diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/apiv2/20-containers.at | 3 | ||||
| -rw-r--r-- | test/apiv2/35-networks.at | 12 | ||||
| -rwxr-xr-x | test/compose/test-compose | 1 | ||||
| -rw-r--r-- | test/e2e/build_test.go | 4 | ||||
| -rw-r--r-- | test/e2e/checkpoint_image_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/checkpoint_test.go | 5 | ||||
| -rw-r--r-- | test/e2e/info_test.go | 15 | ||||
| -rw-r--r-- | test/e2e/kill_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/manifest_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/network_connect_disconnect_test.go | 2 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 171 | ||||
| -rw-r--r-- | test/e2e/pod_create_test.go | 1 | ||||
| -rw-r--r-- | test/e2e/push_test.go | 27 | ||||
| -rw-r--r-- | test/e2e/run_passwd_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 7 | ||||
| -rw-r--r-- | test/system/001-basic.bats | 11 | ||||
| -rw-r--r-- | test/system/005-info.bats | 17 | ||||
| -rw-r--r-- | test/system/030-run.bats | 2 | ||||
| -rw-r--r-- | test/system/160-volumes.bats | 8 | ||||
| -rw-r--r-- | test/system/170-run-userns.bats | 2 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 76 | ||||
| -rw-r--r-- | test/system/251-system-service.bats | 4 | ||||
| -rw-r--r-- | test/system/400-unprivileged-access.bats | 1 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 2 | ||||
| -rw-r--r-- | test/utils/utils.go | 6 |
25 files changed, 349 insertions, 46 deletions
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index 6ef4ef917..a8d9baef3 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -123,7 +123,8 @@ t GET libpod/containers/${cid}/json 200 \ .Id=$cid \ .State.Status~\\\(exited\\\|stopped\\\) \ .State.Running=false \ - .State.ExitCode=0 + .State.ExitCode=0 \ + .Config.Umask=0022 # regression check for #15036 t DELETE libpod/containers/$cid 200 .[0].Id=$cid CNAME=myfoo diff --git a/test/apiv2/35-networks.at b/test/apiv2/35-networks.at index fcff26521..07ba45efb 100644 --- a/test/apiv2/35-networks.at +++ b/test/apiv2/35-networks.at @@ -84,12 +84,24 @@ t GET networks?filters='{"dangling":["true","0"]}' 500 \ t GET networks?filters='{"name":["doesnotexists"]}' 200 \ "[]" +# check default name in list endpoint +t GET networks 200 \ + .[].Name~.*bridge.* + # network inspect docker t GET networks/$network1_id 200 \ .Name=network1 \ .Id=$network1_id \ .Scope=local +# inspect default bridge network +t GET networks/bridge 200 \ + .Name=bridge + +# inspect default bridge network with real podman name should return real name +t GET networks/podman 200 \ + .Name=podman + # network create docker t POST networks/create Name=net3\ IPAM='{"Config":[]}' 201 # network delete docker diff --git a/test/compose/test-compose b/test/compose/test-compose index 7c4bf2e91..99d063c25 100755 --- a/test/compose/test-compose +++ b/test/compose/test-compose @@ -212,7 +212,6 @@ function start_service() { rm -f $DOCKER_SOCK mkdir --mode 0755 $WORKDIR/{root,runroot,cni} chcon --reference=/var/lib/containers $WORKDIR/root - cp /etc/cni/net.d/*podman*conflist $WORKDIR/cni/ $PODMAN_BIN \ --log-level debug \ diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 9ecc2f8c6..424c7244e 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -524,6 +524,8 @@ subdir**` // See https://github.com/containers/podman/issues/13535 It("Remote build .containerignore filtering embedded directory (#13535)", func() { SkipIfNotRemote("Testing remote .containerignore file filtering") + Skip("FIXME: #15014: test times out in 'dd' on f36.") + podmanTest.RestartRemoteService() // Switch to temp dir and restore it afterwards @@ -552,7 +554,7 @@ subdir**` Expect(ioutil.WriteFile(filepath.Join(subdirPath, "extra"), contents.Bytes(), 0644)). ToNot(HaveOccurred()) randomFile := filepath.Join(subdirPath, "randomFile") - dd := exec.Command("dd", "if=/dev/random", "of="+randomFile, "bs=1G", "count=1") + dd := exec.Command("dd", "if=/dev/urandom", "of="+randomFile, "bs=1G", "count=1") ddSession, err := Start(dd, GinkgoWriter, GinkgoWriter) Expect(err).ToNot(HaveOccurred()) Eventually(ddSession, "10s", "1s").Should(Exit(0)) diff --git a/test/e2e/checkpoint_image_test.go b/test/e2e/checkpoint_image_test.go index 94320a70e..5700802e8 100644 --- a/test/e2e/checkpoint_image_test.go +++ b/test/e2e/checkpoint_image_test.go @@ -58,6 +58,7 @@ var _ = Describe("Podman checkpoint", func() { }) It("podman checkpoint --create-image with running container", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) containerName := "alpine-container-" + RandomString(6) @@ -163,7 +164,8 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) - It("podman restore multiple containers from single checkpint image", func() { + It("podman restore multiple containers from single checkpoint image", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) containerName := "alpine-container-" + RandomString(6) @@ -225,7 +227,8 @@ var _ = Describe("Podman checkpoint", func() { Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) }) - It("podman restore multiple containers from multiple checkpint images", func() { + It("podman restore multiple containers from multiple checkpoint images", func() { + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") // Container image must be lowercase checkpointImage1 := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) checkpointImage2 := "alpine-checkpoint-" + strings.ToLower(RandomString(6)) diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 5ccafeb37..a4646b6d1 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -57,6 +57,7 @@ var _ = Describe("Podman checkpoint", func() { BeforeEach(func() { SkipIfRootless("checkpoint not supported in rootless mode") + SkipIfContainerized("FIXME: #15015. All checkpoint tests hang when containerized.") tempdir, err = CreateTempDirInTempDir() Expect(err).To(BeNil()) @@ -1128,6 +1129,10 @@ var _ = Describe("Podman checkpoint", func() { share := share // copy into local scope, for use inside function It(testName, func() { + if podmanTest.Host.Distribution == "ubuntu" && IsRemote() { + Skip("FIXME: #15018. Cannot restore --pod under cgroupsV1 and remote") + } + if !criu.CheckForCriu(criu.PodCriuVersion) { Skip("CRIU is missing or too old.") } diff --git a/test/e2e/info_test.go b/test/e2e/info_test.go index 2c2c82cb6..9d31deb55 100644 --- a/test/e2e/info_test.go +++ b/test/e2e/info_test.go @@ -152,4 +152,19 @@ var _ = Describe("Podman Info", func() { Expect(session.OutputToString()).To(ContainSubstring("memory")) Expect(session.OutputToString()).To(ContainSubstring("pids")) }) + + It("Podman info: check desired runtime", func() { + // defined in .cirrus.yml + want := os.Getenv("CI_DESIRED_RUNTIME") + if want == "" { + if os.Getenv("CIRRUS_CI") == "" { + Skip("CI_DESIRED_RUNTIME is not set--this is OK because we're not running under Cirrus") + } + Fail("CIRRUS_CI is set, but CI_DESIRED_RUNTIME is not! See #14912") + } + session := podmanTest.Podman([]string{"info", "--format", "{{.Host.OCIRuntime.Name}}"}) + session.WaitWithDefaultTimeout() + Expect(session).To(Exit(0)) + Expect(session.OutputToString()).To(Equal(want)) + }) }) diff --git a/test/e2e/kill_test.go b/test/e2e/kill_test.go index 2a9a86729..9b33e2f0d 100644 --- a/test/e2e/kill_test.go +++ b/test/e2e/kill_test.go @@ -129,6 +129,7 @@ var _ = Describe("Podman kill", func() { }) It("podman kill paused container", func() { + SkipIfRootlessCgroupsV1("pause is not supported for cgroupv1 rootless") ctrName := "testctr" session := podmanTest.RunTopContainer(ctrName) session.WaitWithDefaultTimeout() diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 1f58419a1..ecddf2935 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -293,6 +293,9 @@ var _ = Describe("Podman manifest", func() { }) It("authenticated push", func() { + if podmanTest.Host.Distribution == "ubuntu" && IsRemote() { + Skip("FIXME: #15017. Registry times out.") + } registryOptions := &podmanRegistry.Options{ Image: "docker-archive:" + imageTarPath(REGISTRY_IMAGE), } diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go index c9ffe6a8d..ece1b519d 100644 --- a/test/e2e/network_connect_disconnect_test.go +++ b/test/e2e/network_connect_disconnect_test.go @@ -71,6 +71,7 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network disconnect", func() { + SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() @@ -180,6 +181,7 @@ var _ = Describe("Podman network connect and disconnect", func() { }) It("podman network connect", func() { + SkipIfRootlessCgroupsV1("stats not supported under rootless CgroupsV1") netName := "aliasTest" + stringid.GenerateNonCryptoID() session := podmanTest.Podman([]string{"network", "create", netName}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 457aaebb2..1b4eefd45 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -29,6 +29,76 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) +var secretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecret +type: Opaque +data: + username: dXNlcg== + password: NTRmNDFkMTJlOGZh +` + +var complexSecretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecrettwo +type: Opaque +data: + username: Y2RvZXJuCg== + password: dGVzdGluZ3Rlc3RpbmcK + note: a3ViZSBzZWNyZXRzIGFyZSBjb29sIQo= +` + +var secretPodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false +` + +var secretPodYamlTwo = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod2 +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + - name: bar + mountPath: /etc/bar + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false + - name: bar + secret: + secretName: newsecrettwo + optional: false +` + var unknownKindYaml = ` apiVersion: v1 kind: UnknownKind @@ -1559,8 +1629,10 @@ var _ = Describe("Podman play kube", func() { }) // If you have an init container in the pod yaml, podman should create and run the init container with play kube - It("podman play kube test with init containers", func() { - pod := getPod(withPodInitCtr(getCtr(withImage(ALPINE), withCmd([]string{"echo", "hello"}), withInitCtr(), withName("init-test"))), withCtr(getCtr(withImage(ALPINE), withCmd([]string{"top"})))) + // With annotation set to always + It("podman play kube test with init containers and annotation set", func() { + // With the init container type annotation set to always + pod := getPod(withAnnotation("io.podman.annotations.init.container.type", "always"), withPodInitCtr(getCtr(withImage(ALPINE), withCmd([]string{"echo", "hello"}), withInitCtr(), withName("init-test"))), withCtr(getCtr(withImage(ALPINE), withCmd([]string{"top"})))) err := generateKubeYaml("pod", pod, kubeYaml) Expect(err).To(BeNil()) @@ -1585,6 +1657,29 @@ var _ = Describe("Podman play kube", func() { Expect(inspect.OutputToString()).To(ContainSubstring("running")) }) + // If you have an init container in the pod yaml, podman should create and run the init container with play kube + // Using default init container type (once) + It("podman play kube test with init container type set to default value", func() { + // Using the default init container type (once) + pod := getPod(withPodInitCtr(getCtr(withImage(ALPINE), withCmd([]string{"echo", "hello"}), withInitCtr(), withName("init-test"))), withCtr(getCtr(withImage(ALPINE), withCmd([]string{"top"})))) + err := generateKubeYaml("pod", pod, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // Expect the number of containers created to be 2, infra and regular container + numOfCtrs := podmanTest.NumberOfContainers() + Expect(numOfCtrs).To(Equal(2)) + + // Regular container should be in running state + inspect := podmanTest.Podman([]string{"inspect", "--format", "{{.State.Status}}", "testPod-" + defaultCtrName}) + inspect.WaitWithDefaultTimeout() + Expect(inspect).Should(Exit(0)) + Expect(inspect.OutputToString()).To(ContainSubstring("running")) + }) + // If you supply only args for a Container, the default Entrypoint defined in the Docker image is run with the args that you supplied. It("podman play kube test correct command with only set args in yaml file", func() { pod := getPod(withCtr(getCtr(withImage(REGISTRY_IMAGE), withCmd(nil), withArg([]string{"echo", "hello"})))) @@ -3468,7 +3563,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q SkipIfRemote("cannot run in a remote setup") address := url.URL{ Scheme: "tcp", - Host: net.JoinHostPort("localhost", randomPort()), + Host: net.JoinHostPort("localhost", "8080"), } session := podmanTest.Podman([]string{ @@ -3832,4 +3927,74 @@ ENV OPENJ9_JAVA_OPTIONS=%q Expect(kube).Should(Exit(125)) }) + It("podman play kube secret as volume support", func() { + err := writeYaml(secretYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + secretList := podmanTest.Podman([]string{"secret", "list"}) + secretList.WaitWithDefaultTimeout() + Expect(secretList).Should(Exit(0)) + Expect(secretList.OutputToString()).Should(ContainSubstring("newsecret")) + + err = writeYaml(secretPodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec := podmanTest.Podman([]string{"exec", "-it", "mypod-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + secretRm := podmanTest.Podman([]string{"secret", "rm", "newsecret"}) + secretRm.WaitWithDefaultTimeout() + Expect(secretRm).Should(Exit(0)) + + podRm := podmanTest.Podman([]string{"pod", "rm", "-f", "mypod"}) + podRm.WaitWithDefaultTimeout() + Expect(podRm).Should(Exit(0)) + + yamls := []string{secretYaml, secretPodYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // do not remove newsecret to test that we auto remove on collision + + yamls = []string{secretYaml, complexSecretYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + err = writeYaml(secretPodYamlTwo, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/bar/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("Y2RvZXJuCg==")) + + }) + }) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 3caae2bd5..24d9d6854 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -1051,6 +1051,7 @@ ENTRYPOINT ["sleep","99999"] It("podman pod create --share-parent test", func() { SkipIfRootlessCgroupsV1("rootless cannot use cgroups with cgroupsv1") + SkipIfCgroupV1("FIXME: #15013: CgroupMode shows 'host' instead of CID under Cgroups V1.") podCreate := podmanTest.Podman([]string{"pod", "create", "--share-parent=false"}) podCreate.WaitWithDefaultTimeout() Expect(podCreate).Should(Exit(0)) diff --git a/test/e2e/push_test.go b/test/e2e/push_test.go index 97567e40d..f2a103f6b 100644 --- a/test/e2e/push_test.go +++ b/test/e2e/push_test.go @@ -116,15 +116,26 @@ var _ = Describe("Podman push", func() { push := podmanTest.Podman([]string{"push", "-q", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) push.WaitWithDefaultTimeout() Expect(push).Should(Exit(0)) + Expect(len(push.ErrorToString())).To(Equal(0)) - SkipIfRemote("Remote does not support --digestfile") - // Test --digestfile option - push2 := podmanTest.Podman([]string{"push", "--tls-verify=false", "--digestfile=/tmp/digestfile.txt", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) - push2.WaitWithDefaultTimeout() - fi, err := os.Lstat("/tmp/digestfile.txt") - Expect(err).To(BeNil()) - Expect(fi.Name()).To(Equal("digestfile.txt")) - Expect(push2).Should(Exit(0)) + push = podmanTest.Podman([]string{"push", "--tls-verify=false", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + push.WaitWithDefaultTimeout() + Expect(push).Should(Exit(0)) + output := push.ErrorToString() + Expect(output).To(ContainSubstring("Copying blob ")) + Expect(output).To(ContainSubstring("Copying config ")) + Expect(output).To(ContainSubstring("Writing manifest to image destination")) + Expect(output).To(ContainSubstring("Storing signatures")) + + if !IsRemote() { // Remote does not support --digestfile + // Test --digestfile option + push2 := podmanTest.Podman([]string{"push", "--tls-verify=false", "--digestfile=/tmp/digestfile.txt", "--remove-signatures", ALPINE, "localhost:5000/my-alpine"}) + push2.WaitWithDefaultTimeout() + fi, err := os.Lstat("/tmp/digestfile.txt") + Expect(err).To(BeNil()) + Expect(fi.Name()).To(Equal("digestfile.txt")) + Expect(push2).Should(Exit(0)) + } }) It("podman push to local registry with authorization", func() { diff --git a/test/e2e/run_passwd_test.go b/test/e2e/run_passwd_test.go index 411e12218..20a6ee3b1 100644 --- a/test/e2e/run_passwd_test.go +++ b/test/e2e/run_passwd_test.go @@ -66,10 +66,15 @@ RUN rm -f /etc/passwd /etc/shadow /etc/group USER 1000`, ALPINE) imgName := "testimg" podmanTest.BuildImage(dockerfile, imgName, "false") - session := podmanTest.Podman([]string{"run", "--rm", imgName, "ls", "/etc/"}) + session := podmanTest.Podman([]string{"run", "--passwd=false", "--rm", imgName, "ls", "/etc/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(Not(ContainSubstring("passwd"))) + + // test that the /etc/passwd file is created + session = podmanTest.Podman([]string{"run", "--rm", "--user", "0:0", imgName, "ls", "/etc/passwd"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) }) It("podman run with no user specified does not change --group specified", func() { diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 6edb705a1..64b70f1ee 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -91,7 +91,8 @@ var _ = Describe("Podman run", func() { if exitCode == 0 { Expect(session.OutputToString()).To(ContainSubstring("aarch64")) } else { - Expect(session.ErrorToString()).To(ContainSubstring("Exec format error")) + // crun says 'Exec', runc says 'exec'. Handle either. + Expect(session.ErrorToString()).To(ContainSubstring("xec format error")) } }) @@ -714,6 +715,7 @@ USER bin`, BB) }) It("podman run device-read-bps test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users") @@ -733,6 +735,7 @@ USER bin`, BB) }) It("podman run device-write-bps test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-write-bps not supported on cgroupv1 for rootless users") @@ -751,6 +754,7 @@ USER bin`, BB) }) It("podman run device-read-iops test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-read-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration @@ -769,6 +773,7 @@ USER bin`, BB) }) It("podman run device-write-iops test", func() { + SkipIfCgroupV1("FIXME: #15035 - bps broken") SkipIfRootless("FIXME: requested cgroup controller `io` is not available") SkipIfRootlessCgroupsV1("Setting device-write-iops not supported on cgroupv1 for rootless users") var session *PodmanSessionIntegration diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index 0d2a99d4b..cf37fc07c 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -61,8 +61,19 @@ function setup() { } @test "podman can pull an image" { + run_podman rmi -a run_podman pull $IMAGE + # Regression test for https://github.com/containers/image/pull/1615 + # Make sure no progress lines are duplicated + local -A line_seen + for line in "${lines[@]}"; do + if [[ -n "${line_seen[$line]}" ]]; then + die "duplicate podman-pull output line: $line" + fi + line_seen[$line]=1 + done + # Also make sure that the tag@digest syntax is supported. run_podman inspect --format "{{ .Digest }}" $IMAGE digest=$output diff --git a/test/system/005-info.bats b/test/system/005-info.bats index 333553b07..43a345f11 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -55,7 +55,24 @@ host.slirp4netns.executable | $expr_path dprint "# actual=<$actual> expect=<$expect>" is "$actual" "$expect" "jq .$field" done +} + +@test "podman info - confirm desired runtime" { + if [[ -z "$CI_DESIRED_RUNTIME" ]]; then + # When running in Cirrus, CI_DESIRED_RUNTIME *must* be defined + # in .cirrus.yml so we can double-check that all CI VMs are + # using crun/runc as desired. + if [[ -n "$CIRRUS_CI" ]]; then + die "CIRRUS_CI is set, but CI_DESIRED_RUNTIME is not! See #14912" + fi + + # Not running under Cirrus (e.g., gating tests, or dev laptop). + # Totally OK to skip this test. + skip "CI_DESIRED_RUNTIME is unset--OK, because we're not in Cirrus" + fi + run_podman info --format '{{.Host.OCIRuntime.Name}}' + is "$output" "$CI_DESIRED_RUNTIME" "CI_DESIRED_RUNTIME (from .cirrus.yml)" } # 2021-04-06 discussed in watercooler: RHEL must never use crun, even if diff --git a/test/system/030-run.bats b/test/system/030-run.bats index b3e3cef00..e62e7679f 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -70,6 +70,7 @@ echo $rand | 0 | $rand } @test "podman run - uidmapping has no /sys/kernel mounts" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "cannot umount as rootless" skip_if_remote "TODO Fix this for remote case" @@ -805,6 +806,7 @@ EOF # rhbz#1902979 : podman run fails to update /etc/hosts when --uidmap is provided @test "podman run update /etc/hosts" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" HOST=$(random_string 25) run_podman run --uidmap 0:10001:10002 --rm --hostname ${HOST} $IMAGE grep ${HOST} /etc/hosts is "${lines[0]}" ".*${HOST}.*" diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index da60112a0..18e806699 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -149,16 +149,16 @@ EOF # By default, volumes are mounted exec, but we have manually added the # noexec option. This should fail. - # ARGH. Unfortunately, runc (used for cgroups v1) produces a different error + # ARGH. Unfortunately, runc (used for cgroups v1) has different exit status local expect_rc=126 - local expect_msg='.* OCI permission denied.*' if [[ $(podman_runtime) = "runc" ]]; then expect_rc=1 - expect_msg='.* exec user process caused.*permission denied' fi run_podman ${expect_rc} run --rm --volume $myvolume:/vol:noexec,z $IMAGE /vol/myscript - is "$output" "$expect_msg" "run on volume, noexec" + # crun and runc emit different messages, and even runc is inconsistent + # with itself (output changed some time in 2022?). Deal with all. + assert "$output" =~ 'exec.* permission denied' "run on volume, noexec" # With the default, it should pass run_podman run --rm -v $myvolume:/vol:z $IMAGE /vol/myscript diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats index 2ad9eb0b8..5ad7473da 100644 --- a/test/system/170-run-userns.bats +++ b/test/system/170-run-userns.bats @@ -30,6 +30,7 @@ function _require_crun() { } @test "podman --group-add without keep-groups while in a userns" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "chroot is not allowed in rootless mode" skip_if_remote "--group-add keep-groups not supported in remote mode" run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id @@ -37,6 +38,7 @@ function _require_crun() { } @test "rootful pod with custom ID mapping" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "does not work rootless - rootful feature" random_pod_name=$(random_string 30) run_podman pod create --uidmap 0:200000:5000 --name=$random_pod_name diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 7b7f5e8bb..667e2baef 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -2,12 +2,17 @@ load helpers +LOOPDEVICE= + # This is a long ugly way to clean up pods and remove the pause image function teardown() { run_podman pod rm -f -t 0 -a run_podman rm -f -t 0 -a run_podman rmi --ignore $(pause_image) basic_teardown + if [[ -n "$LOOPDEVICE" ]]; then + losetup -d $LOOPDEVICE + fi } @@ -474,31 +479,56 @@ spec: @test "pod resource limits" { skip_if_remote "resource limits only implemented on non-remote" - if is_rootless; then - skip "only meaningful for rootful" + skip_if_rootless "resource limits only work with root" + skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2" + + # create loopback device + lofile=${PODMAN_TMPDIR}/disk.img + fallocate -l 1k ${lofile} + LOOPDEVICE=$(losetup --show -f $lofile) + + # tr needed because losetup seems to use %2d + lomajmin=$(losetup -l --noheadings --output MAJ:MIN $LOOPDEVICE | tr -d ' ') + run grep -w bfq /sys/block/$(basename ${LOOPDEVICE})/queue/scheduler + if [ $status -ne 0 ]; then + skip "BFQ scheduler is not supported on the system" + if [ -f ${lofile} ]; then + run_podman '?' rm -t 0 --all --force --ignore + + while read path dev; do + if [[ "$path" == "$lofile" ]]; then + losetup -d $dev + fi + done < <(losetup -l --noheadings --output BACK-FILE,NAME) + rm ${lofile} + fi fi + echo bfq > /sys/block/$(basename ${LOOPDEVICE})/queue/scheduler + + expected_limits=" +cpu.max | 500000 100000 +memory.max | 5242880 +memory.swap.max | 1068498944 +io.max | $lomajmin rbps=1048576 wbps=1048576 riops=max wiops=max +" + + for cgm in systemd cgroupfs; do + local name=resources-$cgm + run_podman --cgroup-manager=$cgm pod create --name=$name --cpus=5 --memory=5m --memory-swap=1g --cpu-shares=1000 --cpuset-cpus=0 --cpuset-mems=0 --device-read-bps=${LOOPDEVICE}:1mb --device-write-bps=${LOOPDEVICE}:1mb --blkio-weight-device=${LOOPDEVICE}:123 --blkio-weight=50 + run_podman --cgroup-manager=$cgm pod start $name + run_podman pod inspect --format '{{.CgroupPath}}' $name + local cgroup_path="$output" + + while read unit expect; do + local actual=$(< /sys/fs/cgroup/$cgroup_path/$unit) + is "$actual" "$expect" "resource limit under $cgm: $unit" + done < <(parse_table "$expected_limits") + run_podman --cgroup-manager=$cgm pod rm -f $name + done - local name1="resources1" - run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m - run_podman --cgroup-manager=systemd pod start $name1 - run_podman pod inspect --format '{{.CgroupPath}}' $name1 - local path1="$output" - local actual1=$(< /sys/fs/cgroup/$path1/cpu.max) - is "$actual1" "500000 100000" "resource limits set properly" - local actual2=$(< /sys/fs/cgroup/$path1/memory.max) - is "$actual2" "10485760" "resource limits set properly" - run_podman pod --cgroup-manager=systemd rm -f $name1 - - local name2="resources2" - run_podman --cgroup-manager=cgroupfs pod create --cpus=5 --memory=10m --name=$name2 - run_podman --cgroup-manager=cgroupfs pod start $name2 - run_podman pod inspect --format '{{.CgroupPath}}' $name2 - local path2="$output" - local actual2=$(< /sys/fs/cgroup/$path2/cpu.max) - is "$actual2" "500000 100000" "resource limits set properly" - local actual2=$(< /sys/fs/cgroup/$path2/memory.max) - is "$actual2" "10485760" "resource limits set properly" - run_podman --cgroup-manager=cgroupfs pod rm $name2 + # Clean up, and prevent duplicate cleanup in teardown + losetup -d $LOOPDEVICE + LOOPDEVICE= } @test "podman pod ps doesn't race with pod rm" { diff --git a/test/system/251-system-service.bats b/test/system/251-system-service.bats index edee4a28c..197d1cb18 100644 --- a/test/system/251-system-service.bats +++ b/test/system/251-system-service.bats @@ -17,6 +17,10 @@ function teardown() { @test "podman-system-service containers survive service stop" { skip_if_remote "podman system service unavailable over remote" + local runtime=$(podman_runtime) + if [[ "$runtime" != "crun" ]]; then + skip "survival code only implemented in crun; you're using $runtime" + fi port=$(random_free_port) URL=tcp://127.0.0.1:$port diff --git a/test/system/400-unprivileged-access.bats b/test/system/400-unprivileged-access.bats index 710ff066c..0d6be2d60 100644 --- a/test/system/400-unprivileged-access.bats +++ b/test/system/400-unprivileged-access.bats @@ -7,6 +7,7 @@ load helpers @test "podman container storage is not accessible by unprivileged users" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" skip_if_rootless "test meaningless without suid" skip_if_remote diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 50eb15216..f45540f5f 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -84,6 +84,7 @@ load helpers # Issue #5466 - port-forwarding doesn't work with this option and -d @test "podman networking: port with --userns=keep-id for rootless or --uidmap=* for rootful" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" for cidr in "" "$(random_rfc1918_subnet).0/24"; do myport=$(random_free_port 52000-52999) if [[ -z $cidr ]]; then @@ -744,6 +745,7 @@ EOF } @test "podman run /etc/* permissions" { + skip_if_cgroupsv1 "FIXME: #15025: run --uidmap fails on cgroups v1" userns="--userns=keep-id" if ! is_rootless; then userns="--uidmap=0:1111111:65536 --gidmap=0:1111111:65536" diff --git a/test/utils/utils.go b/test/utils/utils.go index 36f5a9414..e84b57cc6 100644 --- a/test/utils/utils.go +++ b/test/utils/utils.go @@ -365,7 +365,11 @@ func (s *PodmanSession) WaitWithDefaultTimeout() { // WaitWithTimeout waits for process finished with DefaultWaitTimeout func (s *PodmanSession) WaitWithTimeout(timeout int) { - Eventually(s, timeout).Should(Exit()) + Eventually(s, timeout).Should(Exit(), func() string { + // in case of timeouts show output + return fmt.Sprintf("command timed out after %ds: %v\nSTDOUT: %s\nSTDERR: %s", + timeout, s.Command.Args, string(s.Out.Contents()), string(s.Err.Contents())) + }) os.Stdout.Sync() os.Stderr.Sync() fmt.Println("output:", s.OutputToString()) |