summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* Allow empty host port in --publish flagMatthew Heon2020-06-29
| | | | | | | | | | | | | | | | | I didn't believe that this was actually legal, but it looks like it is. And, unlike our previous understanding (host port being empty means just use container port), empty host port actually carries the same meaning as `--expose` + `--publish-all` (that is, assign a random host port to the given container port). This requires a significant rework of our port handling code to handle this new case. I don't foresee this being commonly used, so I optimized having a fixed port number as fast path, which this random assignment code running after the main port handling code only if necessary. Fixes #6806 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6767 from vrothberg/sec-opt-testOpenShift Merge Robot2020-06-26
|\ | | | | e2e inspect: HostConfig.SecurityOpt
| * e2e inspect: HostConfig.SecurityOptValentin Rothberg2020-06-25
| | | | | | | | | | | | | | Make sure that all specified security options are displayed in a container's inspect data. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6756 from mheon/add_dangling_filterOpenShift Merge Robot2020-06-26
|\ \ | | | | | | Add support for dangling filter to volumes
| * | Add support for dangling filter to volumesMatthew Heon2020-06-24
| |/ | | | | | | | | | | | | | | | | The dangling filter determine whether a volume is dangling - IE, it has no containers attached using it. Unlike our other filters, this one is a boolean - must be true or false, not arbitrary values. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / Print port mappings in `ps` for ctrs sharing networkMatthew Heon2020-06-24
|/ | | | | | | | | In Podman v1.9, we printed port mappings for the container, even if it shared its network namespace (and thus ports) with another container. We regressed on this in Podman v2.0, which is fixed here. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #6732 from mheon/fix_stopsignal_setOpenShift Merge Robot2020-06-24
|\ | | | | Set stop signal to 15 when not explicitly set
| * Set stop signal to 15 when not explicitly setMatthew Heon2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When going through the output of `podman inspect` to try and identify another issue, I noticed that Podman 2.0 was setting StopSignal to 0 on containers by default. After chasing it through the command line and SpecGen, I determined that we were actually not setting a default in Libpod, which is strange because I swear we used to do that. I re-added the disappeared default and now all is well again. Also, while I was looking for the bug in SpecGen, I found a bunch of TODOs that have already been done. Eliminate the comments for these. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6746 from vrothberg/untagOpenShift Merge Robot2020-06-24
|\ \ | | | | | | podman untag: error if tag doesn't exist
| * | podman untag: error if tag doesn't existValentin Rothberg2020-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Throw an error if a specified tag does not exist. Also make sure that the user input is normalized as we already do for `podman tag`. To prevent regressions, add a set of end-to-end and systemd tests. Last but not least, update the docs and add bash completions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #6729 from QiWang19/inspect-formatOpenShift Merge Robot2020-06-24
|\ \ \ | | | | | | | | Reformat inspect network settings
| * | | Reformat inspect network settingsQi Wang2020-06-23
| |/ / | | | | | | | | | | | | | | | Reformat ports of inspect network settings to compatible with docker inspect. Close #5380 Signed-off-by: Qi Wang <qiwan@redhat.com>
* / / libpod: specify mappings to the storageGiuseppe Scrivano2020-06-24
|/ / | | | | | | | | | | | | | | | | | | | | | | specify the mappings in the container configuration to the storage when creating the container so that the correct mappings can be configured. Regression introduced with Podman 2.0. Closes: https://github.com/containers/libpod/issues/6735 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / Add tests for --privileged with other flagsMatthew Heon2020-06-23
|/ | | | | | | | With Podman v2.0, we broke (or thought we were going to break) using `--privileged` with `--group-add` and `--security-opt` (specifically using `--security-opt` for SELinux config). Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #6625 from QiWang19/fdOpenShift Merge Robot2020-06-23
|\ | | | | Add --preservefds to podman run
| * Add --preservefds to podman runQi Wang2020-06-19
| | | | | | | | | | | | Add --preservefds to podman run. close https://github.com/containers/libpod/issues/6458 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6702 from jgallucci32/follow-logs-pollOpenShift Merge Robot2020-06-22
|\ \ | | | | | | Stop following logs using timers
| * | Add explicit command to alpine container in test case.jgallucci322020-06-22
| | | | | | | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
| * | Stop following logs using timersjgallucci322020-06-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This incorporates code from PR #6591 and #6614 but does not use event channels to detect container state and rather uses timers with a defined wait duration before calling t.StopAtEOF() to ensure the last log entry is output before a container exits. The polling interval is set to 250 milliseconds based on polling interval defined in hpcloud/tail here: https://github.com/hpcloud/tail/blob/v1.0.0/watch/polling.go#L117 Co-authored-by: Qi Wang <qiwan@redhat.com> Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | | Merge pull request #6683 from rhatdan/hostnameOpenShift Merge Robot2020-06-21
|\ \ \ | | | | | | | | Add container name to the /etc/hosts within the container
| * | | Add container name to the /etc/hosts within the containerDaniel J Walsh2020-06-20
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This will allow containers that connect to the network namespace be able to use the container name directly. For example you can do something like podman run -ti --name foobar fedora ping foobar While we can do this with hostname now, this seems more natural. Also if another container connects on the network to this container it can do podman run --network container:foobar fedora ping foobar And connect to the original container,without having to discover the name. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #6671 from rhatdan/buildOpenShift Merge Robot2020-06-21
|\ \ \ | |/ / |/| | Fix podman build handling of --http-proxy flag
| * | Fix podman build handling of --http-proxy flagDaniel J Walsh2020-06-19
| |/ | | | | | | | | | | Also fixed a todo for handling of cgroup manager while I was in there. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6621 from vrothberg/bz-1846629OpenShift Merge Robot2020-06-20
|\ \ | | | | | | search: allow wildcards
| * | search: allow wildcardsValentin Rothberg2020-06-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow wildcards in the search term. Note that not all registries support wildcards and it may only work with v1 registries. Note that searching implies figuring out if the specified search term includes a registry. If there's not registry detected, the search term will be used against all configured "unqualified-serach-registries" in the registries.conf. The parsing logic considers a registry to be the substring before the first slash `/`. With these changes we now not only support wildcards but arbitrary input; ultimately it's up to the registries to decide whether they support given input or not. Fixes: bugzilla.redhat.com/show_bug.cgi?id=1846629 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #6675 from yhchen0906/masterOpenShift Merge Robot2020-06-20
|\ \ | | | | | | correct the absolute path of `rm` executable
| * | correct the absolute path of `rm` executableYuan-Hao Chen2020-06-19
| |/ | | | | | | Signed-off-by: Yuan-Hao Chen <yhchen0906@gmail.com>
* / Fixes #6670Jhon Honce2020-06-19
|/ | | | | | | * Sort images for -q option, removing duplicate id's * Sort images for --format json Signed-off-by: Jhon Honce <jhonce@redhat.com>
* CI: force registry:2.6Valentin Rothberg2020-06-19
| | | | | | | | | | | For using the `registry:2.6` image. 2.7 and beyond dropped the `htpasswd` binary from the rootfs which parts of our CI depends on. While this is not a sustainable solution (assuming `htpasswd` is gone for ever), it unblocks the CI for now. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* unflake rmi testsValentin Rothberg2020-06-18
| | | | | | | Make sure to always get the older images that previously committed one depends on. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #6654 from rhatdan/keepidOpenShift Merge Robot2020-06-17
|\ | | | | Don't ignore --user flag in rootless --userns keepid
| * Don't ignore --user flag in rootless --userns keepidDaniel J Walsh2020-06-17
| | | | | | | | | | | | | | | | Currently podman run --userns keep-id --user root:root fedora id The --user flag is ignored. Removing this makes the code work correctly. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Handle dropping capabilties correctly when running as non root userDaniel J Walsh2020-06-17
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #6560 from mheon/fix_exec_logdriverOpenShift Merge Robot2020-06-17
|\ \ | |/ |/| Do not share container log driver for exec
| * Do not share container log driver for execMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the container uses journald logging, we don't want to automatically use the same driver for its exec sessions. If we do we will pollute the journal (particularly in the case of healthchecks) with large amounts of undesired logs. Instead, force exec sessions logs to file for now; we can add a log-driver flag later (we'll probably want to add a `podman logs` command that reads exec session logs at the same time). As part of this, add support for the new 'none' logs driver in Conmon. It will be the default log driver for exec sessions, and can be optionally selected for containers. Great thanks to Joe Gooch (mrwizard@dok.org) for adding support to Conmon for a null log driver, and wiring it in here. Fixes #6555 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #6522 from mheon/unless-stoppedOpenShift Merge Robot2020-06-17
|\ \ | | | | | | Add support for the unless-stopped restart policy
| * | Add support for the unless-stopped restart policyMatthew Heon2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We initially believed that implementing this required support for restarting containers after reboot, but this is not the case. The unless-stopped restart policy acts identically to the always restart policy except in cases related to reboot (which we do not support yet), but it does not require that support for us to implement it. Changes themselves are quite simple, we need a new restart policy constant, we need to remove existing checks that block creation of containers when unless-stopped was used, and we need to update the manpages. Fixes #6508 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Revert #6591 to fix issue with failed testsjgallucci322020-06-17
|/ / | | | | | | Signed-off-by: jgallucci32 <john.gallucci.iv@gmail.com>
* | Merge pull request #6640 from edsantiago/fix_flaky_logs_testOpenShift Merge Robot2020-06-17
|\ \ | | | | | | "streaming output" logs test: fix flake
| * | "streaming output" logs test: fix flakeEd Santiago2020-06-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test has been flaking excessively. A quick look shows that the test itself is broken, making a bad assumption. 'podman logs -f' is guaranteed to exit when a container terminates. This does not (and should not) mean that the container has been cleaned up. It is undefined and unsafe to run 'podman run -n same-name-as-terminated-container' immediately after 'podman logs' exits. Solution: instead of 'podman run', do 'podman inspect'. This, too, is unsafe, but we can expect to see one of two possible conditions: 1) command succeeds, in which case we require that container State.Status be "exited"; or 2) command fails, in which case we expect "no such container" in error output For full coverage we should add a small delay-check test to (1) to ensure that the container is cleaned up after a short amount of time. Leaving that as a TODO because it's more than my Go skills can handle, and I want to get this checked in ASAP to get rid of the flake hassle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #6583 from mheon/inspect_ctr_before_imgOpenShift Merge Robot2020-06-17
|\ \ \ | |_|/ |/| | Fix podman inspect on overlapping/missing objects
| * | Fix podman inspect on overlapping/missing objectsMatthew Heon2020-06-16
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This started as a small fix to `podman inspect` where a container and image, with the same name/tag, were present, and `podman inspect` was run on that name. `podman inspect` in 1.9 (and `docker inspect`) will give you the container; in v2.0, we gave the image. This was an easy fix (just reorder how we check for image/container). Unfortunately, in the process of testing this fix, I determined that we regressed in a different area. When you run inspect on a number of containers, some of which do not exist, `podman inspect` should return an array of inspect results for the objects that exist, then print a number of errors, one for each object that could not be found. We were bailing after the first error, and not printing output for the containers that succeeded. (For reference, this applied to images as well). This required a much more substantial set of changes to properly handle - signatures for the inspect functions in ContainerEngine and ImageEngine, plus the implementations of these interfaces, plus the actual inspect frontend code needed to be adjusted to use this. Fixes #6556 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* / Fix --init and --init-pathJoseph Gooch2020-06-16
|/ | | | | | | Init properly passed into specgen Allow --init with --systemd=true but not --systemd=always. Signed-off-by: Joseph Gooch <mrwizard@dok.org>
* Merge pull request #6591 from jgallucci32/patch-1OpenShift Merge Robot2020-06-15
|\ | | | | Merged request to fix -f to stop following logs
| * Fix -f logs follow with stopped containerQi Wang2020-06-11
| | | | | | | | | | | | Fix -f logs follow with stopped container. Close #6531 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #6601 from zhangguanzhang/podman-cp-dirOpenShift Merge Robot2020-06-15
|\ \ | | | | | | fix podman cp can create an extra directory when the source is the container's root directory
| * | fix podman cp can create an extra directory levelzhangguanzhang2020-06-15
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | pod create --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a `--replace` flag to the `pod create` command. If another pod with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a pod may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Note that the `--replace` flag does not require the `--name` flag to be set, so it can be set unconditionally in `podman generate systemd`. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | {create,run} --replaceValentin Rothberg2020-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a `--replace` flag to the `container {create,run}` commands. If another container with the same name already exists, it will be replaced and removed. Adding this flag is motivated by #5485 to make running Podman in systemd units (or any other scripts/automation) more robust. In case of a crash, a container may not be removed by a sytemd unit anymore. The `--replace` flag allows for supporting crashes. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Do not default WorkingDir to / on client sideDaniel J Walsh2020-06-12
| |/ |/| | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>