summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* sdnotify tests: try real hard to kill socat processesEd Santiago2021-03-11
| | | | | | | | | | | | | | | | | | | | | | | podman gating tests are hanging in the new Fedora CI setup; long and tedious investigation suggests that 'socat' processes are being left unkilled, which then causes BATS to hang when it (presumably) runs a final 'wait' in its end cleanup. The two principal changes are to exec socat in a subshell with fd3 closed, and to pkill its child processes before killing the process itself. I don't know if both are needed. The pkill definitely is; the exec may just be superstition. Since I've wasted more than a day of PTO time on this, I'm okay with a little superstition. What I do know is that with these two changes, my reproducer fails to reproduce in over one hour of trying (normally it fails within 5 minutes). AND, update: only rawhide (f35) leaves stray socat processes behind. f33 and ubuntu do not, so 'pkill -P' fails. I really have no idea what's going on. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Removing a non existing container API should return 404Daniel J Walsh2021-03-10
| | | | | | | | | | | | | | | | | | Currently we were overwrapping error returned from removal of a non existing container. $ podman rm bogus -f Error: failed to evict container: "": failed to find container "bogus" in state: no container with name or ID bogus found: no such container Removal of wraps gets us to. ./bin/podman rm bogus -f Error: no container with name or ID "bogus" found: no such container Finally also added quotes around container name to help make it standout when you get an error, currently it gets lost in the error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9677 from vrothberg/fix-9672OpenShift Merge Robot2021-03-09
|\ | | | | podman load: fix error handling
| * podman load: fix error handlingValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | Make sure to properly return loading errors and to set the exit code accordingly. Fixes: #9672 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman cp: evaluate symlink correctly when copying from containerValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | When copying from a container, make sure to evaluate the symlinks correctly. Add tests copying a symlinked directory from a running and a non-running container to execute both path-resolution paths. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman cp: fix copying to a non-existent dirValentin Rothberg2021-03-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Copy is full of perils. Some of them are the nuances when copying directories. Who would have thought that * cp dir foo * cp dir/ foo * cp dir/. foo are all supposed to yield the same result when foo does not exist. `podman cp` now supports all three notations, which required to massage the front-end code in `cmd/podman` a bit. The tests have been extended and partially rewritten to test container->host and host->container copy operations. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | podman cp: fix ownershipValentin Rothberg2021-03-09
|/ | | | | | | | Make sure the files are chowned to the host/container user, depending on where things are being copied to. Fixes: #9626 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* build-argDaniel J Walsh2021-03-07
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Handle podman build --dns-searchDaniel J Walsh2021-03-07
| | | | | | Fixes: https://github.com/containers/podman/issues/9574 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add support for podman build --ignorefileDaniel J Walsh2021-03-07
| | | | | | Fixes: https://github.com/containers/podman/issues/9570 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9599 from rhatdan/selinuxOpenShift Merge Robot2021-03-05
|\ | | | | Add tests for selinux kvm/init labels
| * Add tests for selinux kvm/init labelsDaniel J Walsh2021-03-04
| | | | | | | | | | | | spc_t tests should be able to run rootless as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9593 from vrothberg/cp-tmpOpenShift Merge Robot2021-03-05
|\ \ | |/ |/| podman cp: support copying on tmpfs mounts
| * podman cp: support copying on tmpfs mountsValentin Rothberg2021-03-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Traditionally, the path resolution for containers has been resolved on the *host*; relative to the container's mount point or relative to specified bind mounts or volumes. While this works nicely for non-running containers, it poses a problem for running ones. In that case, certain kinds of mounts (e.g., tmpfs) will not resolve correctly. A tmpfs is held in memory and hence cannot be resolved relatively to the container's mount point. A copy operation will succeed but the data will not show up inside the container. To support these kinds of mounts, we need to join the *running* container's mount namespace (and PID namespace) when copying. Note that this change implies moving the copy and stat logic into `libpod` since we need to keep the container locked to avoid race conditions. The immediate benefit is that all logic is now inside `libpod`; the code isn't scattered anymore. Further note that Docker does not support copying to tmpfs mounts. Tests have been extended to cover *both* path resolutions for running and created containers. New tests have been added to exercise the tmpfs-mount case. For the record: Some tests could be improved by using `start -a` instead of a start-exec sequence. Unfortunately, `start -a` is flaky in the CI which forced me to use the more expensive start-exec option. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Check for supportsKVM based on basename of the runtimeDaniel J Walsh2021-03-03
|/ | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9582 This PR also adds tests to make sure SELinux labels match the runtime, or if init is specified works with the correct label. Add tests for selinux kvm/init labels Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #8749 from edsantiago/upgrade_testOpenShift Merge Robot2021-02-26
|\ | | | | podman upgrade tests
| * podman upgrade testsEd Santiago2021-02-23
| | | | | | | | | | | | | | | | Initial validation of using podman-in-podman to create an old-podman root, then use new-podman to play with the containers created therein. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | system test image: build it multiarchEd Santiago2021-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | buildah now supports running under emulation[1] as well as creating manifests. Use those features to create a multiarch testimage that can be used to test podman on other arches. [1] on Fedora 33, this requires the qemu-user-static package We also build a new :00000001 image, replacing :00000000, because (sigh) some tests try to run 'true' in the container. Include instructions on building said image. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | container removal: handle already removed containersValentin Rothberg2021-02-23
| | | | | | | | | | | | | | | | | | | | | | | | Since commit d54478d8eaec, a container's lock is released before attempting to stop it via the OCI runtime. This opened the window for various kinds of race conditions. One of them led to #9479 where the removal+cleanup sequences of a `run --rm` session overlapped with `rm -af`. Make both execution paths more robust by handling the case of an already removed container. Fixes: #9479 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9469 from vrothberg/cp-stdoutOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| podman cp: /dev/std{in,out} fixes
| * podman cp: test /dev/stdin correctlyValentin Rothberg2021-02-22
| | | | | | | | | | | | | | /dev/stdin should not be treated as "-" to remain compatible with Docker and to have a more consistent and idiomatic interface. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
| * podman cp: treat /dev/stdout correctlyValentin Rothberg2021-02-22
| | | | | | | | | | | | | | | | /dev/stdout should not be treated as "-" to remain compatible with Docker and to have a more consistent and idiomatic interface. Fixes: #9362 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9420 from rhatdan/kubeOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| [NO TESTS NEEDED] Allow podman play kube to read yaml file from stdin
| * Allow podman play kube to read yaml file from stdinDaniel J Walsh2021-02-19
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/8996 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9275 from rhatdan/buildOpenShift Merge Robot2021-02-22
|\ \ | |/ |/| Add missing params for podman-remote build
| * Add missing params for podman-remote buildDaniel J Walsh2021-02-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9290 Currently we still have hard coded --isolation=chroot for podman-remote build. Implement missing arguments for podman build Implements --jobs, --disable-compression, --excludes Fixes: MaxPullPushRetries RetryDuration Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | cp: treat "." and "/." correctlyValentin Rothberg2021-02-18
| | | | | | | | | | | | | | | | | | | | | | | | Make sure to treat "." and "/." correctly. Both cases imply to copy the contents of a directory in contrast to the directory. This implies to unset the KeepDirectoryNames options of the copiah package. Previously, the code was performing a simple string suffix check which is not enough since it would match files and directories ending with ".". Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9399 from vrothberg/home-sweet-homeOpenShift Merge Robot2021-02-16
|\ \ | | | | | | do not set empty $HOME
| * | do not set empty $HOMEValentin Rothberg2021-02-16
| |/ | | | | | | | | | | | | | | | | | | | | Make sure to not set an empty $HOME for containers and let it default to "/". https://github.com/containers/crun/pull/599 is required to fully address #9378. Partially-Fixes: #9378 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman build: pass runtime to buildahValentin Rothberg2021-02-16
|/ | | | | | | | | | Make sure that Podman's default OCI runtime is passed to Buildah in `podman build`. In theory, Podman and Buildah should use the same defaults but the projects move at different speeds and it turns out we caused a regression in v3.0. Fixes: #9365 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Add shell completion tests for secretsPaul Holzinger2021-02-10
| | | | | | | | Add the SECRET keyword to the shell completion test. Also update the use line for podman secret create to use `NAME` instead of `SECRET`. This matches the other commands such as network/volume create. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* fix logic when not creating a workdirValentin Rothberg2021-02-05
| | | | | | | | | | | When resolving the workdir of a container, we may need to create unless the user set it explicitly on the command line. Otherwise, we just do a presence check. Unfortunately, there was a missing return that lead us to fall through into attempting to create and chown the workdir. That caused a regression when running on a read-only root fs. Fixes: #9230 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9208 from edsantiago/batsOpenShift Merge Robot2021-02-03
|\ | | | | System test for #9096 (truncated stdout)
| * System test for #9096 (truncated stdout)Ed Santiago2021-02-02
| | | | | | | | | | | | | | | | | | | | | | This actually tests conmon, not podman; but that's the whole point of system tests in the first place: if a problem exists, we want to fail loudly, no matter whose fault it is. (I can't get this to fail on my f33 laptop; OP on #9096 claims it only fails on Ubuntu. We'll see what happens in CI). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Gating tests: diff test: workaround for RHEL8 failureEd Santiago2021-02-02
|/ | | | | | | | | | | | | | | | | | | | | RHEL8 rootless gating tests are inconsistently failing with: $ podman diff --format json -l # {"changed":["/etc"],"added":["/sys/fs","/sys/fs/cgroup","/pMOm1Q0fnN"],"deleted":["/etc/services"]} # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv # #| FAIL: added # #| expected: '/pMOm1Q0fnN' # #| actual: '/sys/fs' # #| > '/sys/fs/cgroup' # #| > '/pMOm1Q0fnN' # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Reason: PR #8561, I think (something to do with /sys on RHEL). Workaround: ignore '/sys/fs' in diffs. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9116 from iwita/ls-volumes-before-pruningOpenShift Merge Robot2021-02-02
|\ | | | | List volumes before pruning
| * list volumes before pruningAchilleas Tzenetopoulos2021-01-31
| | | | | | | | Signed-off-by: Achilleas Tzenetopoulos <atzenetopoulos@gmail.com>
* | Merge pull request #9144 from vrothberg/fix-9134OpenShift Merge Robot2021-01-29
|\ \ | | | | | | Revert "podman build --pull: use correct policy"
| * | Revert "podman build --pull: use correct policy"Valentin Rothberg2021-01-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 15caebfe561952eaadd4896b7efb56f26724cce5. The previous behaviour of `--pull` to *always* attempt to pull the image and error out if the pull failed aligns with Docker. Since Podman aims at feature parity with Docker, the `--pull` behaviour must match. Fixes: #9134 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9115 from rhatdan/pullOpenShift Merge Robot2021-01-28
|\ \ \ | |/ / |/| | Switch podman image push handlers to use abi
| * | Switch podman image push handlers to use abiDaniel J Walsh2021-01-27
| |/ | | | | | | | | | | | | | | | | | | | | | | Change API Handlers to use the same functions that the local podman uses. At the same time: Cleanup and pass proper bindings. Remove cli options from podman-remote push. Cleanup manifest push. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9127 from vrothberg/fix-9111OpenShift Merge Robot2021-01-27
|\ \ | | | | | | podman build --pull: use correct policy
| * | podman build --pull: use correct policyValentin Rothberg2021-01-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `--pull` flag should be using the "pull if newer" pull policy rather than "pull always". This aligns with what the help message states, what Buildah does and, according to #9111, what was done before, Also add a test to prevent future regressions. Fixes: #9111 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9105 from vrothberg/fix-8281OpenShift Merge Robot2021-01-27
|\ \ \ | |/ / |/| | remote exec: write conmon error on hijacked connection
| * | remote exec: write conmon error on hijacked connectionValentin Rothberg2021-01-27
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to write error from conmon on the hijacked http connection. This fixes issues where errors were not reported on the client side, for instance, when specified command was not found on the container. To future generations: I am sorry. The code is complex, and there are many interdependencies among the concurrent goroutines. I added more complexity on top but I don't have a good idea of how to reduce complexity in the available time. Fixes: #8281 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / podman-remote ps --external --pod --sort do not work.Daniel J Walsh2021-01-27
|/ | | | | | | | | | Fixup the bindings and the handling of the --external --por and --sort flags. The --storage option was renamed --external, make sure we use external up and down the stack. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9054 from vrothberg/fix-9040OpenShift Merge Robot2021-01-26
|\ | | | | make sure the workdir exists on container mount
| * workdir presence checksValentin Rothberg2021-01-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A container's workdir can be specified via the CLI via `--workdir` and via an image config with the CLI having precedence. Since images have a tendency to specify workdirs without necessarily shipping the paths with the root FS, make sure that Podman creates the workdir. When specified via the CLI, do not create the path, but check for its existence and return a human-friendly error. NOTE: `crun` is performing a similar check that would yield exit code 127. With this change, however, Podman performs the check and yields exit code 126. Since this is specific to `crun`, I do not consider it to be a breaking change of Podman. Fixes: #9040 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Pass DefaultMountsFile to podman buildDaniel J Walsh2021-01-25
|/ | | | | | | The --default-mounts-file path was not being handled in podman build. This will enable it to use for testing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* System tests: cover gaps from the last monthEd Santiago2021-01-25
| | | | | | | | | | | | | | | | | | | - stop: test --all and --ignore (#9051) - build: test /run/secrets (#8679, but see below) - sensitive mount points: deal with 'stat' failures - selinux: confirm useful diagnostics on unknown labels (#8946) The 'build' test is intended as a fix for #8679, in which 'podman build' does not mount secrets from mounts.conf. Unfortunately, as of this writing, 'podman build' does not pass the --default-mounts-file option to buildah, so there's no reasonable way to test this path. Still, we can at least confirm /run/secrets on 'podman run'. The /sys thing is related to #8949: RHEL8, rootless, cgroups v1. It's just a workaround to get gating tests to pass on RHEL. Signed-off-by: Ed Santiago <santiago@redhat.com>