summaryrefslogtreecommitdiff
path: root/test/e2e
Commit message (Collapse)AuthorAge
* test for buildah version in container images.Daniel J Walsh2020-11-13
| | | | | | | | | | Check to see if we are recording the version of buildah used to build the image as a label in the image. Also we should make sure the filter "since" works. We are only testing "after", which we don't document. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix issues found with codespellDaniel J Walsh2020-11-12
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8307 from mheon/fix_8221OpenShift Merge Robot2020-11-12
|\ | | | | Ensure we do not double-lock the same volume in create
| * Ensure we do not double-lock the same volume in createMatthew Heon2020-11-11
| | | | | | | | | | | | | | | | | | | | | | | | | | When making containers, we want to lock all named volumes we are adding the container to, to ensure they aren't removed from under us while we are working. Unfortunately, this code did not account for a container having the same volume mounted in multiple places so it could deadlock. Add a map to ensure that we don't lock the same name more than once to resolve this. Fixes #8221 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8272 from rhatdan/logsOpenShift Merge Robot2020-11-12
|\ \ | | | | | | Test podman-remote logs works the same as podman logs
| * | Add tests to make sure podman-remote logs works correctly.Daniel J Walsh2020-11-10
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/7942 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8252 from baude/playkubetospecgenOpenShift Merge Robot2020-11-10
|\ \ \ | |/ / |/| | migrate play kube to spec gen
| * | migrate play kube to spec genbaude2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | we need to migrate play kube away from using the old container creation method. the new approach is specgen and this aligns play kube with container creation in the rest of podman. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8251 from baude/networkaliasesOpenShift Merge Robot2020-11-10
|\ \ \ | | | | | | | | network aliases for container creation
| * | | network aliases for container creationbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman can now support adding network aliases when running containers (--network-alias). It requires an updated dnsname plugin as well as an updated ocicni to work properly. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ \ \ \ | |_|/ / |/| | | enable ipv6 networks
| * | | skip ipv6 e2e tests on rootlessAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The IPv6 e2e tests on the CI for rootles mode fails because it needs the ip6tables modules loaded. Example error: stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n" Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * | | add e2e test for network with same subnetAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add e2e test that checks that is not possible to create different networks with the same subnet, in IPv6 neither in IPv4 Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * | | enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | | Merge pull request #8270 from andylibrian/log-driver-option-for-play-kubeOpenShift Merge Robot2020-11-10
|\ \ \ | | | | | | | | Add --log-driver to play kube
| * | | Add --log-driver to play kubeAndy Librian2020-11-08
| | |/ | |/| | | | | | | | | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | make network name uniq for dnsname testsbaude2020-11-09
| |/ |/| | | | | | | | | | | | | ed identified that the dnsname integration test does not use a unique name and therefore cannot be cleaned up. this was made worse by a improper defer statement to remove the network should the test fail. Signed-off-by: baude <bbaude@redhat.com>
* | Add support for podman search --format jsonPaul Holzinger2020-11-09
|/ | | | | | Fixes #8274 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8238 from joelsmith/masterOpenShift Merge Robot2020-11-05
|\ | | | | Use regex for "pod ps" name filter to match "ps" behavior
| * Use regex for "pod ps" name filter to match "ps" behaviorJoel Smith2020-11-03
| | | | | | | | Signed-off-by: Joel Smith <joelsmith@redhat.com>
* | Use ping from alpineChris Evich2020-11-04
| | | | | | | | | | | | | | | | | | | | | | As of this commit, in Fedora 33, without without `CAP_NET_ADMIN` and `CAP_NET_RAW`, require setting `net.ipv3.ping_group_range` in order for the `ping` command to work inside a container. However, not all images `ping` are created equal. For whatever reason, the busybox version in the busybox container image, does not function. Switch to the Alpine image's busybox ping, which seems to work fine. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #8225 from ↵OpenShift Merge Robot2020-11-04
|\ \ | |/ |/| | | | | debarshiray/wip/rishi/exec_test-use-containsubstring Improve error messages from failing tests
| * Improve error messages from failing testsDebarshi Ray2020-11-03
| | | | | | | | | | | | | | | | | | | | Using a function like ContainSubstring or Equal is better because if the test fails it will log a descriptive error that includes the actual string generated during the test. This is more helpful than a function like BeTrue that will only indicate that an assertion failed without giving further details of the failure. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | Merge pull request #8232 from ashley-cui/volfiltOpenShift Merge Robot2020-11-03
|\ \ | |/ |/| Make volume filters inclusive
| * Make volume filters inclusiveAshley Cui2020-11-03
| | | | | | | | | | | | | | | | When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters. This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint Closes #6765 Signed-off-by: Ashley Cui <acui@redhat.com>
* | Merge pull request #8231 from baude/fedorarootlesscpulimitOpenShift Merge Robot2020-11-03
|\ \ | | | | | | fedora rootless cpu settings
| * | fedora rootless cpu settingsbaude2020-11-03
| | | | | | | | | | | | | | | | | | | | | fedora does not have the the ability in rootless to set cpu limits. this requires a simple fix for fedora 33 to pass ci tests. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8226 from ↵OpenShift Merge Robot2020-11-03
|\ \ \ | |/ / |/| | | | | | | | debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME Test $HOME when it's parent is bind mounted with --userns=keep-id
| * | Test $HOME when it's parent is bind mounted with --userns=keep-idDebarshi Ray2020-11-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When --userns=keep-id is used, Podman is supposed to set up the home directory of the user inside the container to match that on the host as long as the home directory or any of its parents are marked as volumes to be bind mounted into the container. Currently, the test only considers the case where the home directory itself is bind mounted into the container. It doesn't cover the Podman code that walks through all the bind mounts looking for ancestors in case the home directory itself wasn't specified as a bind mount. Therefore, this improves the existing test added in commit 6ca8067956128585 ("Setup HOME environment when using --userns=keep-id") Note that this test can't be run as root. The home directory of the root user is /root, and it's parent is /. Bind mounting the entire / from the host into the container prevents it from starting: Error: openat2 ``: No such file or directory: OCI not found Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
|/ | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ | | | | Fix dnsname when joining a different network namespace in a pod
| * Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| | | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8201 from QiWang19/search-limitOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Remove search limit since pagination support
| * | Remove search limit since pagination supportQi Wang2020-10-30
| |/ | | | | | | | | | | Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries. Signed-off-by: Qi Wang <qiwan@redhat.com>
* / Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
|/ | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ | | | | Move from docker.io
| * move from docker.ioEd Santiago2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8081 from mheon/pod_degradedOpenShift Merge Robot2020-10-28
|\ \ | |/ |/| Add a Degraded state to pods
| * Add a Degraded state to podsMatthew Heon2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Make a distinction between pods that are completely running (all containers running) and those that have some containers going, but not all, by introducing an intermediate state between Stopped and Running called Degraded. A Degraded pod has at least one, but not all, containers running; a Running pod has all containers running. First step to a solution for #7213. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #8102 from ashley-cui/inspectOpenShift Merge Robot2020-10-27
|\ \ | | | | | | Add pod, volume, network to inspect package
| * | Add pod, volume, network to inspect packageAshley Cui2020-10-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect only had the capabilities to inspect containers and images. if a user wanted to inspect a pod, volume, or network, they would have to use `podman network inspect`, `podman pod inspect` etc. Docker's cli allowed users to inspect both volumes and networks using regular inspect, so this commit gives the user the functionality If the inspect type is not specified using --type, the order of inspection is: containers images volumes networks pods meaning if container that has the same name as an image, podman inspect would return the container inspect. To avoid duplicate code, podman network inspect and podman volume inspect now use the inspect package as well. Podman pod inspect does not because podman pod inspect returns a single json object while podman inspect can return multiple) Signed-off-by: Ashley Cui <acui@redhat.com>
* | | build(deps): bump github.com/containers/common from 0.26.0 to 0.26.3Daniel J Walsh2020-10-27
|/ / | | | | | | | | | | | | | | | | Bumps [github.com/containers/common](https://github.com/containers/common) from 0.26.0 to 0.26.3. - [Release notes](https://github.com/containers/common/releases) - [Commits](containers/common@v0.26.0...v0.26.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | fix: podman-cp respects "--extract" flagMatej Vasek2020-10-25
| | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | Merge pull request #8053 from rhatdan/detachkeysOpenShift Merge Robot2020-10-22
|\ \ | | | | | | podman create doesn't support creating detached containers
| * | podman create doesn't support creating detached containersDaniel J Walsh2020-10-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Detached containers and detach keys are only created with the podman run, i exec, and start commands. We do not store the detach key sequence or the detach flags in the database, nor does Docker. The current code was ignoreing these fields but documenting that they can be used. Fix podman create man page and --help output to no longer indicate that --detach and --detach-keys works. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8110 from lsm5/cap-net-rawOpenShift Merge Robot2020-10-22
|\ \ \ | | | | | | | | replace net_raw with setuid