summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* Merge pull request #10157 from edsantiago/batsOpenShift Merge Robot2021-04-28
|\ | | | | System tests: fix two race conditions
| * System tests: fix two race conditionsEd Santiago2021-04-27
| | | | | | | | | | | | | | Basically, add 'podman wait' before 'podman rm'. See if this fixes gating tests run on ppc64le (possibly very very slow hosts) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | |/ |/| Add podman run --timeout option
| * Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Fix rootlesskit port forwarder with custom slirp cidrPaul Holzinger2021-04-23
|/ | | | | | | | | | | | | The source ip for the rootlesskit port forwarder was hardcoded to the standard slirp4netns ip. This is incorrect since users can change the subnet used by slirp4netns with `--network slirp4netns:cidr=10.5.0.0/24`. The container interface ip is always the .100 in the subnet. Only when the rootlesskit port forwarder child ip matches the container interface ip the port forwarding will work. Fixes #9828 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9495 from rhatdan/groupsOpenShift Merge Robot2021-04-22
|\ | | | | Add '--group-add keep-groups': supplementary groups into container
| * Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10102 from edsantiago/batsOpenShift Merge Robot2021-04-21
|\ \ | | | | | | corrupt-image test: fix an oops
| * | corrupt-image test: fix an oopsEd Santiago2021-04-21
| |/ | | | | | | | | | | | | Followup to #10033: actually implement the system reset test. And, just out of paranoia, extend the warning-message check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / Add --noheading flag to all list commandsDaniel J Walsh2021-04-21
|/ | | | | | | | | | Currently we have only podman images list --noheading. This PR Adds this option to volumes, containers, pods, networks, machines, and secrets. Fixes: https://github.com/containers/podman/issues/10065 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rmi: don't break when the image is missing a manifestNalin Dahyabhai2021-04-20
| | | | | | | | | | | | | | | | | | | | In libpod/image.Image.Remove(), if the attempt to find the image's parent fails for any reason, log a warning and proceed as though it didn't have one instead of failing, which would leave us unable to remove the image without resetting everything. In libpod/Runtime.RemoveImage(), if we can't determine if an image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. In pkg/domain/infra/abi.ImageEngine.Remove(), when attempting to remove all images, if we encounter an error checking if a given image has children, log a warning, and assume that it doesn't have any instead of failing, which would leave us unable to remove the image without resetting everything. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* Merge pull request #10046 from edsantiago/batsOpenShift Merge Robot2021-04-16
|\ | | | | system tests: build --pull-never: deal with flakes
| * system tests: build --pull-never: deal with flakesEd Santiago2021-04-15
| | | | | | | | | | | | | | | | This test continues to flake on podman-remote (especially Ubuntu) even after #10030 and #10034. I give up. Stop checking the error message in podman-remote tests. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10032 from nalind/trace-levelOpenShift Merge Robot2021-04-15
|\ \ | |/ |/| Recognize "trace" logging, and use it for lone errors at exit
| * Test that we don't error out on advertised --log-level valuesNalin Dahyabhai2021-04-14
| | | | | | | | Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #10028 from edsantiago/batsOpenShift Merge Robot2021-04-14
|\ \ | | | | | | System tests: fix racy podman-inspect
| * | System tests: fix racy podman-inspectEd Santiago2021-04-14
| |/ | | | | | | | | | | | | | | Add 'podman wait' between kill & inspect. Fixes: #9751 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #9945 from rhatdan/runlabelOpenShift Merge Robot2021-04-14
|\ \ | |/ |/| Fix handling of $NAME and $IMAGE in runlabel
| * Fix handling of $NAME and $IMAGE in runlabelDaniel J Walsh2021-04-12
| | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9405 Add system runlabel tests. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | System tests: setup: better cleanup of stray imagesEd Santiago2021-04-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix a corner case in basic_setup(), where we rmi stray images. If a test tags $IMAGE and fails to rmi by tag name, cleanup could rmi both tag name and IID, wiping out the desired image: podman tag $IMAGE foo ... cleanup: rmi foo $FOO_IID [this removes $IMAGE!] Solution: rmi by name, but only rmi by IID if != $IMAGE. TOTH to ypu for bringing this to my attention. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | cgroup: do not set cgroup parent when rootless and cgroupfsGiuseppe Scrivano2021-04-12
|/ | | | | | | | | do not set the cgroup parent when running as rootless with cgroupfs, even if cgroup v2 is used. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947999 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #9955 from edsantiago/batsOpenShift Merge Robot2021-04-07
|\ | | | | System tests: special case for RHEL: require runc
| * System tests: special case for RHEL: require runcEd Santiago2021-04-06
| | | | | | | | | | | | | | | | As discussed in watercooler 2021-04-06: make sure that RHEL8 and CentOS are using runc. Using crun is probably a packaging error that should be caught early. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | rootless cni add /usr/sbin to PATH if not presentPaul Holzinger2021-04-06
|/ | | | | | | | | The CNI plugins need access to iptables in $PATH. On debian /usr/sbin is not added to $PATH for rootless users. This will break rootless cni completely. To prevent breaking existing users add /usr/sbin to $PATH in podman if needed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #9940 from rhatdan/authOpenShift Merge Robot2021-04-05
|\ | | | | Verify existence of auth file if specified
| * Verify existence of auth file if specifiedDaniel J Walsh2021-04-05
| | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9572 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9911 from rhatdan/storageOpenShift Merge Robot2021-04-05
|\ \ | | | | | | Allow users to override default storage opts with --storage-opt
| * | Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9907 from rhatdan/optionsOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | Add support for podman --context default
| * | | Add support for podman --context defaultDaniel J Walsh2021-04-05
| |/ / | | | | | | | | | | | | | | | | | | | | | This is a noop but helps with scripting and docker-compose. Fixes: https://github.com/containers/podman/issues/9806 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / Don't relabel volumes if running in a privileged containerDaniel J Walsh2021-04-05
|/ / | | | | | | | | | | | | | | | | Docker does not relabel this content, and openstack is running containers in this manner. There is a penalty for doing this on each container, that is not worth taking on a disable SELinux container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9423 from Luap99/rootless-cni-no-infraOpenShift Merge Robot2021-04-05
|\ \ | |/ |/| rootless cni without infra container
| * rootless cni without infra containerPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of creating an extra container create a network and mount namespace inside the podman user namespace. This ns is used to for rootless cni operations. This helps to align the rootless and rootful network code path. If we run as rootless we just have to set up a extra net ns and initialize slirp4netns in it. The ocicni lib will be called in that net ns. This design allows allows easier maintenance, no extra container with pause processes, support for rootless cni with --uidmap and possibly more. The biggest problem is backwards compatibility. I don't think live migration can be possible. If the user reboots or restart all cni containers everything should work as expected again. The user is left with the rootless-cni-infa container and image but this can safely be removed. To make the existing cni configs work we need execute the cni plugins in a extra mount namespace. This ensures that we can safely mount over /run and /var which have to be writeable for the cni plugins without removing access to these files by the main podman process. One caveat is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns` accessible. `XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`. To ensure that we keep the netns directory we bind mount this relative to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns before we mount the run directory. The run directory is mounted recursive, this makes the netns directory at the same path accessible as before. This also allows iptables-legacy to work because /run/xtables.lock is now writeable. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9928 from pendulm/fix_rootless_socket_activationOpenShift Merge Robot2021-04-05
|\ \ | | | | | | Fix rootless socket activation
| * | Move socket activation check into init() and set global condition.pendulm2021-04-05
| |/ | | | | | | | | | | | | | | | | So rootless setup could use this condition in parent and child, child podman should adjust LISTEN_PID to its self PID. Add system test for systemd socket activation Signed-off-by: pendulm <lonependulm@gmail.com>
* / Fix missing podman-remote build optionsDaniel J Walsh2021-04-02
|/ | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9857 from edsantiago/batsOpenShift Merge Robot2021-03-29
|\ | | | | system tests: friendier messages for 2-arg is()
| * system tests: friendier messages for 2-arg is()Ed Santiago2021-03-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'is' check was intended to be called with three arguments, the last one being a nice helpful test name. There's a fallback for two-argument calls, but it was a horrible FIXME. New fallback: the most recently run podman command. We keep track of it in each run_podman() invocation. This is not ideal, because it's theoretically possible to invoke 'is' on something other than the output of run_podman, but this at least fixes the by-far-most-common case. [NO TESTS NEEDED] Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Fix podman build --pull-neverDaniel J Walsh2021-03-27
|/ | | | | | | | | | | Currently pull policy is set incorrectly when users set --pull-never. Also pull-policy is not being translated correctly when using podman-remote. Fixes: #9573 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Remove resize race conditionDaniel J Walsh2021-03-26
| | | | | | | | | | | | | | | | Since podman-remote resize requests can come in at random times, this generates a real potential for race conditions. We should only be attempting to resize TTY on running containers, but the containers can go from running to stopped at any time, and returning an error to the caller is just causing noice. This change will basically ignore requests to resize terminals if the container is not running and return the caller to success. All other callers will still return failure. Fixes: https://github.com/containers/podman/issues/9831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix swapped dimensions from terminal.GetSizeAnders F Björklund2021-03-26
| | | | Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
* system tests: new interactive testsEd Santiago2021-03-25
| | | | | | | | socat can create a dummy PTY that we can manipulate. This lets us run a variety of tests that we couldn't before, involving "run -it", and stty, and even "load" with no args. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Check if stdin is a term in --interactive --tty modeDaniel J Walsh2021-03-24
| | | | | | | | | | | | | | | | If you are attempting to run a container in interactive mode, and want a --tty, then there must be a terminal in use. Docker exits right away when a user specifies to use a --interactive and --TTY but the stdin is not a tty. Currently podman will pull the image and then fail much later. Podman will continue to run but will print an warning message. Discussion in : https://github.com/containers/podman/issues/8916 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9757 from jwhonce/wip/loadOpenShift Merge Robot2021-03-22
|\ | | | | Cleanup /libpod/images/load handler
| * Cleanup /libpod/images/load handlerJhon Honce2021-03-19
| | | | | | | | | | | | | | | | | | * Remove orphaned code * Add meaningful error from LoadImageFromSingleImageArchive() when heuristic fails to determine payload format * Correct swagger to output correct types and headers Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | System tests: reenable a bunch of skipped testsEd Santiago2021-03-20
|/ | | | | | | | Checking for 'skip.*[0-9]{4,5}', and checking status on said issues, finds several that have been closed. Let's see if they're really fixed. Signed-off-by: Ed Santiago <santiago@redhat.com>
* System test cleanupEd Santiago2021-03-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | - cp test: clean up stray image - build test: add workaround for #9567 (ultra-slow ubuntu). We're seeing CI flakes (timeouts) due to ubuntu 2004 being absurdly slow. Workaround: double our timeout on one specific test when ubuntu + remote. - build test: clean up new copy-from test (from #9275). The test was copy-pasted from buildah system tests, without really adapting for podman environment (e.g. it was using images that we don't use here, and would cause pulls, which will cause flakes). Rewrite test so it references only $IMAGE, remove some confusing/unnecessary stuff, selectively run parts of it even when rootless or remote, and add a test to confirm that copy-from succeeded. - load test: add error-message test to new load-invalid (#9672). Basically, make sure the command fails for the right reason. - play test (kube): use $IMAGE, not alpine; and add pause-image cleanup to teardown() - apiv2 mounts test: add a maintainability comment in a tricky section of code; and tighten up the mount point test. Signed-off-by: Ed Santiago <santiago@redhat.com>
* sdnotify tests: try real hard to kill socat processesEd Santiago2021-03-11
| | | | | | | | | | | | | | | | | | | | | | | podman gating tests are hanging in the new Fedora CI setup; long and tedious investigation suggests that 'socat' processes are being left unkilled, which then causes BATS to hang when it (presumably) runs a final 'wait' in its end cleanup. The two principal changes are to exec socat in a subshell with fd3 closed, and to pkill its child processes before killing the process itself. I don't know if both are needed. The pkill definitely is; the exec may just be superstition. Since I've wasted more than a day of PTO time on this, I'm okay with a little superstition. What I do know is that with these two changes, my reproducer fails to reproduce in over one hour of trying (normally it fails within 5 minutes). AND, update: only rawhide (f35) leaves stray socat processes behind. f33 and ubuntu do not, so 'pkill -P' fails. I really have no idea what's going on. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Removing a non existing container API should return 404Daniel J Walsh2021-03-10
| | | | | | | | | | | | | | | | | | Currently we were overwrapping error returned from removal of a non existing container. $ podman rm bogus -f Error: failed to evict container: "": failed to find container "bogus" in state: no container with name or ID bogus found: no such container Removal of wraps gets us to. ./bin/podman rm bogus -f Error: no container with name or ID "bogus" found: no such container Finally also added quotes around container name to help make it standout when you get an error, currently it gets lost in the error. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>