summaryrefslogtreecommitdiff
path: root/test/e2e/run_test.go
Commit message (Collapse)AuthorAge
* Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ | | | | libpod/container_internal: Deprecate implicit hook directories
| * libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | create pod on the flybaude2018-12-03
|/ | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* tests: fix NOTIFY_SOCKET testGiuseppe Scrivano2018-11-28
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: fix test for NOTIFY_SOCKETGiuseppe Scrivano2018-11-28
| | | | | | do not make any assumption on the path inside of the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ | | | | Improve podman run --mount test
| * Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
| * Update test case name to podman run with --mount flagYiqiao Pu2018-11-27
| | | | | | | | | | | | | | Update the test case name to make it easier to filter --mount related test cases with -ginkgo.focus. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | set root propagation based on volume propertiesValentin Rothberg2018-11-26
|/ | | | | | | | | | | | Set the root propagation based on the properties of volumes and default mounts. To remain compatibility, follow the semantics of Docker. If a volume is shared, keep the root propagation shared which works for slave and private volumes too. For slave volumes, it can either be shared or rshared. Do not change the root propagation for private volumes and stick with the default. Fixes: #1834 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* Separate common used test functions and structs to test/utilsYiqiao Pu2018-11-16
| | | | | | | Put common used test functions and structs to a separated package. So we can use them for more testsuites. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* replace quay.io/baude to quay.io/libpodbaude2018-11-01
| | | | | | | images used for our integration suite have moved from my work account to a group organization called libpod. Signed-off-by: baude <bbaude@redhat.com>
* allow ppc64le to pass libpod integration testsbaude2018-10-31
| | | | | | | | | | | | | | this pr allows the libpod integration suite to pass on the ppc64le architecture. in some cases, I had to skip tests. eventually, these tests need to be fixed so that they properly pass. of note for this PR is: * changed the ppc64le default container os to be overlay (over vfs) as vfs seems non-performant on ppc64le * still run vfs for rootless operations * some images names for ppc64le had to change because they don't exist. * this should help getting our CI to run on the platform Signed-off-by: baude <bbaude@redhat.com>
* Use restoreArtifacts to save time in integration testsbaude2018-10-22
| | | | Signed-off-by: baude <bbaude@redhat.com>
* fix NOTIFY_SOCKET in e2e testfix NOTIFY_SOCKET in e2e testsbaude2018-10-18
| | | | Signed-off-by: baude <bbaude@redhat.com>
* tests: do not make assumptions on the mount outputGiuseppe Scrivano2018-10-14
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Generate a passwd file for users not in containerDaniel J Walsh2018-10-12
| | | | | | | If someone runs podman as a user (uid) that is not defined in the container we want generate a passwd file so that getpwuid() will work inside of container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Disable SELinux labeling if --privilegedDaniel J Walsh2018-10-02
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* run complex image names with short namesbaude2018-09-28
| | | | | | | | | | | | | In cases where the image name is more complex like: quay/baude/alpine_nginx:latest and is not from the docker registry, we need to be able to run the image by its shortname such as baude/alpine_nginx. The same goes when the image is not from a registry but instead has the localhost repository. This resolves buildah issue #1034 Signed-off-by: baude <bbaude@redhat.com>
* podman runs disabled containers and privileged containers as spc_tDaniel J Walsh2018-09-27
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rework CI tests to test on VMsbaude2018-09-26
| | | | | | | | | | | | | | | | | | | | | This PR makes several key changes to our CI testing. Firstly, we now test podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any of these that having failing tests are not marked as required yet. We still preserve the podman in podman and podman in docker tests as well and they are marked as required. The lint and validate work is now done on a openshift container. We also removed the rpm verification on papr and perform this test under the "images" test on the openshift ci. This PR exposes integration test fails on some of our OSs. My expectation is we will fix those in additional PRs and as they are fixed, we should be flipping the boolean bit to required. Signed-off-by: baude <bbaude@redhat.com> Closes: #1492 Approved by: mheon
* Add --mount option for `create` & `run` commandDaniel J Walsh2018-09-21
| | | | | | | | Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1524 Approved by: mheon
* Pass on securityOpts from podInfraContainer to container added to pod.Daniel J Walsh2018-09-11
| | | | | | | | | | This is an incomplete fix, as it would be best for the libpod library to be in charge of coordinating the container's dependencies on the infra container. A TODO was left as such. UTS is a special case, because the docker library that namespace handling is based off of doesn't recognize a UTS based on another container as valid, despite the library being able to handle it correctly. Thus, it is left in the old way. Signed-off-by: haircommander <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1347 Approved by: mheon
* Update WaitForTimeOut to output OutputString to help with debugging.Daniel J Walsh2018-09-06
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1416 Approved by: baude
* Fix Mount PropagationGiuseppe Scrivano2018-08-27
| | | | | | | | | Default mount propagation inside of containes should be private Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #1305 Approved by: mheon
* Use REGISTRIES_CONFIG_PATH for all testsbaude2018-08-02
| | | | | | | | | | | | | | | We should not be using the test systems registries.conf file for integration tests. We should always use a constructed file created specifically for the integration tests or we stand to have unpredictable results. The beforeTest function now sets an environment variable pointing to a registries.conf file in the test's tempdir. That file will container docker.io as a default. The afterTest function then clears the environment variable. Signed-off-by: baude <bbaude@redhat.com> Closes: #1197 Approved by: rhatdan
* Integration Test Improvements #3baude2018-08-01
| | | | | | | | | Third round of speed improvements to the integration tests. Signed-off-by: baude <bbaude@redhat.com> Closes: #1193 Approved by: rhatdan
* Show duration for each ginkgo test and test speed improvementsbaude2018-07-28
| | | | | | | | | | | | | | Because our tests are getting so long, we want to be able to audit which tests are taking the longest to complete. This may indicate a bad test, bad CI, bad code, etc and therefore should be auditable. Also, make speed improvements to tests by making sure we only unpack caches images that actually get used. Signed-off-by: baude <bbaude@redhat.com> Closes: #1178 Approved by: mheon
* Clear variables used to store options after parsing for every volumeumohnani82018-07-25
| | | | | | | | | | | | If more than one volume was mounted using the --volume flag in podman run, the second and onwards volumes were picking up options of the previous volume mounts defined. Found out that the options were not be cleared out after every volume was parsed. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1142 Approved by: mheon
* Add --volumes-from flag to podman run and createumohnani82018-07-09
| | | | | | | | | | podman now supports --volumes-from flag, which allows users to add all the volumes an existing container has to a new one. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #931 Approved by: mheon
* Fix timeout issue with built-in volume testumohnani82018-07-05
| | | | | | | | | | | Building our own image to test built-in volume and user instead of using the mariadb one. Solves timeout issue in travis tests. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1044 Approved by: mheon
* urfave/cli: fix parsing of short optsValentin Rothberg2018-07-05
| | | | | | | | | | | | | Vendor an updated version of urfave/cli to fix the parsing of short options. Until the fix is merged upstream, vendor the code from github.com/vrothberg/cli containing both, the latest urfave/cli and the bug fix. Fixes: #714 Signed-off-by: Valentin Rothberg <vrothberg@suse.com> Closes: #1046 Approved by: rhatdan
* Skip a test in Travis that has timeout issuesMatthew Heon2018-07-03
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #1041 Approved by: rhatdan
* Fix built-in volume issue with podman run/createumohnani82018-06-29
| | | | | | | | | | | | | The destination path of the built-in volume was not being created but a relabel was being attempted on it, this was causing issues with all images that have built-in volumes. This patch fixes that and ensures the destination volume path is created. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #1026 Approved by: mheon
* Test to make sure we are getting proper exit codes on podman runDaniel J Walsh2018-06-07
| | | | | | | | | | | podman run command screws up we should get 125 podman run command succeeds but command in container fails to exec 126 podman run command succeeds but command exits with non 0 exit code Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #921 Approved by: TomSweeneyRedHat
* Add some test for podman run flag security-optYiqiao Pu2018-06-04
| | | | | | | | | | | | | | Add following test cases for security-opt: - Check default selinux value - Disable security options in container - Setup selinux type in security-opt - Disable seccomp protection - Configure custom seccomp.json Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #837 Approved by: rhatdan
* Use go-selinux for selinux checkYiqiao Pu2018-06-04
| | | | | | | | | | Use function in opencontainers/selinux/go-selinux to check the selinux status in our test. Signed-off-by: Yiqiao Pu <ypu@redhat.com> Closes: #837 Approved by: rhatdan
* Clear all caps, except the bounding set, when --user is specified.Daniel J Walsh2018-05-31
| | | | | | | | | | | | Currently we are giving all caps to users when running with podman run --user, They should get none by default. If the command line includes --cap-add, then we need to run with those capabilties. Similarly we need to drop caps from bounding set, if user specifies --cap-drop Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #851 Approved by: mheon
* chrootuser: default to GID 0 when given a numeric --userNalin Dahyabhai2018-05-17
| | | | | | | | | | | | | | | When we're given a numeric --user value, default to GID 0 if the numeric ID doesn't correspond to a user entry in /etc/passwd that can provide us with the user's primary group ID. Make sure that GetAdditionalGroupsForUser() returns wrapped errors. Also test various user:group forms. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com> Closes: #728 Approved by: mheon
* Add --default-mounts-file hidden flagumohnani82018-04-26
| | | | | | | | | | | The hidden flag is used to override the path of the default mounts file for testing purposes. Also modified the secrets pkg to allow for this override to happen. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #678 Approved by: mheon
* Modify --user flag for podman create and runumohnani82018-04-24
| | | | | | | | | | If an integer is passed into the --user flag, i.e --user=1234 don't look up the user in /etc/passwd, just assign the integer as the uid. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #652 Approved by: mheon
* Add FIPS mode secretumohnani82018-04-23
| | | | | | | | If the host is in FIPS mode and /etc/system-fips exists /run/secrets/system-fips is created in the container so that the container can run in FIPS mode as well. Signed-off-by: umohnani8 <umohnani@redhat.com>
* Fix tests for podman run --attachMatthew Heon2018-04-19
| | | | | | | | | | When STDOUT and STDERR are not attached, we now print a container ID. Make the tests aware of this. Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #638 Approved by: rhatdan
* Fix secrets patchumohnani82018-04-13
| | | | | | | | | | | The secrets code was just tarring and copying the contents of the secrets directory on host as is. This meant it was not accounting for any symlinks inside the directory, leading up to the contents not being copied over. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #611 Approved by: mheon
* Fix podman run --attach testsMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Add tests for podman attachMatthew Heon2018-04-13
| | | | | | | Signed-off-by: Matthew Heon <matthew.heon@gmail.com> Closes: #608 Approved by: baude
* Functionality changes to the following flagsumohnani82018-04-06
| | | | | | | | | | | | | | | | | | | --group-add --blkio-weight-device --device-read-bps --device-write-bps --device-read-iops --device-write-iops --group-add now supports group names as well as the gid associated with them. All the --device flags work now with moderate changes to the code to support both bps and iops. Added tests for all the flags. Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #590 Approved by: mheon
* Add hooks support to podmanDaniel J Walsh2018-04-05
| | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #155 Approved by: mheon
* Add secrets patch to podmanumohnani82018-03-29
| | | | | | | | | | Adds support for mounting secrets especially on RHEL where the container can use the host subsription to run yum Signed-off-by: umohnani8 <umohnani@redhat.com> Closes: #544 Approved by: rhatdan
* CreateContainerStorage by image idbaude2018-02-23
| | | | | | | | | | | When creating container storage by name, if that name is a tagged image then the storage could not be found. We now use the image id which seems more reliable. Also added an integration test to protect against regression. Signed-off-by: baude <bbaude@redhat.com> Closes: #393 Approved by: mheon
* More ginkgo migrationbaude2018-02-07
| | | | | | | | | | | * attach * run_exit * save * tag * version * run_privileged -> privileged Signed-off-by: baude <bbaude@redhat.com>