aboutsummaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Merge pull request #8226 from ↵OpenShift Merge Robot2020-11-03
|\ | | | | | | | | debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME Test $HOME when it's parent is bind mounted with --userns=keep-id
| * Test $HOME when it's parent is bind mounted with --userns=keep-idDebarshi Ray2020-11-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When --userns=keep-id is used, Podman is supposed to set up the home directory of the user inside the container to match that on the host as long as the home directory or any of its parents are marked as volumes to be bind mounted into the container. Currently, the test only considers the case where the home directory itself is bind mounted into the container. It doesn't cover the Podman code that walks through all the bind mounts looking for ancestors in case the home directory itself wasn't specified as a bind mount. Therefore, this improves the existing test added in commit 6ca8067956128585 ("Setup HOME environment when using --userns=keep-id") Note that this test can't be run as root. The home directory of the root user is /root, and it's parent is /. Bind mounting the entire / from the host into the container prevents it from starting: Error: openat2 ``: No such file or directory: OCI not found Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
|/ | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ | | | | Fix dnsname when joining a different network namespace in a pod
| * Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| | | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8201 from QiWang19/search-limitOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Remove search limit since pagination support
| * | Remove search limit since pagination supportQi Wang2020-10-30
| |/ | | | | | | | | | | Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries. Signed-off-by: Qi Wang <qiwan@redhat.com>
* / Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
|/ | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ | | | | Move from docker.io
| * move from docker.ioEd Santiago2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8081 from mheon/pod_degradedOpenShift Merge Robot2020-10-28
|\ \ | |/ |/| Add a Degraded state to pods
| * Add a Degraded state to podsMatthew Heon2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Make a distinction between pods that are completely running (all containers running) and those that have some containers going, but not all, by introducing an intermediate state between Stopped and Running called Degraded. A Degraded pod has at least one, but not all, containers running; a Running pod has all containers running. First step to a solution for #7213. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ | | | | | | Add pod, volume, network to inspect package
| * | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | build(deps): bump github.com/containers/common from 0.26.0 to 0.26.3Daniel J Walsh2020-10-27
|/ / | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3. - [Release notes](https://github.com/containers/common/releases) - [Commits](containers/common@v0.26.0...v0.26.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8053 from rhatdan/detachkeysOpenShift Merge Robot2020-10-22
|\ \ | | | | | | podman create doesn't support creating detached containers
| * | podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8110 from lsm5/cap-net-rawOpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | replace net_raw with setuid
| * | | replace net_raw with setuidLokesh Mandvekar2020-10-22
| |/ / | | | | | | | | | | | | | | | podman does not allow setting CAP_NET_RAW Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* | | Merge pull request #8101 from mheon/net_none_hostnameOpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | Add hostname to /etc/hosts for --net=none
| * | | Add hostname to /etc/hosts for --net=noneMatthew Heon2020-10-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | This does not match Docker, which does not add hostname in this case, but it seems harmless enough. Fixes #8095 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #7956 from QiWang19/save-rm-sigOpenShift Merge Robot2020-10-22
|\ \ \ | |/ / |/| | Allow save image remove-signatures
| * | save image remove signaturesQi Wang2020-10-21
| | | | | | | | | | | | | | | | | | | | | remove signatures to podman save since the image formats do not support signatures Close: #7659 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #8093 from rhatdan/waitOpenShift Merge Robot2020-10-21
|\ \ \ | | | | | | | | Fix handling and documentation of podman wait --interval
| * | | Fix handling and documentation of podman wait --intervalDaniel J Walsh2020-10-21
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In older versions of podman, we supported decimal numbers defaulting to microseconds. This PR fixes to allow users to continue to specify only digits. Also cleaned up documentation to fully describe what input for --interval flag. Finally improved testing on podman wait to actually make sure the command succeeded. Fixed tests to work on podman-remote. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7948 from saschagrunert/ps-fixOpenShift Merge Robot2020-10-21
|\ \ \ | | | | | | | | Fix ps port output
| * | | Fix ps port outputSascha Grunert2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When defining multiple ports (same src/dst) like `-p 80:80 -p 443:443` then podman will not show the complete output on `podman ps` (only `0.0.0.0:80->80/tcp` in the example). This also applies to port ranges. This patch refactors the port loop by pre-checking for ranges and displaying them correctly to the end user. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #8065 from edsantiago/flake_tweaksOpenShift Merge Robot2020-10-21
|\ \ \ \ | |_|/ / |/| | | Tests: Fix common flakes, and improve apiv2 test log
| * | | Tests: Fix common flakes, and improve apiv2 test logEd Santiago2020-10-20
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - apiv2 - the 'ten /info requests' test is flaking often, taking ~8 seconds (our limit is 7, up from 5 a few weeks ago). Brent suggested that the first /info call might be expensive, because it needs to access storage. So, let's prime it by running one /info outside the timing loop. And, because even that continues to fail, bump it up to 10 seconds and file #8076 to track the slowdown. - toolbox test - WaitForReady() has timed out, even on one occasion causing a run failure because it failed 3 times. Solution: bump up timeout from 2s to 5s. Not really great, but CI systems are underpowered, and it's not unreasonable that 2s might be too low. - sdnotify test - add a 'podman wait' between stop & rm. This may prevent a "cannot rm container as it is running" race condition. While working on this, Brent and I noticed a few ways that test-apiv2 logging can be improved: - test name: when request is POST, display the jsonified parameters, not the original input ones. This should make it much easier to reproduce failures. - use curl's "--write-out" option to capture http code, content type, and request time. We were getting the first two via grep from logged headers; this is cleaner. And there was no other way to get timing. We now include the timing as X-Response-Time in the log file. - abort on *any* curl error, not just 7 (cannot connect). Any error at all from curl is bad news. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #8075 from mheon/fix_8073OpenShift Merge Robot2020-10-20
|\ \ \ | | | | | | | | Retrieve network inspect info from dependency container
| * | | Retrieve network inspect info from dependency containerMatthew Heon2020-10-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container either joins a pod that shares the network namespace or uses `--net=container:` to share the network namespace of another container, it does not have its own copy of the CNI results used to generate `podman inspect` output. As such, to inspect these containers, we should be going to the container we share the namespace with for network info. Fixes #8073 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Merge pull request #8042 from rhatdan/tlsverifyOpenShift Merge Robot2020-10-20
|\ \ \ | | | | | | | | --tls-verify and --authfile should work for all remote commands
| * | | --tls-verify and --authfile should work for all remote commandsDaniel J Walsh2020-10-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | These options are now fully supported in the remote API and should no longer be hidden and/or documented as non supported. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8067 from mheon/net_host_hostsOpenShift Merge Robot2020-10-20
|\ \ \ \ | |_|/ / |/| | | Ensure that hostname is added to hosts with net=host
| * | | Ensure that hostname is added to hosts with net=hostMatthew Heon2020-10-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a container uses --net=host the default hostname is set to the host's hostname. However, we were not creating any entries in `/etc/hosts` despite having a hostname, which is incorrect. This hostname, for Docker compat, will always be the hostname of the host system, not the container, and will be assigned to IP 127.0.1.1 (not the standard localhost address). Also, when `--hostname` and `--net=host` are both passed, still use the hostname from `--hostname`, not the host's hostname (we still use the host's hostname by default in this case if the `--hostname` flag is not passed). Fixes #8054 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | | Add a system test to verify --runtime is preservedMatthew Heon2020-10-20
| |_|/ |/| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Make invalid image name error more specificJordan Christiansen2020-10-19
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, using an invalid image name would produce an error like this: Error: error encountered while bringing up pod test-pod-0: invalid reference format This message didn't specify that there was an problem with an image name, and it didn't specify which image name had a problem if there were multiple. Now the error reads: Error: error encountered while bringing up pod test-pod-0: Failed to parse image "./myimage": invalid reference format Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
* | Merge pull request #8039 from zhangguanzhang/runlabel-panicOpenShift Merge Robot2020-10-16
|\ \ | |/ |/| Fix panic when runlabel is missing
| * Fix panic when runlabel is missingzhangguanzhang2020-10-16
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Fix podman image trust show --raw outputPaul Holzinger2020-10-15
|/ | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8013 from rhatdan/homedirOpenShift Merge Robot2020-10-15
|\ | | | | Setup HOME environment when using --userns=keep-id
| * Setup HOME environment when using --userns=keep-idDaniel J Walsh2020-10-14
| | | | | | | | | | | | | | | | | | | | | | Currently the HOME environment is set to /root if the user does not override it. Also walk the parent directories of users homedir to see if it is volume mounted into the container, if yes, then set it correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Restore --format table supportJhon Honce2020-10-13
|/ | | | | | | | | | | | * system df * events * fix error handling from go routine * update tests to use gomega matchers for better error messages * system info * version * volume inspect Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #7853 from xordspar0/play-kube-limits-#7742OpenShift Merge Robot2020-10-12
|\ | | | | Add support for resource limits to play kube
| * Add support for resource limits to play kubeJordan Christiansen2020-10-12
| | | | | | | | Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>