summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ | | | | libpod/container_internal: Deprecate implicit hook directories
| * libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | create pod on the flybaude2018-12-03
| | | | | | | | | | | | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* | podman pod existsbaude2018-12-03
|/ | | | | | | | | like containers and images, users would benefit from being able to check if a pod exists in local storage. if the pod exists, the return code is 0. if the pod does not exists, the return code is 1. Any other return code indicates a real errors, such as permissions or runtime. Signed-off-by: baude <bbaude@redhat.com>
* Add create test with --mount flagYiqiao Pu2018-11-29
| | | | Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Merge pull request #1890 from baude/disablecheckpointtestsOpenShift Merge Robot2018-11-28
|\ | | | | disable checkpoint tests on f29
| * disable checkpoint tests on f29baude2018-11-28
| | | | | | | | | | | | temporarily disabling checkpoint tests on f29 as they don't currently pass. Signed-off-by: baude <bbaude@redhat.com>
* | test, rootless: specify USER env variableGiuseppe Scrivano2018-11-28
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1798 from giuseppe/fix-notify-socketOpenShift Merge Robot2018-11-28
|\ | | | | systemd: fix NOTIFY_SOCKET with patched runc
| * tests: fix NOTIFY_SOCKET testGiuseppe Scrivano2018-11-28
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * test: fix test for NOTIFY_SOCKETGiuseppe Scrivano2018-11-28
| | | | | | | | | | | | do not make any assumption on the path inside of the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1879 from mheon/stop_stopped_is_validOpenShift Merge Robot2018-11-28
|\ \ | |/ |/| Stopping a stopped container is not an error for Podman
| * Add test to ensure stopping a stopped container worksMatthew Heon2018-11-28
| | | | | | | | | | | | | | We regressed on this at some point. Adding a new test should help ensure that doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1848 from adrianreber/masterOpenShift Merge Robot2018-11-28
|\ \ | |/ |/| Add tcp-established to checkpoint/restore
| * Added more checkpoint/restore test casesAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | This adds checkpoint/restore test cases for the newly added options * --leave-running * --tcp-established * --all * --latest Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #1849 from giuseppe/report-rootless-netmodeOpenShift Merge Robot2018-11-28
|\ \ | | | | | | rootless: add new netmode "slirp4netns"
| * | rootless: add new netmode "slirp4netns"Giuseppe Scrivano2018-11-27
| | | | | | | | | | | | | | | | | | | | | | | | so that inspect reports the correct network configuration. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | tests: change return type for PodmanAsUser to PodmanTestIntegrationGiuseppe Scrivano2018-11-27
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / rootless: fix cleanupGiuseppe Scrivano2018-11-28
|/ | | | | | | | | | | | | The conmon exit command is running inside of a namespace where the process is running with uid=0. When it launches again podman for the cleanup, podman is not running in rootless mode as the uid=0. Export some more env variables to tell podman we are in rootless mode. Closes: https://github.com/containers/libpod/issues/1859 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: cleanup CNI network used by the testsGiuseppe Scrivano2018-11-27
| | | | | | | | issue introduced with: https://github.com/containers/libpod/pull/1871 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ | | | | Improve podman run --mount test
| * Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
| * Update test case name to podman run with --mount flagYiqiao Pu2018-11-27
| | | | | | | | | | | | | | Update the test case name to make it easier to filter --mount related test cases with -ginkgo.focus. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | Merge pull request #1871 from ypu/ip-testOpenShift Merge Robot2018-11-27
|\ \ | | | | | | Add some tests for --ip flag with run and create command
| * | Add some tests for --ip flag with run and create commandYiqiao Pu2018-11-27
| |/ | | | | | | Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* | Merge pull request #1850 from vrothberg/mount-propagationOpenShift Merge Robot2018-11-27
|\ \ | |/ |/| set root propagation based on volume properties
| * set root propagation based on volume propertiesValentin Rothberg2018-11-26
| | | | | | | | | | | | | | | | | | | | | | | | Set the root propagation based on the properties of volumes and default mounts. To remain compatibility, follow the semantics of Docker. If a volume is shared, keep the root propagation shared which works for slave and private volumes too. For slave volumes, it can either be shared or rshared. Do not change the root propagation for private volumes and stick with the default. Fixes: #1834 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* | add podman container|image existsbaude2018-11-26
|/ | | | | | | | | | Add an exists subcommand to podman container and podman image that allows users to verify the existence of a container or image by ID or name. The return code can be 0 (success), 1 (failed to find), or 125 (failed to work with runtime). Issue #1845 Signed-off-by: baude <bbaude@redhat.com>
* Allow users to expose ports from the pod to the hostbaude2018-11-20
| | | | | | | | | | we need to allow users to expose ports to the host for the purposes of networking, like a webserver. the port exposure must be done at the time the pod is created. strictly speaking, the port exposure occurs on the infra container. Signed-off-by: baude <bbaude@redhat.com>
* Fix no-new-privileges testYiqiao Pu2018-11-16
| | | | | | Update the test to compare the output from different containers. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Separate common used test functions and structs to test/utilsYiqiao Pu2018-11-16
| | | | | | | Put common used test functions and structs to a separated package. So we can use them for more testsuites. Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* rm -f now removes a paused containerbaude2018-11-08
| | | | | | | | | | | | We now can remove a paused container by sending it a kill signal while it is paused. We then unpause the container and it is immediately killed. Also, reworked how the parallelWorker results are handled to provide a more consistent approach to how each subcommand implements it. It also fixes a bug where if one container errors, the error message is duplicated when printed out. Signed-off-by: baude <bbaude@redhat.com>
* Fix run --hostname test that started failing post-mergeMatthew Heon2018-11-07
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #1751 from QiWang19/issue1745OpenShift Merge Robot2018-11-07
|\ | | | | Add hostname to /etc/hosts
| * Add hostname to /etc/hostsQi Wang2018-11-07
| | | | | | | | Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Fix cleanup for "Pause a bunch of running containers"baude2018-11-06
|/ | | | | | | | When running integration tests in our CI, we observe a problem where paused containers are not able to be stopped; and therefore cannot be cleaned up. This leaves dangling mounts and sometimes zombied conmon processes. Signed-off-by: baude <bbaude@redhat.com>
* Make kill, pause, and unpause parallel.baude2018-11-01
| | | | | | | | | | | Operations like kill, pause, and unpause -- which can operation on one or more containers -- can greatly benefit from parallizing its main job (eq kill). In the case of pauseand unpause, an --all option as was added. pause --all will pause all **running** containers. And unpause --all will unpause all **paused** containers. Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1738 from baude/pararestartOpenShift Merge Robot2018-11-01
|\ | | | | Make restart parallel and add --all
| * Make restart parallel and add --allbaude2018-11-01
| | | | | | | | | | | | | | | | | | | | When attempting to restart many containers, we can benefit from making the restarts parallel. For convenience, two new options are added: --all attempts to restart all containers --run-only when used with --all will attempt to restart only running containers Signed-off-by: baude <bbaude@redhat.com>
* | replace quay.io/baude to quay.io/libpodbaude2018-11-01
| | | | | | | | | | | | | | images used for our integration suite have moved from my work account to a group organization called libpod. Signed-off-by: baude <bbaude@redhat.com>
* | allow ppc64le to pass libpod integration testsbaude2018-10-31
|/ | | | | | | | | | | | | | this pr allows the libpod integration suite to pass on the ppc64le architecture. in some cases, I had to skip tests. eventually, these tests need to be fixed so that they properly pass. of note for this PR is: * changed the ppc64le default container os to be overlay (over vfs) as vfs seems non-performant on ppc64le * still run vfs for rootless operations * some images names for ppc64le had to change because they don't exist. * this should help getting our CI to run on the platform Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #1585 from rhatdan/labelsOpenShift Merge Robot2018-10-26
|\ | | | | Add tests for selinux labels
| * Add tests for selinux labelsDaniel J Walsh2018-10-25
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | runlabel: run any commandValentin Rothberg2018-10-24
|/ | | | | | | | | | | | | | | | As discussed [1], the runlabel command should execute any command specified in a label. The reasoning behind is that we cannot restrict which options are passed to Podman which thereby has full access to the host (runlabels must be used with care). With the updated semantics, runlabel will substitute the commands with a basepath equal to "docker" or "podman" with "/proc/self/exe", and otherwise leave the command unchanged to execute any other command on the host. [1] https://github.com/containers/libpod/pull/1607#issuecomment-428321382 Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
* Merge pull request #1638 from baude/fastpsOpenShift Merge Robot2018-10-23
|\ | | | | Make podman ps fast
| * Make podman ps fastbaude2018-10-23
| | | | | | | | | | | | Like Ricky Bobby, we want to go fast. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1627 from adrianreber/criuOpenShift Merge Robot2018-10-23
|\ \ | | | | | | Add CRIU version check for checkpoint and restore
| * | tests: use existing CRIU version checkAdrian Reber2018-10-23
| |/ | | | | | | | | | | | | Do not re-implement the CRIU version check in the test suite, use it from libpod/pkg/criu. Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #1697 from baude/statserrOpenShift Merge Robot2018-10-23
|\ \ | | | | | | correct stats err with non-running containers
| * | correct stats err with non-running containersbaude2018-10-22
| |/ | | | | | | | | | | | | when doing stats -a|--all, if you have non-running containers, we should not error on not being able to get information like PID, etc on them. Signed-off-by: baude <bbaude@redhat.com>