summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Merge pull request #8942 from rhatdan/pushOpenShift Merge Robot2021-01-17
|\ | | | | Allow podman push to push manifest lists
| * Allow podman push to push manifest listsDaniel J Walsh2021-01-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a podman images, manifests lists look just like images, so it is logical that users would assume that they can just podman push them to a registry. The problem is we throw out weird errors when this happens and users need to somehow figure out this is a manifest list rather then an image, and frankly the user will not understand the difference. This PR will make podman push just do the right thing, by failing over and attempting to push the manifest if it fails to push the image. Fix up handling of manifest push Protocol should bring back a digest string, which can either be printed or stored in a file. We should not reimplement the manifest push setup code in the tunnel code but take advantage of the api path, to make sure remote and local work the same way. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8456 from kazimsarikaya/fix-send-tarOpenShift Merge Robot2021-01-15
|\ \ | | | | | | podman remote send tar
| * | podman-remote fix sending tar contentKazım SARIKAYA2021-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.) podman cannot send proper dockerfile when it is not inside root folder. 2.) support for sending symlinks and folders inside context dir 3.) when sending context dir as tar to remote, prevent sending items inside .dockerignore Signed-off-by: Kazım SARIKAYA <kazimsarikaya@sanaldiyar.com>
* | | Merge pull request #8949 from giuseppe/sysfs-for-rootlessOpenShift Merge Robot2021-01-15
|\ \ \ | | | | | | | | specgen: improve heuristic for /sys bind mount
| * | | specgen: improve heuristic for /sys bind mountGiuseppe Scrivano2021-01-15
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | partially revert 95c45773d7dbca2880152de681c81f0a2afec99b restrict the cases where /sys is bind mounted from the host. The heuristic doesn't detect all the cases where the bind mount is not necessary, but it is an improvement on the previous version where /sys was always bind mounted for rootless containers unless --net none was specified. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8983 from rhatdan/testOpenShift Merge Robot2021-01-15
|\ \ \ | | | | | | | | Turn on podman pod stats test for rootless cgroup v2
| * | | Turn on podman pod stats test for rootless cgroup v2Daniel J Walsh2021-01-15
| |/ / | | | | | | | | | | | | | | | | | | These tests should only be blocked for cgroups V1 Fixes: https://github.com/containers/podman/issues/8734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / Container rename bindingsPaul Holzinger2021-01-15
|/ / | | | | | | | | | | Add bindings and podman-remote support for container rename. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8955 from mheon/renameOpenShift Merge Robot2021-01-14
|\ \ | | | | | | Container Rename
| * | Initial implementation of renaming containersMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Basic theory: We remove the container, but *only from the DB*. We leave it in c/storage, we leave the lock allocated, we leave it running (if it is). Then we create an identical container with an altered name, and add that back to the database. Theoretically we now have a renamed container. The advantage of this approach is that it doesn't just apply to rename - we can use this to make *any* configuration change to a container that does not alter its container ID. Potential problems are numerous. This process is *THOROUGHLY* non-atomic at present - if you `kill -9` Podman mid-rename things will be in a bad place, for example. Also, we can't rename containers that can't be removed normally - IE, containers with dependencies (pod infra containers, for example). The largest potential improvement will be to move the majority of the work into the DB, with a `RecreateContainer()` method - that will add atomicity, and let us remove the container without worrying about depencies and similar issues. Potential problems: long-running processes that edit the DB and may have an older version of the configuration around. Most notable example is `podman run --rm` - the removal command needed to be manually edited to avoid this one. This begins to get at the heart of me not wanting to do this in the first place... This provides CLI and API implementations for frontend, but no tunnel implementation. It will be added in a future release (just held back for time now - we need this in 3.0 and are running low on time). This is honestly kind of horrifying, but I think it will work. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Add tests for volume pluginsMatthew Heon2021-01-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | This involves a new test binary (a basic implementation of the volume plugin protocol) and a new image on quay.io (Containerfile to produce it and all sources located in this commit). The image is used to run a containerized plugin we can test against. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Initial implementation of volume pluginsMatthew Heon2021-01-14
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements support for mounting and unmounting volumes backed by volume plugins. Support for actually retrieving plugins requires a pull request to land in containers.conf and then that to be vendored, and as such is not yet ready. Given this, this code is only compile tested. However, the code for everything past retrieving the plugin has been written - there is support for creating, removing, mounting, and unmounting volumes, which should allow full functionality once the c/common PR is merged. A major change is the signature of the MountPoint function for volumes, which now, by necessity, returns an error. Named volumes managed by a plugin do not have a mountpoint we control; instead, it is managed entirely by the plugin. As such, we need to cache the path in the DB, and calls to retrieve it now need to access the DB (and may fail as such). Notably absent is support for SELinux relabelling and chowning these volumes. Given that we don't manage the mountpoint for these volumes, I am extremely reluctant to try and modify it - we could easily break the plugin trying to chown or relabel it. Also, we had no less than *5* separate implementations of inspecting a volume floating around in pkg/infra/abi and pkg/api/handlers/libpod. And none of them used volume.Inspect(), the only correct way of inspecting volumes. Remove them all and consolidate to using the correct way. Compat API is likely still doing things the wrong way, but that is an issue for another day. Fixes #4304 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8960 from giuseppe/bridge-no-post-configOpenShift Merge Robot2021-01-13
|\ \ | | | | | | network: disallow CNI networks with user namespaces
| * | test: use stringid.GenerateNonCryptoID() in more testsGiuseppe Scrivano2021-01-13
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | network: disallow CNI networks with user namespacesGiuseppe Scrivano2021-01-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | it solves a segfault when running as rootless a command like: $ podman run --uidmap 0:0:1 --net foo --rm fedora true panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x30 pc=0x5629bccc407c] goroutine 1 [running]: panic(0x5629bd3d39e0, 0x5629be0ab8e0) /usr/lib/golang/src/runtime/panic.go:1064 +0x545 fp=0xc0004592c0 sp=0xc0004591f8 pc=0x5629bbd35d85 runtime.panicmem(...) /usr/lib/golang/src/runtime/panic.go:212 runtime.sigpanic() /usr/lib/golang/src/runtime/signal_unix.go:742 +0x413 fp=0xc0004592f0 sp=0xc0004592c0 pc=0x5629bbd4cd33 github.com/containers/podman/libpod.(*Runtime).setupRootlessNetNS(0xc0003fe9c0, 0xc0003d74a0, 0x0, 0x0) /builddir/build/BUILD/podman-2.2.1/_build/src/github.com/containers/podman/libpod/networking_linux.go:238 +0xdc fp=0xc000459338 sp=0xc0004592f0 pc=0x5629bccc407c github.com/containers/podman/libpod.(*Container).completeNetworkSetup(0xc0003d74a0, 0x0, 0x0) /builddir/build/BUILD/podman-2.2.1/_build/src/github.com/containers/podman/libpod/container_internal.go:965 +0xb72 fp=0xc0004594d8 sp=0xc000459338 pc=0x5629bcc81732 [.....] Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8961 from rhatdan/kubeOpenShift Merge Robot2021-01-13
|\ \ \ | | | | | | | | play kube: set entrypoint when interpreting Command
| * | | play kube: set entrypoint when interpreting CommandDaniel J Walsh2021-01-13
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now set Entrypoint when interpeting the image Entrypoint (or yaml.Command) and Command when interpreting image Cmd (or yaml.Args) This change is kind of breaking because now checking Config.Cmd won't return the full command, but only the {cmd,args}. Adapt the tests to this change as well Signed-off-by: Peter Hunt <pehunt@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / Fxes /etc/hosts duplicated every time after container restarted in a podzhangguanzhang2021-01-13
|/ / | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #8851 from Luap99/fix-generate-systemd-flag-parsingOpenShift Merge Robot2021-01-12
|\ \ | | | | | | Make podman generate systemd --new flag parsing more robust
| * | Make podman generate systemd --new flag parsing more robustPaul Holzinger2021-01-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First, use the pflag library to parse the flags. With this we can handle all corner cases such as -td or --detach=false. Second, preserve the root args with --new. They are used for all podman commands in the unit file. (e.g. podman --root /tmp run alpine) Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8923 from Afourcat/masterOpenShift Merge Robot2021-01-12
|\ \ \ | | | | | | | | Adding json formatting to `--list-tags` option in `podman search` command.
| * | | Better test and idomatic code.Alexandre Fourcat2021-01-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding another check in the `podman search --list-tags --format json` test case. Replacing an anonymous struct by \`listEntryTag\` struct. Signed-off-by: Alexandre Fourcat <afourcat@gmail.com>
| * | | Adding json formatting to `--list-tags` option in `podman search`Alexandre Fourcat2021-01-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | command. Data is formatted following this JSON structure: ```json { "Name": "...", "Tags": ["...", "...", "..."] } ``` Closes: #8740. Signed-off-by: Alexandre Fourcat <afourcat@gmail.com>
* | | | Merge pull request #8819 from chen-zhuohan/add-pre-checkpointOpenShift Merge Robot2021-01-12
|\ \ \ \ | | | | | | | | | | Add pre-checkpoint and restore with previous
| * | | | add pre checkpointunknown2021-01-10
| |/ / / | | | | | | | | | | | | Signed-off-by: Zhuohan Chen <chen_zhuohan@163.com>
* | | | Add Networks format placeholder to podman ps and pod psPaul Holzinger2021-01-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | `podman ps --format {{.Networks}}` will show all connected networks for this container. For `pod ps` it will show the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Add network filter for podman ps and pod psPaul Holzinger2021-01-09
|/ / / | | | | | | | | | | | | | | | | | | Allow to filter on the network name or full id. For pod ps it will filter on the infra container networks. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8781 from rst0git/cr-volumesOpenShift Merge Robot2021-01-08
|\ \ \ | | | | | | | | Add support for checkpoint/restore of containers with volumes
| * | | test: Add checkpoint/restore with volumesRadostin Stoyanov2021-01-07
| |/ / | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | | Handle podman exec capabilities correctlyDaniel J Walsh2021-01-07
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Containers should not get inheritable caps by defaultDaniel J Walsh2021-01-07
|/ / | | | | | | | | | | | | | | | | | | | | | | When I launch a container with --userns=keep-id the rootless processes should have no caps by default even if I launch the container with --privileged. It should only get the caps if I specify by hand the caps I want leaked to the process. Currently we turn off capeff and capamb, but not capinh. This patch treats capinh the same way as capeff and capamb. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8832 from hshiina/logfileOpenShift Merge Robot2021-01-06
|\ \ | | | | | | Fix e2e test for `podman build --logfile`
| * | Fix e2e test for `podman build --logfile`Hironori Shiina2020-12-24
| |/ | | | | | | | | | | Type casting is necessary to see if the logfile size is not equal to 0. Signed-off-by: Hironori Shiina <Hironori.Shiina@fujitsu.com>
* | Merge pull request #8892 from mheon/fix_8886OpenShift Merge Robot2021-01-06
|\ \ | | | | | | Ensure that user-specified HOSTNAME is honored
| * | Ensure that user-specified HOSTNAME is honoredMatthew Heon2021-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When adding the HOSTNAME environment variable, only do so if it is not already present in the spec. If it is already present, it was likely added by the user, and we should honor their requested value. Fixes #8886 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | Revert e6fbc15f26b2a609936dfc11732037c70ee14cbaMatthew Heon2021-01-06
| | | | | | | | | | | | | | | | | | | | | The issue requiring these tests be disabled should be resolved. Reenable the tests as such. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | generate systemd: do not set `KillMode`Valentin Rothberg2021-01-05
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `KillMode=none` has been deprecated in systemd and is now throwing big warnings when being used. Users have reported the issues upstream (see #8615) and on the mailing list. This deprecation was mainly motivated by an abusive use of third-party vendors causing all kinds of undesired side-effects. For instance, busy mounts that delay reboot. After talking to the systemd team, we came up with the following plan: **Short term**: we can use TimeoutStopSec and remove KillMode=none which will default to cgroup. **Long term**: we want to change the type to sdnotify. The plumbing for Podman is done but we need it for conmon. Once sdnotify is working, we can get rid of the pidfile handling etc. and let Podman handle it. Michal Seklatar came up with a nice idea that Podman increase the time out on demand. That's a much cleaner way than hard-coding the time out in the unit as suggest in the short-term solution. This change is executing the short-term plan and sets a minimum timeout of 60 seconds. User-specified timeouts are added to that. Fixes: #8615 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8869 from giuseppe/make-rundir-accessibleOpenShift Merge Robot2021-01-04
|\ \ | | | | | | systemd: make rundir always accessible
| * | test: fix variable nameGiuseppe Scrivano2021-01-04
| | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | systemd: make rundir always accessibleGiuseppe Scrivano2021-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | so that the PIDFile can be accessed also without being in the rootless user namespace. Closes: https://github.com/containers/podman/issues/8506 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #8863 from mgoltzsche/fix_seccomp_when_privilegedOpenShift Merge Robot2021-01-04
|\ \ \ | |/ / |/| | Disable seccomp by default when creating a privileged container.
| * | fix: disable seccomp by default when privileged.Max Goltzsche2021-01-02
| |/ | | | | | | | | | | | | | | | | When running a privileged container and `SeccompProfilePath` is empty no seccomp profile should be applied. (Previously this was the case only if `SeccompProfilePath` was set to a non-empty default path.) Closes #8849 Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
* | test: fix variables nameGiuseppe Scrivano2020-12-24
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | exec: honor --privilegedGiuseppe Scrivano2020-12-24
|/ | | | | | | write the capabilities to the configuration passed to the OCI runtime. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8792 from bziemons/patch-host-network-spec-8790OpenShift Merge Robot2020-12-23
|\ | | | | Set NetNS mode instead of value
| * Set NetNS mode instead of valueBenedikt Ziemons2020-12-23
| | | | | | | | | | | | | | | | | | | | when HostNetwork is true in the pod spec. Also propagate whether host network namespace should be used for containers. Add test for HostNetwork setting in kubeYaml. The infra configuration should reflect the setting. Signed-off-by: Benedikt Ziemons <ben@rs485.network>
* | Merge pull request #8820 from baude/issue8443OpenShift Merge Robot2020-12-23
|\ \ | | | | | | add --cidfile to container kill
| * | add --cidfile to container killbaude2020-12-23
| |/ | | | | | | | | | | | | | | | | Add the ability to read container ids from one or more files for the kill command. Fixes: #8443 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #8609 from rhatdan/imageOpenShift Merge Robot2020-12-23
|\ \ | |/ |/| Prefer read/write images over read/only images