summaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* libpod: fix race when closing STDINPaul Holzinger2021-10-06
| | | | | | | | | | | | | | | | There is a race where `conn.Close()` was called before `conn.CloseWrite()`. In this case `CloseWrite` will fail and an useless error is printed. To fix this we move the the `CloseWrite()` call to the same goroutine to remove the race. This ensures that `CloseWrite()` is called before `Close()` and never afterwards. Also fixed podman-remote run where the STDIN was never was closed. This is causing flakes in CI testing. [NO TESTS NEEDED] Fixes #11856 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Add --time out for podman * rm -f commandsDaniel J Walsh2021-10-04
| | | | | | | | | Add --time flag to podman container rm Add --time flag to podman pod rm Add --time flag to podman volume rm Add --time flag to podman network rm Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Gating tests: fix permissions errorEd Santiago2021-10-01
| | | | | | | | ...in volume test. Looks like Bodhi gating tests run from a nonwritable directory. I feel really stupid for not realizing this when I first tried to fix this bug two weeks ago. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #11776 from edsantiago/bats_is_cleanupOpenShift Merge Robot2021-10-01
|\ | | | | System tests: tighten 'is' operator
| * System tests: tighten 'is' operatorEd Santiago2021-09-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix day-one sloppiness: when I first wrote this framework it compared strings using 'expr', not '=', to be more forgiving of extra cruft in output. This was a bad decision. It means that warnings or additional text are ignored: is "all is ok, NOT!" "all is ok" <-- this would pass Solution: tighten up the 'is' check. Use '=' (direct compare) first. If it fails, look for wild cards ('*') or character classes ('[') in the expect string. If so, and only then, use 'expr'. And, thanks to a clever suggestion from Luap99, include '(using expr)' in the error message when we do so; this could make it easier for a developer to understand a string mismatch. This change exposes a lot of instances in which we weren't doing proper comparisons. Fix those. Thankfully, there weren't as many as I'd feared. Also, and completely unrelated, add '-T' flag to bats helper, for showing timing results. (I will open this as a separate PR if requested. I too find it offensive to jumble together unrelated commits.) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | sdnotify test: accept MAINPID anywhereEd Santiago2021-09-30
|/ | | | | | | | | | systemd sometimes spits out lines in the wrong order. Deal with it. This fixes an infrequent flake that I haven't filed because I didn't understand it well enough. (Hence, this reduces BUGS but does not reduce BUG COUNT. Sorry!) Signed-off-by: Ed Santiago <santiago@redhat.com>
* test: use new helperGiuseppe Scrivano2021-09-30
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: skip test on rootless cgroupsv1Giuseppe Scrivano2021-09-30
| | | | | | | | | | | | | | | skip the test "podman selinux: shared context in (some) namespaces" on cgroupsv1 when running as rootless since the tests requires --pid=container:. If the container runtime cannot use cgroupsv1 and the container has no pid namespace. then it is not possible to correctly terminate the container. Without a cgroup or a pid namespace, the runtime has no control on what processes are in the container. Closes: https://github.com/containers/podman/issues/11785 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #11751 from Luap99/net-aliasOpenShift Merge Robot2021-09-28
|\ | | | | always add short container id as net alias
| * always add short container id as net aliasPaul Holzinger2021-09-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches what docker does. Also make sure the net aliases are also shown when the container is stopped. docker-compose uses this special alias entry to check if it is already correctly connected to the network. [1] Because we do not support static ips on network connect at the moment calling disconnect && connect will loose the static ip. Fixes #11748 [1] https://github.com/docker/compose/blob/0bea52b18dda3de8c28fcfb0c80cc08b8950645e/compose/service.py#L663-L667 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #11762 from edsantiago/batsOpenShift Merge Robot2021-09-28
|\ \ | | | | | | System tests: speed up. They've gotten too slow.
| * | System tests: speed up. They've gotten too slow.Ed Santiago2021-09-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - logs: remove unnecessary sleeps. This saves ~25s. Unfortunately, journald seems to have some sort of lag, so we need to keep retrying until we get the 'after' string. - ps: add placeholder test for once buildah 3544 is fixed - cp: bulk-kill containers when finished, instead of one by one. This is a big change and only saves about 8s per run, but hey. - mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers. Easy 50s. Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag? - play: same, and also 'podman pod stop'. Seems to shave ~20s. - socket-activation: UGH! Buggy and useless tests! They were running "sleep 90" containers for no reason whatsoever. I assume the intention was to run them with "-d", so that's what I've done here. Also fixed some language. 180 seconds! (Unrelated: cleanup in 070-build, use $IMAGE, not alpine) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | image prune: support removing external containersValentin Rothberg2021-09-28
|/ / | | | | | | | | | | | | | | Support removing external containers (e.g., build containers) during image prune. Fixes: #11472 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #11755 from nalind/remote-build-eval-contextdirOpenShift Merge Robot2021-09-27
|\ \ | |/ |/| remote build: EvalSymlinks() the context directory
| * remote build: EvalSymlinks() the context directoryNalin Dahyabhai2021-09-27
| | | | | | | | | | | | | | Use EvalSymlinks() to find the context directory, in case there's shenanigans. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Vendor in containers/common v0.46.0Daniel J Walsh2021-09-27
|/ | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11745 [NO TESTS NEEDED] Since this is just a revendor and a one line change for the revendor Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #11654 from Luap99/health-dockerOpenShift Merge Robot2021-09-23
|\ | | | | podman inspect add State.Health field for docker compat
| * podman inspect add State.Health field for docker compatPaul Holzinger2021-09-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | podman inspect shows the healthcheck status in `.State.Healthcheck`, docker uses `.State.Health`. To make sure docker scripts work we should add the `Health` key. Because we do not want to display both keys by default we only use the new `Health` key. This is a breaking change for podman users but matches what docker does. To provide some form of compatibility users can still use `--format {{.State.Healthcheck}}`. IT is just not shown by default. Fixes #11645 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | shell completion: do not show images without tagPaul Holzinger2021-09-23
|/ | | | | | | | | | | The shell completion should only suggest arguments that work. Using a image without tag does not work in many cases. Having both the version with and without tag also forces users to press one key more because tab completion will always stop at the colon. Fixes #11673 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* podman save: add `--uncompressed`Valentin Rothberg2021-09-22
| | | | | | | | | | Add an option to `podman save` to allow uncompressed layers when copying OCI images. Do the neccessary plumbing for the remote client, add tests and vendor in the latest commit from c/common to fetch the neccessary changes in libimage. Closes: #11613 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* remote untag: support digestsValentin Rothberg2021-09-20
| | | | | | | | | Fix a bug when remotely untagging an image via tag@digest. The digest has been lost in the remote client and hence led to a wrong behaviour on the server. Fixes: #11557 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* System tests: cleanup, and remove obsolete skipsEd Santiago2021-09-17
| | | | | | | | | | | | | | | | * 070-build: - remove workaround for #9567, which is closed. - add many more cases to the ignorefile test, to test complicated special cases of Buildah PR 3486. * 160-volumes: - remove a skip_if_remote, volumes now work on remote - use a random name for tarball, and clean up when done using it. This fixes a gating-test failure (test runs as root, then rootless, and rootless can't clobber root's file). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Add no-trunc support to podman-eventsDaniel J Walsh2021-09-16
| | | | | | | | | | | Standardize on no-trunc through the code. Alias notruncate where necessary. Standardize on the man page display of no-trunc. Fixes: https://github.com/containers/podman/issues/8941 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Wire network interface into libpodPaul Holzinger2021-09-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of the new network interface in libpod. This commit contains several breaking changes: - podman network create only outputs the new network name and not file path. - podman network ls shows the network driver instead of the cni version and plugins. - podman network inspect outputs the new network struct and not the cni conflist. - The bindings and libpod api endpoints have been changed to use the new network structure. The container network status is stored in a new field in the state. The status should be received with the new `c.getNetworkStatus`. This will migrate the old status to the new format. Therefore old containers should contine to work correctly in all cases even when network connect/ disconnect is used. New features: - podman network reload keeps the ip and mac for more than one network. - podman container restore keeps the ip and mac for more than one network. - The network create compat endpoint can now use more than one ipam config. The man pages and the swagger doc are updated to reflect the latest changes. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* build.bats: fix copy tests after containers/buildah#3486Aditya Rajan2021-09-15
| | | | | | | | Fix copy tests after https://github.com/containers/buildah/pull/3486 [NO TESTS NEEDED] Signed-off-by: Aditya Rajan <arajan@gmail.com>
* fix restart always with rootlessportPaul Holzinger2021-09-13
| | | | | | | | When a container is automatically restarted due its restart policy and the container uses rootless cni networking with ports forwarded we have to start a new rootlessport process since it exits with conmon. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Stop outputting 'healthy' on healthcheckDaniel J Walsh2021-09-10
| | | | | | | | | We should only print unhealthy if the check fails. Currently this is filling logs when users are running lots of healthchecks. Improves: https://github.com/containers/podman/issues/11157 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #11426 from fj-tsubasa/system-test-scenarioOpenShift Merge Robot2021-09-09
|\ | | | | Add a system test to modify and import an exported container
| * Add a system test to modify and import an exported container.Tsubasa Watanabe2021-09-10
| | | | | | | | | | | | | | This test has completed one of TODO items in test/system/TODO.md. The item is "Implied pull, build, export, modify, import, tag, run, kill" Signed-off-by: Tsubasa Watanabe <w.tsubasa@fujitsu.com>
* | Fix conmon attach socket buffer sizePaul Holzinger2021-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The conmon buffer size is 8192, however the attach socket needs two extra bytes. The first byte of each message will be the STREAM type. The last byte is a null byte. So when we want to read 8192 message bytes we need to read 8193 bytes since the first one is special. check https://github.com/containers/conmon/blob/1ef246896b4f6566964ed861b98cd32d0e7bf7a2/src/ctr_stdio.c#L101-L107 This problem can be seen in podman-remote run/exec when it prints output with 8192 or more bytes. The output will miss the 8192 byte. Fixes #11496 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Add logDriver to podman infoDaniel J Walsh2021-09-08
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | system tests: new random_free_port helperEd Santiago2021-09-08
| | | | | | | | | | | | | | Picks a pseudorandom open port within a range. Refactor existing instances of such code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #11468 from Luap99/play-kube-slirpOpenShift Merge Robot2021-09-08
|\ \ | | | | | | fix play kube --network options
| * | fix play kube --network optionsPaul Holzinger2021-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 092902b45555 introduced advanced network options for podman play kube. However this never worked because it unconditionally set the network mode to bridge after it parsed the network option. Added a test to ensure the correct mode is set. Truly fixes #10807 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | pkg/bindings/images.nTar(): set ownership of build context to 0:0Nalin Dahyabhai2021-09-07
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When attempting to run remote builds, users with UID/GID values that were high enough that they wouldn't be mapped into their default user namespace configurations would see their builds fail when the server attempted to extract the build contexts that they supplied, and failed to set ownership of the build context content to the UID/GID that were originally assigned to them. When archiving the build context at the client, set ownership of everything to 0:0, which we know is always mapped. Both ADD and COPY require that we set the ownership of newly-added content to 0:0 (unless the --chown flag is used), so throwing away the original ownership information doesn't hurt, anyway. As usual, tarballs that we extract as part of ADD aren't going to be affected. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | Merge pull request #11459 from vrothberg/fix-11438OpenShift Merge Robot2021-09-07
|\ \ | | | | | | generate systemd: handle --restart
| * | generate systemd: handle --restartValentin Rothberg2021-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | Handle custom restart policies of containers when generating the unit files; those should be set on the unit level and removed from ExecStart flags. Fixes: #11438 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | logs -f: file: fix dead lockValentin Rothberg2021-09-07
|/ / | | | | | | | | | | | | | | Fix a dead lock in the file log driver where one goroutine would wait on the tail to hit EOF but reading is blocked for the function to return. Fixes: 11461 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* / auto-update systemd test: skip on RHELEd Santiago2021-09-02
|/ | | | | | | | | | | | The "auto-update using systemd" test is failing on RHEL rootless. Reason: it uses journalctl, which does not work on RHEL rootless. Solution: add skip_if_journald_unavailable. ALSO: add debugging info to test failure. Signed-off-by: Ed Santiago <santiago@redhat.com>
* System tests: add cleanup & debugging outputEd Santiago2021-09-01
| | | | | | | | | | | | Cleanup: the final 'play' test wasn't cleaning up after itself, leading to angry warning messages when rerunning tests (in my environment; never in CI) Debug: I'm seeing a lot of "Could not parse READY=1 as MAINPID=nnn" flakes in the sdnotify:container test (nine in the past month). Add debug traces to help diagnose in future flakes. Signed-off-by: Ed Santiago <santiago@redhat.com>
* pass LISTEN_* environment into containerValentin Rothberg2021-08-31
| | | | | | | | | | | | | | | Make sure that Podman passes the LISTEN_* environment into containers. Similar to runc, LISTEN_PID is set to 1. Also remove conditionally passing the LISTEN_FDS as extra files. The condition was wrong (inverted) and introduced to fix #3572 which related to running under varlink which has been dropped entirely with Podman 3.0. Note that the NOTIFY_SOCKET and LISTEN_* variables are cleared when running `system service`. Fixes: #10443 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* auto-update: fix authfile labelValentin Rothberg2021-08-30
| | | | | | | | | | | | Make sure that the container's authfile label is used when pulling down a new image. [NO TESTS NEEDED] since it would require some larger rewrite of the auto-update system tests that I currently have no time for. I added a reminder to have some breadcrumbs when there is more time. Fixes: #11171 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* volumes: Add volume import to allow importing contents on tar into volumeflouthoc2021-08-26
| | | | | | | Following feature makes sure that users can load contents of external tarball into the podman volumes. Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* Merge pull request #11263 from nalind/journal-readOpenShift Merge Robot2021-08-24
|\ | | | | libpod/Container.readFromJournal(): don't skip the first entry
| * 130-kill.bats: increase timeouts from 10s to 60sNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | | | | | | | Increase the amount of time we're willing to wait for a log message that a container should be printing to show up in the output of `logs -f`, since on at least one CI configuration we're seeing a turnaround as high as 46s, but it's not something we can directly control, so that's not a hard maximum. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
| * 330-corrupt-images: don't try to tag with a canonical nameNalin Dahyabhai2021-08-23
| | | | | | | | | | | | | | In these tests, don't try to tag an image using a canonical ("with digest") image name. Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
* | generate systemd: use --cidfile againValentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 9ac5267 changed the type of the generated systemd units from `forking` to `notify`. It further stopped using `--cidfile` and instead intended systemd to take care of stopping the container, which turned out to be a bad idea. Systemd will send the stop/kill signals to conmon which in turn may exit non-zero, depending on the signal, and ultimately breaking container cleanup. Hence, we need to use --cidfile again and let podman stop and remove the container to make sure that everything's in order. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Revert "generate systemd: custom stop signal"Valentin Rothberg2021-08-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 70801b3d714b067d64744697433c5841926dad4d. It turns out that letting systemd handle stopping the container is not working as I thought it will. Conmon is receiving the stop/kill signals and may exit non-zero, which in turn lets the systemd service transition into the `failed` state. We need to get back to letting Podman stop the containers and do a partial revert of commit 9ac5267 which removed using --cidfile. Happening in a following commit. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | generate systemd: custom stop signalValentin Rothberg2021-08-24
|/ | | | | | | | | | | | | | | | | | | Commit 9ac5267598c3 changed the type of the generated systemd units from forking to notify. Parts of these changes was also removing the need to pass any information via the file system (e.g., PIDFILE, container ID). That in turn implies that systemd takes care of stopping the container. By default, systemd first sends a SIGTERM and after a certain timeout, it'll send a SIGKILL. That's pretty much what Podman is doing, unless the container was created with a custom stop signal which is the case when the --stop-signal flag was used or systemd is mounted. Account for that by using systemd's KillSignal option which allows for changing SIGTERM to another signal. Also make sure that we're using the correct timeout for units generated with --new. Fixes: #11304 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Implement SD-NOTIFY proxy in conmonDaniel J Walsh2021-08-20
| | | | | | | | | | | | | | | | This leverages conmon's ability to proxy the SD-NOTIFY socket. This prevents locking caused by OCI runtime blocking, waiting for SD-NOTIFY messages, and instead passes the messages directly up to the host. NOTE: Also re-enable the auto-update tests which has been disabled due to flakiness. With this change, Podman properly integrates into systemd. Fixes: #7316 Signed-off-by: Joseph Gooch <mrwizard@dok.org> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Valentin Rothberg <rothberg@redhat.com>