summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* support tag@digest notationValentin Rothberg2021-05-31
| | | | | | | | | Vendor in the latest HEAd of containers/common to implicitly support the tag@digest notation for images. To remain compatible with Docker, the tag will be stripped off the image reference and is entirely ignored. Fixes: #6721 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10447 from mheon/rootlesscni_defaultOpenShift Merge Robot2021-05-26
|\ | | | | Add the option of Rootless CNI networking by default
| * Add the option of Rootless CNI networking by defaultMatthew Heon2021-05-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns. If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config). I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with. Signed-off-by: Matthew Heon <mheon@redhat.com>
* | journald logger: fix race conditionValentin Rothberg2021-05-26
|/ | | | | | | | | | | | | | | | | | | | | | | Fix a race in journald driver. Following the logs implies streaming until the container is dead. Streaming happened in one goroutine, waiting for the container to exit/die and signaling that event happened in another goroutine. The nature of having two goroutines running simultaneously is pretty much the core of the race condition. When the streaming goroutines received the signal that the container has exitted, the routine may not have read and written all of the container's logs. Fix this race by reading both, the logs and the events, of the container and stop streaming when the died/exited event has been read. The died event is guaranteed to be after all logs in the journal which guarantees not only consistencty but also a deterministic behavior. Note that the journald log driver now requires the journald event backend to be set. Fixes: #10323 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #10430 from sjug/noop_gpu_flagOpenShift Merge Robot2021-05-26
|\ | | | | Add podman run --gpus flag for compatibility
| * Add podman run --gpus flag for compatibilitySebastian Jug2021-05-25
| | | | | | | | | | | | | | - Add log message for --gpus flag - Add test Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | Merge pull request #10408 from Luap99/fix-10283OpenShift Merge Robot2021-05-25
|\ \ | | | | | | Fix network create macvlan with subnet option
| * | Fix network create macvlan with subnet optionPaul Holzinger2021-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creating a macvlan network with the subnet or ipRange option should set the ipam plugin type to `host-local`. We also have to insert the default route. Fixes #10283 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Fix race condition in running ls container in a podDaniel J Walsh2021-05-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All of the tests has an assumption that RunLsContainer and RunLsContainerInPod completes the container before returning. But since the container is running in back ground mode, the container could be still running before tools attempt to remove it. Removing the "-d" from the command fixes the container to match the assumption. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Podman info add support for status of cgroup controllersflouthoc2021-05-24
| |/ |/| | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #10377 from vrothberg/test-commonOpenShift Merge Robot2021-05-20
|\ \ | | | | | | update c/common
| * | update c/commonValentin Rothberg2021-05-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update containers common to the latest HEAD. Some bug fixes in libimage forced us to have a clearer separation between ordinary images and manifest lists. Hence, when looking up manifest lists without recursing into any of their instances, we need to use `LookupManifestList()`. Also account for some other changes in c/common (e.g., the changed order in the security labels). Further vendor the latest HEAD from Buildah which is required to get the bud tests to pass. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Add support for podman manifest rm commandDaniel J Walsh2021-05-19
|/ / | | | | | | | | | | This is mainly to match command line of Docker. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / Fix problem copying files when container is in host pid namespaceDaniel J Walsh2021-05-19
|/ | | | | | | | | | | | | | When attempting to copy files into and out of running containers within the host pidnamespace, the code was attempting to join the host pidns again, and getting an error. This was causing the podman cp command to fail. Since we are already in the host pid namespace, we should not be attempting to join. This PR adds a check to see if the container is in NOT host pid namespace, and only then attempts to join. Fixes: https://github.com/containers/podman/issues/9985 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10334 from mheon/add_relabel_vol_pluginOpenShift Merge Robot2021-05-17
|\ | | | | Ensure that :Z/:z/:U can be used with named volumes
| * Ensure that :Z/:z/:U can be used with named volumesMatthew Heon2021-05-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker allows relabeling of any volume passed in via -v, even including named volumes. This normally isn't an issue at all, given named volumes get the right label for container access automatically, but this becomes an issue when volume plugins are involved - these aren't managed by Podman, and may well be unaware of SELinux labelling. We could automatically relabel these volumes on creation, but I'm still reluctant to do that (feels like it could break things). Instead, let's allow :z and :Z to be used with named volumes, so users can explicitly request relabel of a volume plugin-backed volume. We also get :U at the same time. I don't see any real need for it but it also doesn't seem to hurt, so I didn't bother disabling it. Fixes #10273 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #10366 from ashley-cui/secretoptionsOpenShift Merge Robot2021-05-17
|\ \ | | | | | | Support uid,gid,mode options for secrets
| * | Support uid,gid,mode options for secretsAshley Cui2021-05-17
| |/ | | | | | | | | | | | | Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #10363 from vrothberg/fix-10350OpenShift Merge Robot2021-05-17
|\ \ | | | | | | image prune: remove unused images only with `--all`
| * | image prune: remove unused images only with `--all`Valentin Rothberg2021-05-17
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a regression in `podman image prune` where unused images were accidentally removed even when `--all=false`. Extend and partially rewrite the e2e tests to make sure we're not regressing again in the future. Fixing the aforementioned issue revealed another issue in the default prune filter. While prune should remove all "dangling" images (i.e., those without tag), it removed only "intermediate" ones; dangling images without children. Remove the mistaken comment from the libimage migration. Also clarify the help message and man page. Fixes: #10350 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman network reload add rootless supportPaul Holzinger2021-05-17
|/ | | | | | | | | | Allow podman network reload to be run as rootless user. While it is unlikely that the iptable rules are flushed inside the rootless cni namespace, it could still happen. Also fix podman network reload --all to ignore errors when a container does not have the bridge network mode, e.g. slirp4netns. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #10254 from jmguzik/prune-filter-cliOpenShift Merge Robot2021-05-14
|\ | | | | Add support for cli network prune --filter flag
| * Add support for cli network prune --filter flagJakub Guzik2021-05-12
| | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | Merge pull request #10300 from jwhonce/issues/10289OpenShift Merge Robot2021-05-12
|\ \ | | | | | | Add host.serviceIsRemote to podman info results
| * | Add host.serviceIsRemote to podman info resultsJhon Honce2021-05-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Developers asked for a deterministic field to verify if podman is running via API or linked directly to libpod library. $ podman info --format '{{.Host.ServiceIsRemote}}' false $ podman-remote info --format '{{.Host.ServiceIsRemote}}' true $ podman --remote info --format '{{.Host.ServiceIsRemote}}' true * docs/conf.py formatted via black Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | podman image tree: restore previous behaviorValentin Rothberg2021-05-12
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The initial version of libimage changed the order of layers which has now been restored to remain backwards compatible. Further changes: * Fix a bug in the journald logging which requires to strip trailing new lines from the message. The system tests did not pass due to empty new lines. Triggered by changing the default logger to journald in containers/common. * Fix another bug in the journald logging which embedded the container ID inside the message rather than the specifid field. That surfaced in a preceeding whitespace of each log line which broke the system tests. * Alter the system tests to make sure that the k8s-file and the journald logging drivers are executed. * A number of e2e tests have been changed to force the k8s-file driver to make them pass when running inside a root container. * Increase the timeout in a kill test which seems to take longer now. Reasons are unknown. Tests passed earlier and no signal-related changes happend. It may be CI VM flake since some system tests but other flaked. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Remove obsolete skipsEd Santiago2021-05-10
|/ | | | | | | | | | | | | The following bugs seem to be fixed: * #6510 (e2e tests) - podman rmi gives "layer not known" * #9915 (buildah-bud tests) - podman build --arch * #10248 - spurious warning from first-ever invocation of rootless podman Signed-off-by: Ed Santiago <santiago@redhat.com>
* Kube like pods should share ipc,net,uts by defaultflouthoc2021-05-10
| | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #10202 from EduardoVega/9763-kube-auto-updateOpenShift Merge Robot2021-05-07
|\ | | | | Add support to preserve auto-update labels in play / generate kube
| * Adds support to preserve auto update labels in generate and play kubeEduardo Vega2021-05-06
| | | | | | | | | | | | In the case of generate kube the auto-update labels will be converted into kube annotations and for play kube they will be converted back to labels since that's what podman understands Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | Merge pull request #10221 from ashley-cui/envsecOpenShift Merge Robot2021-05-07
|\ \ | | | | | | Add support for environment variable secrets
| * | Add support for environment variable secretsAshley Cui2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #10238 from bacher09/fix-inf-loopOpenShift Merge Robot2021-05-07
|\ \ \ | | | | | | | | Fix infinite loop in isPathOnVolume
| * | | Fix infinite loop in isPathOnVolumeSlava Bacherikov2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filepath.Dir in some cases returns `.` symbol and calling this function again returns same result. In such cases this function never returns and causes some operations to stuck forever. Closes #10216 Signed-off-by: Slava Bacherikov <slava@bacher09.org>
* | | | CI: run rootless tests under ubuntuEd Santiago2021-05-06
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: to catch errors before they surface in RHEL. One of the Ubuntus is specially crafted to run with cgroups v1 and runc. Although this isn't quite the same as RHEL, it's as close as we can come in our CI environment, and I suspect it would have caught #10234 (a regression). Sorry, team. Also: play kube limits test: skip on all rootless, not just rootless+fedora. There was a complicated and unnecessary check in there for Fedora. Also: workaround for bug #10248, a spurious error message on the first invocation of rootless podman on Ubuntu.Old Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | codespell cleanupDaniel J Walsh2021-05-05
|/ / | | | | | | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ \ | | | | | | Add filepath glob support to --security-opt unmask
| * | Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ \ | | | | | | | | add --mac-address to podman play kube
| * | | add --mac-address to podman play kubePaul Holzinger2021-05-04
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / / migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | cgroup: always honor --cgroup-parent with cgroupfsGiuseppe Scrivano2021-05-03
| | | | | | | | | | | | | | | | | | if --cgroup-parent is specified, always honor it without doing any detection whether cgroups are supported or not. Closes: https://github.com/containers/podman/issues/10173 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Use seccomp_profile as default profile if defined in containers.confPablo Correa Gómez2021-04-28
| | | | | | | | | | | | | | Edits `podman info` to provide the default seccomp profile detected in the output Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Add podman run --timeout option
| * | Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Skip blkio-weight test when no kernel BFQ supportChris Evich2021-04-27
| | | | | | | | | | | | | | | | | | | | | Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the distro. skip this test if the required cgroup node doesn't exist. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #10136 from zhangguanzhang/generate-kube-volumeOpenShift Merge Robot2021-04-27
|\ \ \ | | | | | | | | Fixes generate kube incorrect when bind-mounting "/" and "/root"
| * | | Fixes generate kube incorrect when bind-mounting "/" and "/root"zhangguanzhang2021-04-26
| |/ / | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #10074 from flouthoc/ancestor-truncate-bugOpenShift Merge Robot2021-04-26
|\ \ \ | |_|/ |/| | Fix podman ps --filter ancestor to match exact ImageName/ImageID
| * | Fix podman ps --filter ancestor to match exact ImageName/ImageIDflouthoc2021-04-25
| |/ | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>