summaryrefslogtreecommitdiff
path: root/contrib/cirrus
Commit message (Collapse)AuthorAge
* System tests: new system-df and passwd testsEd Santiago2020-07-30
| | | | | | | | | | | | | | | | | | | | | | - New test for #6991 - passwd file is writable even when run with --userns=keep-id - Enable another keep-id test, commented out due to #6593 - New test for podman system df Also, independently, removed this line: apt-get -y upgrade conmon ...because it's causing CI failures, probably because of the boothole CVE, probably because the Ubuntu grub update was rushed out. I believe it is safe to remove this, because both Ubuntu 19 and 20 report: conmon is already the newest version (2.0.18~1). Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformatter: more libpod-podman falloutEd Santiago2020-07-29
| | | | | | | | | | | Problem: formatted logs no longer have live links to sources in error-report lines. Cause: script was searching for '/libpod'. Solution: make it more flexible. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Switch all references to github.com/containers/libpod -> podmanDaniel J Walsh2020-07-28
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* CI - various fixesEd Santiago2020-07-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Primary purpose: upgrade crun to 0.14 on f31, in hopes of eliminating the 'cgroups.freeze' flake that is plaguing CI. While I'm at it: - remove a no-longer-needed dnf upgrade that was running in CI itself (not image building, in each actual CI run). The purpose was to upgrade conmon, but that was added a long time ago and the required conmon is now in stable. The effect of this dnf upgrade today was simply to cause flakes when fedora repos were offline. - remove a no-longer-needed check for varlink. - networking.sh : add a timeout! 'openssl s_client' will happily hang forever if a host is unreachable, which means we waste two hours waiting for Cirrus to time out. - timestamp.awk : include date (not just time) in START/END msgs. There are times when I'm looking at a CI log and it is ultra important to know if it is from yesterday or today. - add progress messages in some places where I've previously struggled to understand context in logs; and improve some unlikely error messages to include script name. ...then, after all that, wrote a new README about how to to all this. Hope it helps someone. Signed-off-by: Ed Santiago <santiago@redhat.com>
* CI: fix rootless permission errorEd Santiago2020-07-23
| | | | | | | | | | | | | CI runs are failing in special_testing_rootless: mkdir /var/tmp/go/pkg: permission denied Probable cause: #6822, which universally set GOPATH. Solution: in rootless setup, chown -R GOPATH as well as GOSRC (the latter was already being chowned). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7050 from edsantiago/logformat_trim_remoteOpenShift Merge Robot2020-07-22
|\ | | | | logformatter: handle podman-remote
| * logformatter: handle podman-remoteEd Santiago2020-07-22
| | | | | | | | | | | | | | | | | | | | Oops! Logs of podman-remote tests are unreadable, they have multiple (useless) --remote options plus '--url /something/long' that makes it impossible to read the actual command being run. This commit strips off '--remote' entirely, and hides '--url' and its arg in the only-on-mouse-hover '[options]' text. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Cirrus: Add packages that provide htpasswdChris Evich2020-07-22
| | | | | | | | | | | | | | | | | | Mainly needed for buildah testing: the htpasswd command was removed from the upstream registry container image. Making it available on the host-side enables configuring details needed by the registry during it's initial setup. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Cirrus: Ensure GOPATH is properly set during image-buildsChris Evich2020-07-22
|/ | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #6992 from rhatdan/apparmorOpenShift Merge Robot2020-07-22
|\ | | | | Support default profile for apparmor
| * Support default profile for apparmorDaniel J Walsh2020-07-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently you can not apply an ApparmorProfile if you specify --privileged. This patch will allow both to be specified simultaniosly. By default Apparmor should be disabled if the user specifies --privileged, but if the user specifies --security apparmor:PROFILE, with --privileged, we should do both. Added e2e run_apparmor_test.go Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | logformatter: update MAGIC BLOB stringEd Santiago2020-07-20
|/ | | | | | | | | | | | | | | | | | | | | Fallout from libpod->podman repo name move: the HTML logs created by logformatter are no longer accessible. They render as: https://storage.googleapis.com/SECRET-5385732420009984-fcae48/artifacts/containers/podman/6313596734930944/html/integration_test.log.html (yes, "SECRET" instead of "cirrus-ci". Possibly because the GCE_SSH_USERNAME key, "cirrus-ci", was overzealously encrypted, making Cirrus censor any instances of the string in output. Let's see if this fixes it. But anyway this is a secondary unrelated bug). Reason: it looks like Cirrus "generated a new magic blob" when we renamed libpod -> podman. Chris was kind enough to locate the new magic blob and to give me a link to where we can discover it ourselves. I added that as a code comment. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Fix systemd pid 1 testBrent Baude2020-07-13
| | | | | | | | | | fedora removed the systemd package from its standard container image causing our systemd pid1 test to fail. Replacing usage of fedora to ubi-init. adding ubi images to the cache for local tests. also, remove installation of test/policy.json to the system wide /etc/containers Signed-off-by: Brent Baude <bbaude@redhat.com>
* system tests: invoke with abs path to podmanEd Santiago2020-06-23
| | | | | | | | | | | | | | | | | | | | | | Reversion of one part of #6679: my handling of 'realpath' would not work when $PODMAN is 'podman-remote --url etc'. Trying to handle that case got unmaintainable; so instead let's just force 'make {local,remote}system' to invoke with a full PODMAN path. This breaks down if someone runs the tests with a manual 'bats' invocation, but I think I'm the only one who ever does that. Since podman path will now be very long in the logs, add code to logformatter to abbreviate it like we do for the ginkgo logs. And, one thing that has bugged me for a long time: in the error logs, show a different prompt ('#' vs '$') to distinguish root vs rootless. This should make it much easier to see at-a-glance whether a log file is root or not. Add tests for it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6530 from edsantiago/test_podman_remoteOpenShift Merge Robot2020-06-10
|\ | | | | Enable, then partially disable, podman-remote testing
| * WIP: Enable (and disable) remote testingEd Santiago2020-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman-remote has not been tested. A principal part of the problem was #5387 - the YAML I wrote did not have the intended effect, it did not set TEST_REMOTE_CLIENT=true and because of my multiple iterations I did not catch this during testing. Part 1 of this PR is to fix .cirrus.yml to enable remote tests. Part 2 -- what I had first noticed and tried to fix -- is that rootless_test.sh was never running remote because, of course, envariables are not sent via ssh. I reworked integration_test.sh and rootless_test.sh to use a command-line decision instead. Part 3, sigh, is to disable one failing integration test and *all* system tests, because so many of the latter are failing. Addressing those failures needs to be done in subsequent PRs. Issues #6538, #6539, #6540 are filed for some of the problems I isolated. There will be more. Also, minor, fixed some stale references to varlink. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #6193 from cevich/conmon_ci_packagesOpenShift Merge Robot2020-06-09
|\ \ | |/ |/| Cirrus: Include packages for containers/conmon CI
| * Cirrus: Include packages for containers/conmon CIChris Evich2020-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows the containers/conmon repository to share the same VM images produced by containers/libpod. Included are several packages which are downloaded only since they might otherwise interfere with testing for some repos. This allows stable versions to be at the ready at testing runtime, avoiding any version updates surprising developers. Also, re-enable running the VM-image check test which was not working due to a logic problem in Cirrus-CI configuration. Update the neglected tests so that they pass on all distros. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #6521 from cevich/update_cors_docsOpenShift Merge Robot2020-06-09
|\ \ | | | | | | [CI:DOCS] Improve swagger+CORS metadata docs
| * | Improve swagger+CORS metadata docsChris Evich2020-06-09
| |/ | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | force bats version to v1.1.0Valentin Rothberg2020-06-08
| | | | | | | | | | | | | | | | We experienced regression when using the latest `v1.2.0-dev` bats in Ubuntu 20.04 (see github.com/containers/libpod/pull/6418). Using bats v1.1.0 worked in the Ubuntu test VM. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Enable Ubuntu tests in CIBrent Baude2020-06-08
|/ | | | | | Add updates required for ubuntu and run integration tests Signed-off-by: Brent Baude <bbaude@redhat.com>
* Attempt to turn on special_testing_in_podman testsDaniel J Walsh2020-06-04
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Enable detached exec for remoteMatthew Heon2020-06-02
| | | | | | | | | | | | | | | | | | | | | | | The biggest obstacle here was cleanup - we needed a way to remove detached exec sessions after they exited, but there's no way to tell if an exec session will be attached or detached when it's created, and that's when we must add the exit command that would do the removal. The solution was adding a delay to the exit command (5 minutes), which gives sufficient time for attached exec sessions to retrieve the exit code of the session after it exits, but still guarantees that they will be removed, even for detached sessions. This requires Conmon 2.0.17, which has the new `--exit-delay` flag. As part of the exit command rework, we can drop the hack we were using to clean up exec sessions (remove them as part of inspect). This is a lot cleaner, and I'm a lot happier about it. Otherwise, this is just plumbing - we need a bindings call for detached exec, and that needed to be added to the tunnel mode backend for entities. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* compat handlers: add X-Registry-Auth header supportValentin Rothberg2020-05-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Support the `X-Registry-Auth` http-request header. * The content of the header is a base64 encoded JSON payload which can either be a single auth config or a map of auth configs (user+pw or token) with the corresponding registries being the keys. Vanilla Docker, projectatomic Docker and the bindings are transparantly supported. * Add a hidden `--registries-conf` flag. Buildah exposes the same flag, mostly for testing purposes. * Do all credential parsing in the client (i.e., `cmd/podman`) pass the username and password in the backend instead of unparsed credentials. * Add a `pkg/auth` which handles most of the heavy lifting. * Go through the authentication-handling code of most commands, bindings and endpoints. Migrate them to the new code and fix issues as seen. A final evaluation and more tests is still required *after* this change. * The manifest-push endpoint is missing certain parameters and should use the ABI function instead. Adding auth-support isn't really possible without these parts working. * The container commands and endpoints (i.e., create and run) have not been changed yet. The APIs don't yet account for the authfile. * Add authentication tests to `pkg/bindings`. Fixes: #6384 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Cirrus: Fix image-name hintsChris Evich2020-05-14
| | | | | | | | | This properly prints out image-name hints when executing the hack script without any arguments. It is required due to changes made by Ed for test-name beatification. An identical change was made and reviewed by Ed in the containers/storage repo. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Update Ubuntu 18 to 20Chris Evich2020-05-14
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Remove libpod.conf from repoMatthew Heon2020-05-12
| | | | | | | | | | | Now that we're shipping containers.conf, we don't want to provide a libpod.conf anymore. This removes libpod.conf from the repo and as many direct uses as I can find. There are a few more mentions in the documentation, but someone more familiar with containers.conf should make those edits. Signed-off-by: Matthew Heon <mheon@redhat.com>
* set binding tests to requiredBrent Baude2020-05-08
| | | | | | | | | | | | | | | | | some small fix ups for binding tests and then make them required. update containers-common V2 bindings tests were failing because of changes introduced in commit a2ad5bb. Fix some typos. Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org> in the case where the specgen attribute for Env and Labels are nil, we should should then make the map IF we have labels and envs that need to be added. Signed-off-by: Brent Baude <bbaude@redhat.com>
* CI:DOCS: Document API docs + CORS maintenanceChris Evich2020-05-06
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Utilize new base imagesChris Evich2020-04-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* cirrus: Update to Fedora 32 properChris Evich2020-04-30
| | | | | | | | Now that it's officially released, update to it from the beta. Also (and significant), adjust the SELinux context of the GCP metadata service. Add a comment to the code explaining why this is necessary. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Unify package installationChris Evich2020-04-24
| | | | | | | Also, test-build critical container images depended upon for CI-purposes. Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: Add support for Fedora 32Chris Evich2020-04-20
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Cirrus: More Ubuntu 19 + Fedora 31Chris Evich2020-04-20
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Log formatter: add BATS summary lineEd Santiago2020-04-17
| | | | | | | | | | | | | | | | | BATS emits a summary line (number of tests passed/failed)... but only on a tty or when run with --pretty! In our CI context, with TAP output, it gives no end summary. Fix that. Keep track of 'ok', 'not ok', and 'skipped', and display the counts at the end. Also: add a regression test. You don't need to review or even read it: it's stark, and I'm not even enabling it for CI because it almost certainly won't run due to missing Perl library modules. It's just something I need on my end. Signed-off-by: Ed Santiago <santiago@redhat.com>
* logformat: handle apiv2 results, add anchor linksEd Santiago2020-04-08
| | | | | | | | | | | | | | apiv2 tests emit TAP-compliant output; recognize it and highlight it the same way we do BATS tests. Add anchor links to TAP output, so other tools (e.g. cirrus-flake-summarize) can link to particular lines And, remove a "-f" from "wait" in test-apiv2; looks like there's some version of bash used in some CI VM that doesn't grok it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Cirrus: Minor docs updateChris Evich2020-03-30
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #5368 from cevich/opensuse_ubuntu_packagesOpenShift Merge Robot2020-03-28
|\ | | | | Opensuse openbuild ubuntu + buildah packages
| * Cirrus: Enable future installing buildah packagesChris Evich2020-03-19
| | | | | | | | | | | | | | | | | | Many of the packages required for CI in buildah overlap with libpod. When building new VM images, attempt to source a package list from the buildah repository. If found, also install the listed packages on the VM. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Include packages for buildah CIChris Evich2020-03-19
| | | | | | | | | | | | Also, move some setup steps at VM image build time to save runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Update Ubuntu base imagesChris Evich2020-03-19
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
| * Cirrus: Use opensuse open build Ubuntu packagesChris Evich2020-03-19
| | | | | | | | | | | | This is necessary as the projectatomic PPA is no longer maintained. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #4340 from cevich/libseccomp_updateOpenShift Merge Robot2020-03-28
|\ \ | | | | | | Log libseccomp package version
| * | Cirrus: Log libseccomp package versionChris Evich2020-02-26
| | | | | | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #5479 from cevich/auto_releaseOpenShift Merge Robot2020-03-23
|\ \ \ | |_|/ |/| | Cirrus: Disable non-docs release processing
| * | Cirrus: Disable non-docs release processingChris Evich2020-03-12
| | | | | | | | | | | | | | | | | | | | | | | | Detecting when it's time to upload a release inside Cirrus-CI is really difficult for many automation and human reasons. Disabling it for now until a more robust solution can be implemented Signed-off-by: Chris Evich <cevich@redhat.com>
* | | fix timeout file flakeBrent Baude2020-03-17
| | | | | | | | | | | | | | | | | | this is a temporary fix for the flake that has been troubling us. once conmon is in fedora 30 and 31 stable, we can remove this fix. the images will just need to be rebuilt. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Four small CI fixes:Ed Santiago2020-03-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) 'podman system info' (in logcollector): has been silently failing in special_testing_rootless, with: logcollector.sh: line 16: podman: command not found Use ./bin/podman instead of just podman; this is probably the right thing to do in the general case anyway 2) logformatter: highlight 'panic:', seen in bindings test: https://storage.googleapis.com/cirrus-ci-5385732420009984-fcae48/artifacts/containers/libpod/6693715108429824/html/integration_test.log.html 3) logformatter: handle Unicode bullet in front of 'Running', seen in bindings test. 4) logformatter: turn down contrast on BATS 'ok' results, for legibility Signed-off-by: Ed Santiago <santiago@redhat.com>