summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* pkg: switch to golang native error wrappingSascha Grunert2022-07-08
| | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* port forward range test: fix many oopsesEd Santiago2022-07-07
| | | | | | | | | | | | Wrong variable. And, wrong index range. And, wrong bash syntax for extracting end_port. And, add explicit check for valid range, because die() inside 'foo=$(...)' will not actually die. And, refactor some confusing code. And, reformat/clean up a confusing and too-wide comment. Fixes: #14854 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Sync: handle exit fileValentin Rothberg2022-07-05
| | | | | | | | | | | Make sure `Sync()` handles state transitions and exit codes correctly. The function was only being called when batching which could render containers in an unusable state when running concurrently with other state-altering functions/commands since the state must be re-read from the database before acting upon it. Fixes: #14761 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14807 from eriksjolund/fix_read_only_spellingopenshift-ci[bot]2022-07-04
|\ | | | | [CI:DOCS] Fix spelling "read only" -> "read-only"
| * Fix spelling "read only" -> "read-only"Erik Sjölund2022-07-02
| | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | podman pod create --memoryCharlie Doern2022-07-01
|/ | | | | | | | using the new resource backend, implement podman pod create --memory which enables users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all children unless overriden Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Merge pull request #14795 from giuseppe/fix-wildcard-major-device-cgroupopenshift-ci[bot]2022-07-01
|\ | | | | specgen: fix parsing of cgroup devices rule
| * specgen: fix parsing of cgroup devices ruleGiuseppe Scrivano2022-07-01
| | | | | | | | | | | | | | | | | | Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-play-kube template: rename to podman-kubeValentin Rothberg2022-06-30
|/ | | | | | | | With the upcoming plans of introducing a podman-kube command with various subcommands, rename the podman-play-kube systemd template to podman-kube before releasing it. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14720 from sstosh/rm-optionopenshift-ci[bot]2022-06-29
|\ | | | | Fix: Prevent OCI runtime directory remain
| * Fix: Prevent OCI runtime directory remainToshiki Sonoda2022-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug was introduced in https://github.com/containers/podman/pull/8906. When we use 'podman rm/restart/stop/kill etc...' command to the container running with --rm, the OCI runtime directory remains at /run/<runtime name> (root user) or /run/user/<user id>/<runtime name> (rootless user). This bug could cause other bugs. For example, when we checkpoint the container running with --rm (podman checkpoint --export) and restore it (podman restore --import) with crun, error message "Error: OCI runtime error: crun: container `<container id>` already exists" is outputted. This error is caused by an attempt to restore the container with the same container ID as the remaining OCI runtime's container ID. Therefore, I fix that the cleanupRuntime() function runs to remove the OCI runtime directory, even if the container has already been removed by --rm option. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | podman image scp remote support & podman image scp taggingcdoern2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #14741 from giuseppe/pod-ps-no-raceopenshift-ci[bot]2022-06-28
|\ \ | | | | | | pod: ps does not race with rm
| * | pod: ps does not race with rmGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the "pod ps" command first retrieves the list of all pods, then iterates over the list to inspect each pod. This introduce a race since a pod could be deleted in the meanwhile by another process. Solve it by ignoring the define.ErrNoSuchPod error. Closes: https://github.com/containers/podman/issues/14736 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Use Regexp in volume ls --filter nameBoaz Shuster2022-06-27
|/ / | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Merge pull request #14654 from cdoern/cgroupopenshift-ci[bot]2022-06-27
|\ \ | | | | | | podman cgroup enhancement
| * | podman cgroup enhancementcdoern2022-06-24
| |/ | | | | | | | | | | | | | | | | | | | | currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Fix "podman run port forward range" flakePaul Holzinger2022-06-27
| | | | | | | | | | | | | | | | | | | | The test must ensure that all ports in the range are free not just the first. This flakes often because port 5355 is always in use by systemd-resolved on fedora. Fixes #14716 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | conmon: silence json-file errorValentin Rothberg2022-06-23
|/ | | | | | | We should just silently fall through. The log was flooding the system-service logs when running Gitlab runner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #14619 from Luap99/helpopenshift-ci[bot]2022-06-16
|\ | | | | fix "podman -h" help output
| * fix "podman -h" help outputPaul Holzinger2022-06-16
| | | | | | | | | | | | | | | | | | | | | | `podman -h` currently returns an error: `Error: pflag: help requested` This bug was introduced in 44d037898ebc, the problem is that we wrap the error and cobra lib checks with `==` for this one and not errors.Is(). I have a PR upstream to fix this but for now this also works. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14600 from edsantiago/arghopenshift-ci[bot]2022-06-16
|\ \ | | | | | | system tests: avoid rmi -a ... plus cleanup
| * | system tests: avoid rmi -a ... plus cleanupEd Santiago2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed 'rmi -a' in a test. I tried to fix it. Hilarity ensued. 'rmi -a' is evil: it forces a fresh pull of our test image, which in turn almost guarantees a flake some day. We avoid it, but once in a while it slips in. While fixing it, I noticed a bevy of other problems that needed cleanup. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14613 from kolyshkin/fix-410-selinuxopenshift-ci[bot]2022-06-16
|\ \ \ | |_|/ |/| | test/system/410-selinux: fix for newer runc
| * | test/system/410-selinux: fix for newer runcKir Kolyshkin2022-06-15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With runc 1.1, we have the following failure: # #| FAIL: podman emits useful diagnostic on failure # #| expected: 'Error.*: OCI runtime error: .*: failed to set /proc/self/attr/keycreate on procfs' (using expr) # #| actual: 'Error: OCI runtime error: runc: runc create failed: unable to start container process: error during container init: write /proc/self/attr/keycreate: invalid argument' which is caused by the fact that runc 1.1 uses newer opencontainers/selinux package, which changes custom errors to standard os.PathError instances (so that they can be unwrapped if needed). Fix the test case accordingly. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* / system test image: bump to 20220615Ed Santiago2022-06-15
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: - use --timestamp option to produce 'created' stamps that can be reliably tested in the image-history test - podman now supports manifest & multiarch run, so we no longer need buildah - bump up base alpine & busybox images This turned out to be WAY more complicated than it should've been, because: - alpine 3.14 fixed 'date -Iseconds' to include a colon in the TZ offset ("-07:00", was "-0700"). This is now consistent with GNU date's --iso-8601 format, yay, so we can eliminate a minor workaround. - with --timestamp, all ADDed files are set to that timestamp, including the custom-reference-timestamp file that many tests rely on. So we need to split the build into two steps. But: - ...with a two-step build I need to use --squash-all, not --squash, but: - ... (deep sigh) --squash-all doesn't work with --timestamp (#14536) so we need to alter existing tests to deal with new image layers. - And, long and sordid story relating to --rootfs. TL;DR that option only worked by a miracle relating to something special in one specific test image; it doesn't work with any other images. Fix seems to be complicated, so we're bypassing with a FIXME (#14505). And, unrelated: - remove obsolete skip and workaround in run-basic test (dating back to varlink days) - add a pause-image cleanup to avoid icky red warnings in logs Fixes: #14456 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14596 from ↵openshift-ci[bot]2022-06-15
|\ | | | | | | | | giuseppe/move-conmon-different-cgroup-system-service libpod: improve check to create conmon cgroup
| * libpod: improve check to create conmon cgroupGiuseppe Scrivano2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so that conmon is not moved to a new cgroup when podman is running inside of a systemd service. This is helpful to integrate podman in systemd so that the spawned conmon lives in the same cgroup as the service that created it. Unfortunately this breaks when podman daemon is running in a systemd service since the same check is in place thus all the conmon processes end up in the same cgroup as the podman daemon. When the podman daemon systemd service stops the conmon processes are also terminated as well as the containers they monitor. Improve the check to exclude podman running as a daemon. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
| | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14539 from Luap99/completion5OpenShift Merge Robot2022-06-09
|\ \ | | | | | | shell completion: fix problems with container path completion
| * | shell completion: fix problems with container path completionPaul Holzinger2022-06-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you try to complete a path which exists and it is a file the completion logic did not check the parent dir for other matching file names. To fix that we have to check if the current completion is not a dir and use the parent dir in this case. See the updated test for an example why this is required. Also make sure directories are correctly completed, the shell always adds the "/" as suffix to signal the user that this path is a directory. In this case we do not want to automatically add a space. When the path is a regular file we want the space after the suggestion since there is nothing more to complete. This better matches the normal default shell completion. The test were changed to not assume any particular ordering since this is irrelevant for the shell completion script and there is no guarantee about the ordering. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14542 from hshiina/restore-filelockOpenShift Merge Robot2022-06-09
|\ \ | |/ |/| Pass '--file-locks' to OCI runtime at restoring
| * Pass '--file-locks' to OCI runtime at restoringHironori Shiina2022-06-09
| | | | | | | | | | | | | | | | `podman container restore --file-locks` does not restore file locks because this option is not passed to OCI runtime. This patch fixes this issue. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | --userns=keep-id,nomap are not allowed in rootful modeDaniel J Walsh2022-06-08
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod: store network status when userns is usedPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes #14465 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #14460 from cipherboy/align-docker-podman-load-outputOpenShift Merge Robot2022-06-02
|\ | | | | Align docker load and podman load output
| * Update test output expectationAlexander Scheel2022-06-02
| | | | | | | | Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* | Merge pull request #14457 from Luap99/completion4OpenShift Merge Robot2022-06-02
|\ \ | | | | | | shell completion for paths inside the image/container
| * | shell completion for paths inside the image/containerPaul Holzinger2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shell completion for paths inside the container or image. Currently podman run IMAGE [TAB] only uses the default shell completion which suggests paths on the host. This is fine for some cases but often the user wants a path which only exists in the image/container. This commits adds support for that. Both podman create/run can now complete the paths from the image, podman cp ctr:... now completes paths from the actual container. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ \ \ | |/ / |/| | Support setting image_volume_mode in containers.conf
| * | Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14344 from cdoern/podCreateOpenShift Merge Robot2022-06-02
|\ \ \ | | | | | | | | podman pod create --uidmap patch
| * | | podman pod create --uidmap patchcdoern2022-06-01
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | Podman no-new-privileges formatNiall Crowe2022-05-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | Merge pull request #14358 from vrothberg/todo-part-2OpenShift Merge Robot2022-05-25
|\ \ | | | | | | Todo part 2
| * | test/system/250-systemd.bats: clean up outdated TODOValentin Rothberg2022-05-25
| | | | | | | | | | | | | | | | | | | | | `podman auto-update` is now properly exercised in the system tests, so we can safely remove the outdated TODO. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14333 from rhatdan/podOpenShift Merge Robot2022-05-25
|\ \ \ | |/ / |/| | Allow podman pod create --share +pid
| * | Allow podman pod create --share +pidDaniel J Walsh2022-05-24
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13422 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14334 from rhatdan/pod1OpenShift Merge Robot2022-05-24
|\ \ \ | | | | | | | | Allow podman pod create to accept name argument