summaryrefslogtreecommitdiff
path: root/test/e2e/run_test.go
Commit message (Collapse)AuthorAge
* healtcheck phase 2baude2019-03-12
| | | | | | | | | | | | | | | | | | | | | | | | | | integration of healthcheck into create and run as well as inspect. healthcheck enhancements are as follows: * add the following options to create|run so that non-docker images can define healthchecks at the container level. * --healthcheck-command * --healthcheck-retries * --healthcheck-interval * --healthcheck-start-period * podman create|run --healthcheck-command=none disables healthcheck as described by an image. * the healthcheck itself and the healthcheck "history" can now be observed in podman inspect * added the wiring for healthcheck history which logs the health history of the container, the current failed streak attempts, and log entries for the last five attempts which themselves have start and stop times, result, and a 500 character truncated (if needed) log of stderr/stdout. The timings themselves are not implemented in this PR but will be in future enablement (i.e. next). Signed-off-by: baude <bbaude@redhat.com>
* ginkgo status improvementsbaude2019-03-08
| | | | | | | a series of improvements to our ginkgo test framework so we can get better ideas of whats going on when run in CI Signed-off-by: baude <bbaude@redhat.com>
* Fix aliased commands to actually workDaniel J Walsh2019-03-03
| | | | | | | | | | | | | | | | | The current aliased commands podman container list and podman image list podman image rm Do not work properly. The global storage options are broken. This patch fixes this issue. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add tests to make sure podman container and podman image commands workDaniel J Walsh2019-03-02
| | | | | | | | | We have little to no testing to make sure we don't break podman image and podman container commands that wrap traditional commands. This PR adds tests for each of the commands. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix SystemExec completion raceChris Evich2019-03-01
| | | | | | | | | | | | | Some callers assume when SystemExec returns, the command has completed. Other callers explicitly wait for completion (as required). However, forgetting to do that is an incredibly easy mistake to make. Fix this by adding an explicit parameter to the function. This requires every caller to deliberately state whether or not a completion-check is required. Also address **many** resource naming / cleanup completion-races. Signed-off-by: Chris Evich <cevich@redhat.com>
* Try disabling --rm on notify_socket testMatthew Heon2019-02-13
| | | | | | | | We have a consistent CI failure with the notify_socket test that I can't reproduce locally. There's no reason for the test to have --rm, so try removing it. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Run integrations test with remote-clientbaude2019-01-14
| | | | | | | | | | | | Add the ability to run the integration (ginkgo) suite using the remote client. Only the images_test.go file is run right now; all the rest are isolated with a // +build !remotelinux. As more content is developed for the remote client, we can unblock the files and just block single tests as needed. Signed-off-by: baude <bbaude@redhat.com>
* Fix handling of nil volumesDaniel J Walsh2019-01-10
| | | | | | | | | Currently if a user passes in a -v with -v $bogus:/foobar We crash. This will throw a proper error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Fixes to handle /dev/shm correctly.Daniel J Walsh2018-12-24
| | | | | | | | | | | | | | | | | | We had two problems with /dev/shm, first, you mount the container read/only then /dev/shm was mounted read/only. This is a bug a tmpfs directory should be read/write within a read-only container. The second problem is we were ignoring users mounted /dev/shm from the host. If user specified podman run -d -v /dev/shm:/dev/shm ... We were dropping this mount and still using the internal mount. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* skip test for blkio.weight when kernel does not support itbaude2018-12-20
| | | | Signed-off-by: baude <bbaude@redhat.com>
* failed containers with --rm should remove themselvesbaude2018-12-12
| | | | | | | | | | when starting or running a container that has --rm, if the starting container fails (like due to an invalid command), the container should get removed. Resolves: #1985 Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ | | | | libpod/container_internal: Deprecate implicit hook directories
| * libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | create pod on the flybaude2018-12-03
|/ | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* tests: fix NOTIFY_SOCKET testGiuseppe Scrivano2018-11-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix test for NOTIFY_SOCKETGiuseppe Scrivano2018-11-28
| | | | | | do not make any assumption on the path inside of the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ | | | | Improve podman run --mount test
| * Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
| * Update test case name to podman run with --mount flagYiqiao Pu2018-11-27
| | | | | | | | | | | | | | Update the test case name to make it easier to filter --mount related test cases with -ginkgo.focus. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | set root propagation based on volume propertiesValentin Rothberg2018-11-26
|/ | | | | | | | | | | | Set the root propagation based on the properties of volumes and default mounts. To remain compatibility, follow the semantics of Docker. If a volume is shared, keep the root propagation shared which works for slave and private volumes too. For slave volumes, it can either be shared or rshared. Do not change the root propagation for private volumes and stick with the default. Fixes: #1834 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* Separate common used test functions and structs to test/utilsYiqiao Pu2018-11-16
| | | | | | | Put common used test functions and structs to a separated package. So we can use them for more testsuites. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* replace quay.io/baude to quay.io/libpodbaude2018-11-01
| | | | | | | images used for our integration suite have moved from my work account to a group organization called libpod. Signed-off-by: baude <bbaude@redhat.com>
* allow ppc64le to pass libpod integration testsbaude2018-10-31
| | | | | | | | | | | | | | this pr allows the libpod integration suite to pass on the ppc64le architecture. in some cases, I had to skip tests. eventually, these tests need to be fixed so that they properly pass. of note for this PR is: * changed the ppc64le default container os to be overlay (over vfs) as vfs seems non-performant on ppc64le * still run vfs for rootless operations * some images names for ppc64le had to change because they don't exist. * this should help getting our CI to run on the platform Signed-off-by: baude <bbaude@redhat.com>
* Use restoreArtifacts to save time in integration testsbaude2018-10-22
| | | | Signed-off-by: baude <bbaude@redhat.com>
* fix NOTIFY_SOCKET in e2e testfix NOTIFY_SOCKET in e2e testsbaude2018-10-18
| | | | Signed-off-by: baude <bbaude@redhat.com>
* tests: do not make assumptions on the mount outputGiuseppe Scrivano2018-10-14
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Generate a passwd file for users not in containerDaniel J Walsh2018-10-12
| | | | | | | If someone runs podman as a user (uid) that is not defined in the container we want generate a passwd file so that getpwuid() will work inside of container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Disable SELinux labeling if --privilegedDaniel J Walsh2018-10-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* run complex image names with short namesbaude2018-09-28
| | | | | | | | | | | | | In cases where the image name is more complex like: quay/baude/alpine_nginx:latest and is not from the docker registry, we need to be able to run the image by its shortname such as baude/alpine_nginx. The same goes when the image is not from a registry but instead has the localhost repository. This resolves buildah issue #1034 Signed-off-by: baude <bbaude@redhat.com>
* podman runs disabled containers and privileged containers as spc_tDaniel J Walsh2018-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* Pass on securityOpts from podInfraContainer to container added to pod.Daniel J Walsh2018-09-11
| | | | | | | | | | This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1347 Approved by: mheon
* Update WaitForTimeOut to output OutputString to help with debugging.Daniel J Walsh2018-09-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1416 Approved by: baude
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* Use REGISTRIES_CONFIG_PATH for all testsbaude2018-08-02
| | | | | | | | | | | | | | | We should not be using the test systems registries.conf file for integration tests. We should always use a constructed file created specifically for the integration tests or we stand to have unpredictable results. The beforeTest function now sets an environment variable pointing to a registries.conf file in the test's tempdir. That file will container docker.io as a default. The afterTest function then clears the environment variable. Signed-off-by: baude <bbaude@redhat.com> Closes: #1197 Approved by: rhatdan
* Integration Test Improvements #3baude2018-08-01
| | | | | | | | | Third round of speed improvements to the integration tests. Signed-off-by: baude <bbaude@redhat.com> Closes: #1193 Approved by: rhatdan
* Show duration for each ginkgo test and test speed improvementsbaude2018-07-28
| | | | | | | | | | | | | | Because our tests are getting so long, we want to be able to audit which tests are taking the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore should be auditable. Also, make speed improvements to tests by making sure we only unpack caches images that actually get used. Signed-off-by: baude <bbaude@redhat.com> Closes: #1178 Approved by: mheon
* Clear variables used to store options after parsing for every volumeumohnani82018-07-25
| | | | | | | | | | | | If more than one volume was mounted using the --volume flag in podman run, the second and onwards volumes were picking up options of the previous volume mounts defined. Found out that the options were not be cleared out after every volume was parsed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1142 Approved by: mheon
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Fix timeout issue with built-in volume testumohnani82018-07-05
| | | | | | | | | | | Building our own image to test built-in volume and user instead of using the mariadb one. Solves timeout issue in travis tests. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1044 Approved by: mheon
* urfave/cli: fix parsing of short optsValentin Rothberg2018-07-05
| | | | | | | | | | | | | Vendor an updated version of urfave/cli to fix the parsing of short options. Until the fix is merged upstream, vendor the code from github.com/vrothberg/cli containing both, the latest urfave/cli and the bug fix. Fixes: #714 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1046 Approved by: rhatdan
* Skip a test in Travis that has timeout issuesMatthew Heon2018-07-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1041 Approved by: rhatdan
* Fix built-in volume issue with podman run/createumohnani82018-06-29
| | | | | | | | | | | | | The destination path of the built-in volume was not being created but a relabel was being attempted on it, this was causing issues with all images that have built-in volumes. This patch fixes that and ensures the destination volume path is created. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1026 Approved by: mheon
* Test to make sure we are getting proper exit codes on podman runDaniel J Walsh2018-06-07
| | | | | | | | | | | podman run command screws up we should get 125 podman run command succeeds but command in container fails to exec 126 podman run command succeeds but command exits with non 0 exit code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #921 Approved by: TomSweeneyRedHat
* Add some test for podman run flag security-optYiqiao Pu2018-06-04
| | | | | | | | | | | | | | Add following test cases for security-opt: - Check default selinux value - Disable security options in container - Setup selinux type in security-opt - Disable seccomp protection - Configure custom seccomp.json Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #837 Approved by: rhatdan
* Use go-selinux for selinux checkYiqiao Pu2018-06-04
| | | | | | | | | | Use function in opencontainers/selinux/go-selinux to check the selinux status in our test. Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #837 Approved by: rhatdan
* Clear all caps, except the bounding set, when --user is specified.Daniel J Walsh2018-05-31
| | | | | | | | | | | | Currently we are giving all caps to users when running with podman run --user, They should get none by default. If the command line includes --cap-add, then we need to run with those capabilties. Similarly we need to drop caps from bounding set, if user specifies --cap-drop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #851 Approved by: mheon
* chrootuser: default to GID 0 when given a numeric --userNalin Dahyabhai2018-05-17
| | | | | | | | | | | | | | | When we're given a numeric --user value, default to GID 0 if the numeric ID doesn't correspond to a user entry in /etc/passwd that can provide us with the user's primary group ID. Make sure that GetAdditionalGroupsForUser() returns wrapped errors. Also test various user:group forms. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #728 Approved by: mheon