39de8ad54 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -12,7 +12,7 @@ load helpers random_2=$(random_string 30) HOST_PORT=8080 - SERVER=http://localhost:$HOST_PORT + SERVER=http://127.0.0.1:$HOST_PORT # Create a test file with random content INDEX1=$PODMAN_TMPDIR/hello.txt @@ -22,7 +22,7 @@ load helpers run_podman run -d --name myweb -p "$HOST_PORT:80" \ -v $INDEX1:/var/www/index.txt \ -w /var/www \ - busybox httpd -f -p 80 + $IMAGE /bin/busybox-extras httpd -f -p 80 cid=$output # In that container, create a second file, using exec and redirection @@ -33,14 +33,14 @@ load helpers # Verify http contents: curl from localhost run curl -s $SERVER/index.txt - is "$output" "$random_1" "curl localhost:/index.txt" + is "$output" "$random_1" "curl 127.0.0.1:/index.txt" run curl -s $SERVER/index2.txt - is "$output" "$random_2" "curl localhost:/index2.txt" + is "$output" "$random_2" "curl 127.0.0.1:/index2.txt" # Verify http contents: wget from a second container - run_podman run --rm --net=host busybox wget -qO - $SERVER/index.txt + run_podman run --rm --net=host $IMAGE wget -qO - $SERVER/index.txt is "$output" "$random_1" "podman wget /index.txt" - run_podman run --rm --net=host busybox wget -qO - $SERVER/index2.txt + run_podman run --rm --net=host $IMAGE wget -qO - $SERVER/index2.txt is "$output" "$random_2" "podman wget /index2.txt" # Tests #4889 - two-argument form of "podman ports" was broken @@ -57,7 +57,6 @@ load helpers # Clean up run_podman stop -t 1 myweb run_podman rm myweb - run_podman rmi busybox } # Issue #5466 - port-forwarding doesn't work with this option and -d diff --git a/test/system/build-testimage b/test/system/build-testimage new file mode 100755 index 000000000..64aa46337 --- /dev/null +++ b/test/system/build-testimage @@ -0,0 +1,59 @@ +#!/bin/bash +# +# build-testimage - script for producing a test image for podman CI +# +# The idea is to have a small multi-purpose image that can be pulled once +# by system tests and used for as many tests as possible. This image +# should live on quay.io, should be small in size, and should include +# as many components as needed by system tests so they don't have to +# pull other images. +# +# Unfortunately, "small" is incompatible with "systemd" so tests +# still need a fedora image for that. +# + +# Tag for this new image +YMD=$(date +%Y%m%d) + +# git-relative path to this script +create_script=$(cd $(dirname $0) && git ls-files --full-name $(basename $0)) +if [ -z "$create_script" ]; then + create_script=$0 +fi + +# Creation timestamp, Zulu time +create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ') + +set -ex + +# Please document the reason for all flags, apk's, and anything non-obvious +# +# --squash-all : needed by 'tree' test in 070-build.bats +# busybox-extras : provides httpd needed in 500-networking.bats +# +podman rmi -f testimage &> /dev/null || true +podman build --squash-all -t testimage - <<EOF +FROM docker.io/library/alpine:3.12.0 +RUN apk add busybox-extras +LABEL created_by=$create_script +LABEL created_at=$create_time_z +CMD ["/bin/echo", "This container is intended for podman CI testing"] +EOF + +# Tag and push to quay. +podman tag testimage quay.io/edsantiago/testimage:$YMD +podman push quay.io/edsantiago/testimage:$YMD + +# Side note: there should always be a testimage tagged ':00000000' +# (eight zeroes) in the same location; this is used by tests which +# need to pull a non-locally-cached image. This image will rarely +# if ever need to change, nor in fact does it even have to be a +# copy of this testimage since all we use it for is 'true'. +# +# As of 2020-09-02 it is simply busybox, because it is super small: +# +# podman pull docker.io/library/busybox:1.32.0 +# podman tag docker.io/library/busybox:1.32.0 \ +# quay.io/edsantiago/testimage:00000000 +# podman push quay.io/edsantiago/testimage:00000000 +# diff --git a/test/system/helpers.bash b/test/system/helpers.bash index a6414344e..514ba249e 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -6,8 +6,8 @@ PODMAN=${PODMAN:-podman} # Standard image to use for most tests PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"} -PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"alpine_labels"} -PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"latest"} +PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} +PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200902"} PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG" # Because who wants to spell that out each time? @@ -67,7 +67,7 @@ function basic_teardown() { run_podman '?' pod rm --all --force run_podman '?' rm --all --force - /bin/rm -rf $PODMAN_TMPDIR + command rm -rf $PODMAN_TMPDIR } |