aboutsummaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* Bump VMs, to Ubuntu 2204 with cgroups v1Ed Santiago2022-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ...and enable the at-test-time confirmation, the one that double-checks that if CI requests runc we actually use runc. This exposed a nasty surprise in our setup: there are steps to define $OCI_RUNTIME, but that's actually a total fakeout! OCI_RUNTIME is used only in e2e tests, it has no effect whatsoever on actual podman itself as invoked via command line such as in system tests. Solution: use containers.conf Given how fragile all this runtime stuff is, I've also added new tests (e2e and system) that will check $CI_DESIRED_RUNTIME. Image source: https://github.com/containers/automation_images/pull/146 Since we haven't actually been testing with runc, we need to fix a few tests: - handle an error-message change (make it work in both crun and runc) - skip one system test, "survive service stop", that doesn't work with runc and I don't think we care. ...and skip a bunch, filing issues for each: - #15013 pod create --share-parent - #15014 timeout in dd - #15015 checkpoint tests time out under $CONTAINER - #15017 networking timeout with registry - #15018 restore --pod gripes about missing --pod - #15025 run --uidmap broken - #15027 pod inspect cgrouppath broken - ...and a bunch more ("podman pause") that probably don't even merit filing an issue. Also, use /dev/urandom in one test (was: /dev/random) because the test is timing out and /dev/urandom does not block. (But the test is still timing out anyway, even with this change) Also, as part of the VM switch we are now using go 1.18 (up from 1.17) and this broke the gitlab tests. Thanks to @Luap99 for a quick fix. Also, slight tweak to #15021: include the timeout value, and reword message so command string is at end. Also, fixed a misspelling in a test name. Fixes: #14833 Signed-off-by: Ed Santiago <santiago@redhat.com>
* resource limits for podsCharlie Doern2022-07-21
| | | | | | | | | | | | | | | | | | added the following flags and handling for podman pod create --memory-swap --cpuset-mems --device-read-bps --device-write-bps --blkio-weight --blkio-weight-device --cpu-shares given the new backend for systemd in c/common, all of these can now be exposed to pod create. most of the heavy lifting (nearly all) is done within c/common. However, some rewiring needed to be done here as well! Signed-off-by: Charlie Doern <cdoern@redhat.com>
* podman-remote pull: fix duplicate progress outputsValentin Rothberg2022-07-21
| | | | | | | By vendoring the fixes from containers/image. Also add a test (thanks @edsantiago) to make sure we won't regress in the future again. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* system tests: new system-service bats fileEd Santiago2022-07-18
| | | | | | | | | | | | | Followup to #14957, which added a new test that doesn't actually belong in the 250-systemd.bats file. It was copy-pasted from another test that doesn't belong there. Move both tests to a new .bats file, because (1) they need a custom cleanup, and (2) one of the tests should very definitely run under podman-remote, and the 250 bats file has a global skip_if_remote(). Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14890 from rhatdan/VENDORopenshift-ci[bot]2022-07-18
|\ | | | | Vendor in containers/(storage,image, common, buildah)
| * buildah vendor treadmillEd Santiago2022-07-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As you run --sync, please update this commit message with your actual changes. Changes since 2022-06-14: - apply-podman-deltas: (minor) buildah 4057 changed the name of a test; make corresponding change here - apply-podman-deltas: buildah 4071 adds a new OCI-hook test that's failing in remote. Skip it. - apply-podman-deltas: buildah 4096 changed an error message - apply-podman-deltas: buildah 4097 added a test that doesn't work with podman-remote - run-buildah-bud-tests: only run 'sudo --validate' if we need to sudo later (for running tests). Otherwise, same thing: I run the treadmill script, step away, and come back to an unnecessary sudo prompt. - system tests: the new containers-storage changes some error messages; fix tests to reflect that. (And, unrelated, fix a red cleanup warning) Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Run codespellDaniel J Walsh2022-07-18
| | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add --host and -H as equivalent options to --urlDaniel J Walsh2022-07-18
|/ | | | | | | | | | Docker supports -H and --host for specify the listening socket. Podman should support them also in order to match the CLI. These will not be documented since Podman defaults to using the --url option. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix tests for "podman kube play"Niall Crowe2022-07-14
| | | | | | | | This is a follow up to fix some of the apiv2 tests related to "podman kube play" while also removing reduntant system tests. Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* Merge pull request #14923 from rhatdan/eventsopenshift-ci[bot]2022-07-14
|\ | | | | Add podman events -f to be alias for --filter
| * Add podman events -f to be alias for --filterDaniel J Walsh2022-07-13
| | | | | | | | | | | | Needed for Docker compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Add "podman kube play" cmdNiall Crowe2022-07-13
|/ | | | | | | | | | | The "podman kube play" command is designed to be a replacement for the "podman play kube" command. It performs the same function as "play kube" while also still working with the same flags and options. The "podman play kube" command is still functional as an alias of "kube play". Closes #12475 Signed-off-by: Niall Crowe <nicrowe@redhat.com> Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* [CI:DOCS] Improve language. Fix spelling and typos.Erik Sjölund2022-07-11
| | | | | | | | | * Correct spelling and typos. * Improve language. Co-authored-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* podman wait: return 0 if container never ranValentin Rothberg2022-07-11
| | | | | | | Make sure to return/exit with 0 when waiting for a container that never ran. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* test/system/130-kill.bats: use $IMAGEValentin Rothberg2022-07-11
| | | | | | A copy-paste error led to use `alpine` instead. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14818 from rhatdan/waitopenshift-ci[bot]2022-07-11
|\ | | | | podman wait can take multiple conditions
| * podman wait can take multiple conditionsDaniel J Walsh2022-07-08
| | | | | | | | | | | | | | | | Podman wait should not be defaulting to just stopped. By default wait API waits for stopped and exited. We should not override this on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | pkg: switch to golang native error wrappingSascha Grunert2022-07-08
|/ | | | | | | | | We now use the golang error wrapping format specifier `%w` instead of the deprecated github.com/pkg/errors package. [NO NEW TESTS NEEDED] Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* port forward range test: fix many oopsesEd Santiago2022-07-07
| | | | | | | | | | | | Wrong variable. And, wrong index range. And, wrong bash syntax for extracting end_port. And, add explicit check for valid range, because die() inside 'foo=$(...)' will not actually die. And, refactor some confusing code. And, reformat/clean up a confusing and too-wide comment. Fixes: #14854 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Sync: handle exit fileValentin Rothberg2022-07-05
| | | | | | | | | | | Make sure `Sync()` handles state transitions and exit codes correctly. The function was only being called when batching which could render containers in an unusable state when running concurrently with other state-altering functions/commands since the state must be re-read from the database before acting upon it. Fixes: #14761 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14807 from eriksjolund/fix_read_only_spellingopenshift-ci[bot]2022-07-04
|\ | | | | [CI:DOCS] Fix spelling "read only" -> "read-only"
| * Fix spelling "read only" -> "read-only"Erik Sjölund2022-07-02
| | | | | | | | Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* | podman pod create --memoryCharlie Doern2022-07-01
|/ | | | | | | | using the new resource backend, implement podman pod create --memory which enables users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all children unless overriden Signed-off-by: Charlie Doern <cdoern@redhat.com>
* Merge pull request #14795 from giuseppe/fix-wildcard-major-device-cgroupopenshift-ci[bot]2022-07-01
|\ | | | | specgen: fix parsing of cgroup devices rule
| * specgen: fix parsing of cgroup devices ruleGiuseppe Scrivano2022-07-01
| | | | | | | | | | | | | | | | | | Fix the parse for the cgroup devices rule to correctly handle the wildcard syntax for the device major. Also make sure the device major and minor are not negative numbers. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman-play-kube template: rename to podman-kubeValentin Rothberg2022-06-30
|/ | | | | | | | With the upcoming plans of introducing a podman-kube command with various subcommands, rename the podman-play-kube systemd template to podman-kube before releasing it. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14720 from sstosh/rm-optionopenshift-ci[bot]2022-06-29
|\ | | | | Fix: Prevent OCI runtime directory remain
| * Fix: Prevent OCI runtime directory remainToshiki Sonoda2022-06-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This bug was introduced in https://github.com/containers/podman/pull/8906. When we use 'podman rm/restart/stop/kill etc...' command to the container running with --rm, the OCI runtime directory remains at /run/<runtime name> (root user) or /run/user/<user id>/<runtime name> (rootless user). This bug could cause other bugs. For example, when we checkpoint the container running with --rm (podman checkpoint --export) and restore it (podman restore --import) with crun, error message "Error: OCI runtime error: crun: container `<container id>` already exists" is outputted. This error is caused by an attempt to restore the container with the same container ID as the remaining OCI runtime's container ID. Therefore, I fix that the cleanupRuntime() function runs to remove the OCI runtime directory, even if the container has already been removed by --rm option. Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
* | podman image scp remote support & podman image scp taggingcdoern2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add support for podman-remote image scp as well as direct access via the API. This entailed a full rework of the layering of image scp functions as well as the usual API plugging and type creation also, implemented podman image scp tagging. which makes the syntax much more readable and allows users t tag the new image they are loading to the local/remote machine: allow users to pass a "new name" for the image they are transferring `podman tag` as implemented creates a new image im `image list` when tagging, so this does the same meaning that when transferring images with tags, podman on the remote machine/user will load two images ex: `podman image scp computer1::alpine computer2::foobar` creates alpine:latest and localhost/foobar on the remote host implementing tags means removal of the flexible syntax. In the currently released podman image scp, the user can either specify `podman image scp source::img dest::` or `podman image scp dest:: source::img`. However, with tags this task becomes really hard to check which is the image (src) and which is the new tag (dst). Removal of that streamlines the arg parsing process Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Merge pull request #14741 from giuseppe/pod-ps-no-raceopenshift-ci[bot]2022-06-28
|\ \ | | | | | | pod: ps does not race with rm
| * | pod: ps does not race with rmGiuseppe Scrivano2022-06-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the "pod ps" command first retrieves the list of all pods, then iterates over the list to inspect each pod. This introduce a race since a pod could be deleted in the meanwhile by another process. Solve it by ignoring the define.ErrNoSuchPod error. Closes: https://github.com/containers/podman/issues/14736 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Use Regexp in volume ls --filter nameBoaz Shuster2022-06-27
|/ / | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Merge pull request #14654 from cdoern/cgroupopenshift-ci[bot]2022-06-27
|\ \ | | | | | | podman cgroup enhancement
| * | podman cgroup enhancementcdoern2022-06-24
| |/ | | | | | | | | | | | | | | | | | | | | currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level meaning that resource related flags can now be exposed to podman pod create. cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will be the next flag I work on. Signed-off-by: Charlie Doern <cdoern@redhat.com>
* | Fix "podman run port forward range" flakePaul Holzinger2022-06-27
| | | | | | | | | | | | | | | | | | | | The test must ensure that all ports in the range are free not just the first. This flakes often because port 5355 is always in use by systemd-resolved on fedora. Fixes #14716 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | conmon: silence json-file errorValentin Rothberg2022-06-23
|/ | | | | | | We should just silently fall through. The log was flooding the system-service logs when running Gitlab runner. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Fix spelling "setup" -> "set up" and similarErik Sjölund2022-06-22
| | | | | | | | | | * Replace "setup", "lookup", "cleanup", "backup" with "set up", "look up", "clean up", "back up" when used as verbs. Replace also variations of those. * Improve language in a few places. Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
* Merge pull request #14619 from Luap99/helpopenshift-ci[bot]2022-06-16
|\ | | | | fix "podman -h" help output
| * fix "podman -h" help outputPaul Holzinger2022-06-16
| | | | | | | | | | | | | | | | | | | | | | `podman -h` currently returns an error: `Error: pflag: help requested` This bug was introduced in 44d037898ebc, the problem is that we wrap the error and cobra lib checks with `==` for this one and not errors.Is(). I have a PR upstream to fix this but for now this also works. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14600 from edsantiago/arghopenshift-ci[bot]2022-06-16
|\ \ | | | | | | system tests: avoid rmi -a ... plus cleanup
| * | system tests: avoid rmi -a ... plus cleanupEd Santiago2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed 'rmi -a' in a test. I tried to fix it. Hilarity ensued. 'rmi -a' is evil: it forces a fresh pull of our test image, which in turn almost guarantees a flake some day. We avoid it, but once in a while it slips in. While fixing it, I noticed a bevy of other problems that needed cleanup. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14613 from kolyshkin/fix-410-selinuxopenshift-ci[bot]2022-06-16
|\ \ \ | |_|/ |/| | test/system/410-selinux: fix for newer runc
| * | test/system/410-selinux: fix for newer runcKir Kolyshkin2022-06-15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With runc 1.1, we have the following failure: # #| FAIL: podman emits useful diagnostic on failure # #| expected: 'Error.*: OCI runtime error: .*: failed to set /proc/self/attr/keycreate on procfs' (using expr) # #| actual: 'Error: OCI runtime error: runc: runc create failed: unable to start container process: error during container init: write /proc/self/attr/keycreate: invalid argument' which is caused by the fact that runc 1.1 uses newer opencontainers/selinux package, which changes custom errors to standard os.PathError instances (so that they can be unwrapped if needed). Fix the test case accordingly. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* / system test image: bump to 20220615Ed Santiago2022-06-15
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: - use --timestamp option to produce 'created' stamps that can be reliably tested in the image-history test - podman now supports manifest & multiarch run, so we no longer need buildah - bump up base alpine & busybox images This turned out to be WAY more complicated than it should've been, because: - alpine 3.14 fixed 'date -Iseconds' to include a colon in the TZ offset ("-07:00", was "-0700"). This is now consistent with GNU date's --iso-8601 format, yay, so we can eliminate a minor workaround. - with --timestamp, all ADDed files are set to that timestamp, including the custom-reference-timestamp file that many tests rely on. So we need to split the build into two steps. But: - ...with a two-step build I need to use --squash-all, not --squash, but: - ... (deep sigh) --squash-all doesn't work with --timestamp (#14536) so we need to alter existing tests to deal with new image layers. - And, long and sordid story relating to --rootfs. TL;DR that option only worked by a miracle relating to something special in one specific test image; it doesn't work with any other images. Fix seems to be complicated, so we're bypassing with a FIXME (#14505). And, unrelated: - remove obsolete skip and workaround in run-basic test (dating back to varlink days) - add a pause-image cleanup to avoid icky red warnings in logs Fixes: #14456 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14596 from ↵openshift-ci[bot]2022-06-15
|\ | | | | | | | | giuseppe/move-conmon-different-cgroup-system-service libpod: improve check to create conmon cgroup
| * libpod: improve check to create conmon cgroupGiuseppe Scrivano2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so that conmon is not moved to a new cgroup when podman is running inside of a systemd service. This is helpful to integrate podman in systemd so that the spawned conmon lives in the same cgroup as the service that created it. Unfortunately this breaks when podman daemon is running in a systemd service since the same check is in place thus all the conmon processes end up in the same cgroup as the podman daemon. When the podman daemon systemd service stops the conmon processes are also terminated as well as the containers they monitor. Improve the check to exclude podman running as a daemon. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
| | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14539 from Luap99/completion5OpenShift Merge Robot2022-06-09
|\ \ | | | | | | shell completion: fix problems with container path completion
| * | shell completion: fix problems with container path completionPaul Holzinger2022-06-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you try to complete a path which exists and it is a file the completion logic did not check the parent dir for other matching file names. To fix that we have to check if the current completion is not a dir and use the parent dir in this case. See the updated test for an example why this is required. Also make sure directories are correctly completed, the shell always adds the "/" as suffix to signal the user that this path is a directory. In this case we do not want to automatically add a space. When the path is a regular file we want the space after the suggestion since there is nothing more to complete. This better matches the normal default shell completion. The test were changed to not assume any particular ordering since this is irrelevant for the shell completion script and there is no guarantee about the ordering. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14542 from hshiina/restore-filelockOpenShift Merge Robot2022-06-09
|\ \ | |/ |/| Pass '--file-locks' to OCI runtime at restoring