summaryrefslogtreecommitdiff
path: root/test/e2e/run_test.go
Commit message (Collapse)AuthorAge
* support device-cgroup-ruleQi Wang2020-02-12
| | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>
* play kube: handle seccomp labelsPeter Hunt2019-11-18
| | | | | | | Add handling of seccomp annotations to play kube at both container and pod levels. also add a test Signed-off-by: Peter Hunt <pehunt@redhat.com>
* fix bug check nonexist authfileQi Wang2019-11-05
| | | | | | | | | Use GetDefaultAuthFile() from buildah. For podman command(except login), if authfile does not exist returns error. close #4328 Signed-off-by: Qi Wang <qiwan@redhat.com>
* Refactor tests when checking for error exit codesJhon Honce2019-10-16
| | | | | | | Rather than checking for non-zero, we need to check for >0 to distinguish between timeouts and error exit codes. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* execuser: look at the source for /etc/{passwd,group} overridesGiuseppe Scrivano2019-09-21
| | | | | | | | | look if there are bind mounts that can shadow the /etc/passwd and /etc/group files. In that case, look at the bind mount source. Closes: https://github.com/containers/libpod/pull/4068#issuecomment-533782941 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* container: make sure $HOME is always setGiuseppe Scrivano2019-09-20
| | | | | | | | | | | | | If the HOME environment variable is not set, make sure it is set to the configuration found in the container /etc/passwd file. It was previously depending on a runc behavior that always set HOME when it is not set. The OCI runtime specifications do not require HOME to be set so move the logic to libpod. Closes: https://github.com/debarshiray/toolbox/issues/266 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Add support for launching containers without CGroupsMatthew Heon2019-09-10
| | | | | | | This is mostly used with Systemd, which really wants to manage CGroups itself when managing containers via unit file. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* test: enable all tests for crunGiuseppe Scrivano2019-08-19
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* tests: enable run tests for cgroups v2Giuseppe Scrivano2019-08-13
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* tests: disable some tests currently failing when not using runcGiuseppe Scrivano2019-08-12
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Fix test suiteMatthew Heon2019-07-31
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Set -env variables as appropriateQi Wang2019-07-30
| | | | | | | | close #3648 podman create and podman run do not set --env variable if the environment is not present with a value Signed-off-by: Qi Wang <qiwan@redhat.com>
* Make the healthcheck flags compatible with Docker CLIHunor Csomortáni2019-07-16
| | | | | | | | | | | | Docker CLI calls the healthcheck flags "--health-*", instead of "--healthcheck-*". Introduce the former, in order to keep compatibility, and alias the later, in order to avoid breaking current usage. Change "--healthcheck-*" to "--health-*" in the docs and tests. Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
* create: improve parser for --healthcheck-commandStefan Becker2019-07-14
| | | | | | | | | | | | | | | | Fix Docker CLI compatibility issue: the "--healthcheck-command" option value should not be split but instead be passed as single string to "CMD-SHELL", i.e. "/bin/sh -c <opt>". On the other hand implement the same extension as is already available for "--entrypoint", i.e. allow the option value to be a JSON array of strings. This will make life easier for tools like podman-compose. Updated "--healthcheck-command" option values in tests accordingly. Continuation of #3455 & #3507 Signed-off-by: Stefan Becker <chemobejk@gmail.com>
* Merge pull request #3557 from rhatdan/envOpenShift Merge Robot2019-07-12
|\ | | | | Add support for --env-host
| * Add support for -env-hostDaniel J Walsh2019-07-11
| | | | | | | | | | | | | | | | | | | | This flag passes the host environment into the container. The basic idea is to leak all environment variables from the host into the container. Environment variables from the image, and passed in via --env and --env-file will override the host environment. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | podman: add --ulimit hostGiuseppe Scrivano2019-07-08
|/ | | | | | | | | add a simple way to copy ulimit values from the host. if --ulimit host is used then the current ulimits in place are copied to the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* fix broken healthcheck testsEd Santiago2019-06-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Four of the healthcheck tests were completely broken. They were written with the option '--healthcheck-cmd' which is not an option (it should be '--healthcheck-command', with 'command' as a full word). The tests were merely checking exit code, not error message, so of course they failed. I have fixed the command line and added checks for the expected diagnostic. (Side note: do not write tests that check exit code but nothing else. This should not need to be said). One of the four tests was invalid: --healthcheck-interval 0.5s. Per Brent: initially i was going to restrict sub one-second intervals That test has been removed. It would probably be a good idea for a future PR to add some validation such as preventing negative values, but that's left as an exercise for later. Also: grammar fix in an error message. Caught by my ginkgo log greasemonkey script, which highlights 'Error' messages and grabbed my attention. Signed-off-by: Ed Santiago <santiago@redhat.com>
* storage: support --mount type=bind,bind-nonrecursiveGiuseppe Scrivano2019-06-13
| | | | | | | | add support for not recursive bind mounts. Closes: https://github.com/containers/libpod/issues/3314 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* use imagecaches for local testsbaude2019-05-29
| | | | | | | | | when doing localized tests (not varlink), we can use secondary image stores as read-only image caches. this cuts down on test time significantly because each test does not need to restore the images from a tarball anymore. Signed-off-by: baude <bbaude@redhat.com>
* Replace root-based rootless testsChris Evich2019-05-16
| | | | | | | | | | | | Since CI automation is now executing all tests as a regular user, there is no need for root-based testing to run special rootless tests. Remove them. However, the root-based rootless tests did include one test for exercising the '--rootfs' option which is needed. Add a new general, and more through test to replace it - meaning it will be executed as root and non-root. Signed-off-by: Chris Evich <cevich@redhat.com>
* enable integration tests for remote-clientbaude2019-05-07
| | | | | | | first pass at enabling a swath of integration tests for the remote-client. Signed-off-by: baude <bbaude@redhat.com>
* Try and fix restart-policy testsMatthew Heon2019-05-03
| | | | | | | Theory: it's SELinux blowing up and preventing us from creating files as the container. Try and use a fresh dir and :Z to fix. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add a test for restart policyMatthew Heon2019-05-03
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Begin adding volume testsMatthew Heon2019-05-01
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* auto pass http_proxy into containerJames Cassell2019-04-30
| | | | Signed-off-by: James Cassell <code@james.cassell.me>
* Major rework of --volumes-from flagMatthew Heon2019-04-04
| | | | | | | | | | The flag should be substantially more durable, and no longer relies on the create artifact. This should allow it to properly handle our new named volume implementation. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add a test that --add-host conflicts with --no-hostsMatthew Heon2019-03-27
| | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* podman: do not split --env on commaGiuseppe Scrivano2019-03-20
| | | | | | | | if --env "a=b,c" is used, do not split into a=b and c=. Closes: https://github.com/containers/libpod/issues/2712 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Enable rootless integration testsbaude2019-03-19
| | | | Signed-off-by: baude <bbaude@redhat.com>
* healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* ginkgo status improvementsbaude2019-03-08
| | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* Fix aliased commands to actually workDaniel J Walsh2019-03-03
| | | | | | | | | | | | | | | | | The current aliased commands podman container list and podman image list podman image rm Do not work properly. The global storage options are broken. This patch fixes this issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add tests to make sure podman container and podman image commands workDaniel J Walsh2019-03-02
| | | | | | | | | We have little to no testing to make sure we don't break podman image and podman container commands that wrap traditional commands. This PR adds tests for each of the commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix SystemExec completion raceChris Evich2019-03-01
| | | | | | | | | | | | | Some callers assume when SystemExec returns, the command has completed. Other callers explicitly wait for completion (as required). However, forgetting to do that is an incredibly easy mistake to make. Fix this by adding an explicit parameter to the function. This requires every caller to deliberately state whether or not a completion-check is required. Also address **many** resource naming / cleanup completion-races. Signed-off-by: Chris Evich <cevich@redhat.com>
* Try disabling --rm on notify_socket testMatthew Heon2019-02-13
| | | | | | | | We have a consistent CI failure with the notify_socket test that I can't reproduce locally. There's no reason for the test to have --rm, so try removing it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fixes to handle /dev/shm correctly.Daniel J Walsh2018-12-24
| | | | | | | | | | | | | | | | | | We had two problems with /dev/shm, first, you mount the container read/only then /dev/shm was mounted read/only. This is a bug a tmpfs directory should be read/write within a read-only container. The second problem is we were ignoring users mounted /dev/shm from the host. If user specified podman run -d -v /dev/shm:/dev/shm ... We were dropping this mount and still using the internal mount. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* skip test for blkio.weight when kernel does not support itbaude2018-12-20
| | | | Signed-off-by: baude <bbaude@redhat.com>
* failed containers with --rm should remove themselvesbaude2018-12-12
| | | | | | | | | | when starting or running a container that has --rm, if the starting container fails (like due to an invalid command), the container should get removed. Resolves: #1985 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ | | | | libpod/container_internal: Deprecate implicit hook directories
| * libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | create pod on the flybaude2018-12-03
|/ | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* tests: fix NOTIFY_SOCKET testGiuseppe Scrivano2018-11-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix test for NOTIFY_SOCKETGiuseppe Scrivano2018-11-28
| | | | | | do not make any assumption on the path inside of the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ | | | | Improve podman run --mount test
| * Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
| * Update test case name to podman run with --mount flagYiqiao Pu2018-11-27
| | | | | | | | | | | | | | Update the test case name to make it easier to filter --mount related test cases with -ginkgo.focus. Signed-off-by: Yiqiao Pu <ypu@redhat.com>