summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* systemd socker activation: check listener to prevent panicPaul Holzinger2022-06-15
| | | | | | | | | | Commit 5fa6f686db added a regression which was fixed in eb71712626f9. Apply the same fix again to prevent a panic and return a proper error instead. To not regress again I added a e2e test which makes sure we do not panic. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #14585 from Luap99/nolintopenshift-ci[bot]2022-06-14
|\ | | | | golangci-lint: enable nolintlint
| * golangci-lint: enable nolintlintPaul Holzinger2022-06-14
| | | | | | | | | | | | | | | | | | | | The nolintlint linter does not deny the use of `//nolint` Instead it allows us to enforce a common nolint style: - force that a linter name must be specified - do not add a space between `//` and `nolint` - make sure nolint is only used when there is actually a problem Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14582 from giuseppe/no-create-containerenv-if-run-volumeopenshift-ci[bot]2022-06-14
|\ \ | |/ |/| container: do not create .containerenv with -v SRC:/run
| * container: do not create .containerenv with -v SRC:/runGiuseppe Scrivano2022-06-14
| | | | | | | | | | | | | | | | | | if /run is on a volume do not create the file /run/.containerenv as it would leak outside of the container. Closes: https://github.com/containers/podman/issues/14577 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #14580 from jakecorrenti/stats-on-non-running-containeropenshift-ci[bot]2022-06-14
|\ \ | | | | | | Non-running containers now report statistics via the `podman stats`
| * | Non-running containers now report statistics via the `podman stats`Jake Correnti2022-06-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command Previously, if a container was not running, and the user ran the `podman stats` command, an error would be reported: `Error: container state improper`. Podman now reports stats as the fields' default values for their respective type if the container is not running: ``` $ podman stats --no-stream demo ID NAME CPU % MEM USAGE / LIMIT MEM % NET IO BLOCK IO PIDS CPU TIME AVG CPU % 4b4bf8ce84ed demo 0.00% 0B / 0B 0.00% 0B / 0B 0B / 0B 0 0s 0.00% ``` Closes: #14498 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | podman-remote push --remove-signatures supportDaniel J Walsh2022-06-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | I don't see a reason why we don't support --remove-signatures from remote push, so adding support. Fixes: https://github.com/containers/podman/issues/14558 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14553 from cevich/fix_eventuallyOpenShift Merge Robot2022-06-09
|\ \ \ | | | | | | | | Fix Remote filtering embedded directory test
| * | | Fix Remote filtering embedded directory testChris Evich2022-06-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | Fixes #14184 Docs: https://onsi.github.io/gomega/#making-asynchronous-assertions Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #14480 from cdoern/infraOpenShift Merge Robot2022-06-09
|\ \ \ | |/ / |/| | patch for pod host networking & other host namespace handling
| * | patch for pod host networking & other host namespace handlingcdoern2022-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | this patch included additonal host namespace checks when creating a ctr as well as fixing of the tests to check /proc/self/ns/net see #14461 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #14220 from Luap99/resolvconfOpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | use resolvconf package from c/common/libnetwork
| * | | test/e2e: network dis-/connect test remove unhelpful assertionsPaul Holzinger2022-06-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | Using `To(BeTrue()/BeFalse())` provides very bas error messages. It is not clear to a log reader what went wrong. Using ContainsSubstring() make the error message much more useful. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14483 from ↵OpenShift Merge Robot2022-06-07
|\ \ \ | | | | | | | | | | | | | | | | jakecorrenti/restart-privelaged-containers-after-host-device-change Privileged containers can now restart if the host devices change
| * | | Privileged containers can now restart if the host devices changeJake Correnti2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If a privileged container is running, stops, and the devices on the host change, such as a USB device is unplugged, then a container would no longer start. Previously, the devices from the host were only being added to the container once: when the container was created. Now, this happens every time the container starts. I did this by adding a boolean to the container config that indicates whether to mount all of the devices or not, which can be set via an option. During spec generation, if the `MountAllDevices` option is set in the container config, all host devices are added to the container. Additionally, a couple of functions from `pkg/specgen/generate/config_linux.go` were moved into `pkg/util/utils_linux.go` as they were needed in multiple packages. Closes #13899 Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
* | | | Infra Inheritance patchcdoern2022-06-07
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | infra was overriding options that it should be appending rather than resetting. fix this by appending the given container's spec to the compatible options before marshaling/unmarshaling resolves #14454 Signed-off-by: cdoern <cdoern@redhat.com>
* | | Merge pull request #14474 from flouthoc/non-volatile-overlay-volumeOpenShift Merge Robot2022-06-06
|\ \ \ | | | | | | | | overlay-volumes: add support for non-volatile `upperdir`,`workdir` for `overlay` volumes
| * | | overlay-volumes: add support for non-volatile upperdir,workdir for anonymous ↵Aditya R2022-06-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | volumes Similar feature was added for named overlay volumes here: https://github.com/containers/podman/pull/12712 Following PR just mimics similar feature for anonymous volumes. Often users want their anonymous overlayed volumes to be `non-volatile` in nature that means that same `upper` dir can be re-used by one or more containers but overall of nature of volumes still have to be overlay so work done is still on a overlay not on the actual volume. Following PR adds support for more advanced options i.e custom `workdir` and `upperdir` for overlayed volumes. So that users can re-use `workdir` and `upperdir` across new containers as well. Usage ```console podman run -it -v /some/path:/data:O,upperdir=/path/persistant/upper,workdir=/path/persistant/work alpine sh ``` Signed-off-by: Aditya R <arajan@redhat.com>
* | | | Merge pull request #14485 from ashley-cui/flakeOpenShift Merge Robot2022-06-06
|\ \ \ \ | |/ / / |/| | | Fix secret-verify-leak flake: set build context to subdir
| * | | Fix secret-verify-leak flake: set build context to subdirAshley Cui2022-06-03
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Setting the build context to a dedicated subdir makes sure that the test does not flake when running in parallel, as the test is isolated from other tests that may dump secrets in a higher level context dir. This should have been done in https://github.com/containers/podman/pull/13457, as this makes that PR actually work. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Cleanup the leftovers used with ginkgo focus optionCosmin Tupangiu2022-06-06
| | | | | | | | | | | | Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* | | Merge pull request #14477 from Luap99/partial-logsOpenShift Merge Robot2022-06-03
|\ \ \ | |/ / |/| | podman logs k8s-file: do not reassemble partial log lines
| * | podman logs k8s-file: do not reassemble partial log linesPaul Holzinger2022-06-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The backend should not convert partial lines to full log lines. While this works for most cases it cannot work when the last line is partial since it will just be lost. The frontend logic can already display partial lines correctly. The journald driver also works correctly since it does not such conversion. Fixes #14458 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | test/e2e/save_test.go: fix flakeValentin Rothberg2022-06-03
|/ / | | | | | | | | | | | | | | Save at most three images and sort them by size. The test started to flake as _all_ local images were saved which is not neccessary. Fixes: #14468 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | fix pod network handling with a host networkcdoern2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | the function `GetDefaultNamespaceMode` for pods checks if we are sharing each namespace and if not, returns the default which in the case of a network is slirp. add a switch case for explicitly checking if the pod's network mode is host and if so, return specgen.Host for the container resolves #13763 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #14421 from Luap99/statsOpenShift Merge Robot2022-06-02
|\ \ | |/ |/| podman stats: work with network connect/disconnect
| * podman stats: work with network connect/disconnectPaul Holzinger2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Hardcoding the interface name is a bad idea. We have no control over the actual interface name since the user can change it. The correct thing is to read them from the network status. Since the contianer can have more than one interface we have to add the RX/TX values. The other values are currently not used. For podman 5.0 we should change it so that the API can return the statistics per interface and the client should sum the TX/RX for the command output. This is what docker is doing. Fixes #13824 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | fix "tail 800 lines: journald" flakePaul Holzinger2022-06-01
| | | | | | | | | | | | | | | | | | | | | | | | The test calls podman run -d followed by podman logs. There is no guarantee the the container or conmon has written all its output. Adding an extra podman wait should fix this. Do not remove the -d to not print 1000 unnecessary lines in the logs. Fixes #14362 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | fix podman container restore without CreateNetNSPaul Holzinger2022-05-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container does not use the default podman netns, for example --network none or --network ns:/path a restore would fail because the specgen check validates that c.config.StaticMAC is nil but the unmarshaller sets it to an empty slice. While we could make the check use len() > 0 I feel like it is more common to check with != nil for ip and mac addresses. Adding omitempty tag makes the json marshal/unmarshal work correctly. This should not cause any issues. Fixes #14389 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | podman volume export/import: give better errorPaul Holzinger2022-05-30
|/ | | | | | | | | When the volume does not exist we should output an error stating so and not some generic one. Fixes #14411 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* build: allow using cache explicitly with --squash-all using --layersAditya R2022-05-26
| | | | | | | | | | | | | | Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674 if user wants to do so hence podman must honor similar configuration in `--squash-all` behaviour if user wants to using cache. PS: We cannot alter behaviour of `podman build --squash` for docker-compat reasons hence this feature can be easily supported by `--squash-all`. Closes: https://github.com/containers/buildah/issues/4011 Signed-off-by: Aditya R <arajan@redhat.com>
* First batch of resolutions to FIXMEsMatthew Heon2022-05-25
| | | | | | | | | Most of these are no longer relevant, just drop the comments. Most notable change: allow `podman kill` on paused containers. Works just fine when I test it. Signed-off-by: Matthew Heon <mheon@redhat.com>
* fix f35 integration test network flakePaul Holzinger2022-05-25
| | | | | | | | | | | I am not 100% sure if this is actually causing the problem but I was able to reproduce locally and this change fixed it there. Without the `-n` option iptables tries to reverse lookup the ips to domain names. This is extremely slow for unknown reasons. Given the large amount of iptables entries due parallel test runs it will not succeed in the default 90 sec timeout. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* test/e2e/search_test.go: re-enable registry.redhat.io testValentin Rothberg2022-05-24
| | | | | | The search endpoint is working again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14281 from vrothberg/fix-14251OpenShift Merge Robot2022-05-23
|\ | | | | fix --init with /dev bind mount
| * fix --init with /dev bind mountValentin Rothberg2022-05-23
| | | | | | | | | | | | | | | | | | | | The init binary until now has been bind-mounted to /dev/init which breaks when bind-mounting to /dev. Instead mount the init to /run/podman-init. The reasoning for using /run is that it is already used for other runtime data such as secrets. Fixes: #14251 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14266 from tupyy/add-blockdevice-play-kubeOpenShift Merge Robot2022-05-23
|\ \ | |/ |/| Expose block and character devices with play kube
| * fix tests by randomize the device folder nameCosmin Tupangiu2022-05-23
| | | | | | | | | | | | | | e2e tests tends to fail when running with multiple nodes because the same device folder name is used accross all nodes Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
| * add tests and fix bug when char device pass the test as block deviceCosmin Tupangiu2022-05-18
| | | | | | | | | | | | | | | | | | | | | | - add test - fix bug when a character device set in a volume as a block device is seen as block device in _pkg/specgen/generate/kube/volume.go_. At this stage the type does not matter much because the devices are recreated at lower layer but the bug allowed a CharDevice volume to be passed to lower layer as a BlockDevice. Signed-off-by: Cosmin Tupangiu <cosmin@redhat.com>
* | linter: enable unconvert linterValentin Rothberg2022-05-19
|/ | | | | | | Detects unneccessary type conversions and helps in keeping the code base cleaner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14205 from rhatdan/VENDOROpenShift Merge Robot2022-05-13
|\ | | | | Vendor in latest containers/common
| * Vendor in latest containers/commonDaniel J Walsh2022-05-12
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Make sure tests are cleaned up when they completeDaniel J Walsh2022-05-12
|/ | | | | | Fixes: https://github.com/containers/podman/issues/13789 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* vendor c/common@mainValentin Rothberg2022-05-12
| | | | | | In hope to fix a CI flake. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* test: update fedora toolbox imageGiuseppe Scrivano2022-05-11
| | | | | | f32 is already EOL. Let's use the latest version. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #14176 from giuseppe/test-parallel-rm-cleanupOpenShift Merge Robot2022-05-11
|\ | | | | test: simplify cleanup code
| * test: simplify cleanup codeGiuseppe Scrivano2022-05-10
| | | | | | | | | | | | | | do not try to first stop and then rm but combine the two operations in a single command. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | kube: add support for --userns=Giuseppe Scrivano2022-05-10
| | | | | | | | | | | | | | | | add support to override the user namespace to use for the pod. Closes: https://github.com/containers/podman/issues/7504 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | kube: honor pod security context IDsGiuseppe Scrivano2022-05-10
|/ | | | | | | | If the RunAsUser, RunAsGroup, SupplementalGroups settings are not overriden in the container security context, then take the value from the pod security context. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>