aboutsummaryrefslogtreecommitdiff
path: root/test/system
Commit message (Collapse)AuthorAge
* Merge pull request #14619 from Luap99/helpopenshift-ci[bot]2022-06-16
|\ | | | | fix "podman -h" help output
| * fix "podman -h" help outputPaul Holzinger2022-06-16
| | | | | | | | | | | | | | | | | | | | | | `podman -h` currently returns an error: `Error: pflag: help requested` This bug was introduced in 44d037898ebc, the problem is that we wrap the error and cobra lib checks with `==` for this one and not errors.Is(). I have a PR upstream to fix this but for now this also works. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14600 from edsantiago/arghopenshift-ci[bot]2022-06-16
|\ \ | | | | | | system tests: avoid rmi -a ... plus cleanup
| * | system tests: avoid rmi -a ... plus cleanupEd Santiago2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I noticed 'rmi -a' in a test. I tried to fix it. Hilarity ensued. 'rmi -a' is evil: it forces a fresh pull of our test image, which in turn almost guarantees a flake some day. We avoid it, but once in a while it slips in. While fixing it, I noticed a bevy of other problems that needed cleanup. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #14613 from kolyshkin/fix-410-selinuxopenshift-ci[bot]2022-06-16
|\ \ \ | |_|/ |/| | test/system/410-selinux: fix for newer runc
| * | test/system/410-selinux: fix for newer runcKir Kolyshkin2022-06-15
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With runc 1.1, we have the following failure: # #| FAIL: podman emits useful diagnostic on failure # #| expected: 'Error.*: OCI runtime error: .*: failed to set /proc/self/attr/keycreate on procfs' (using expr) # #| actual: 'Error: OCI runtime error: runc: runc create failed: unable to start container process: error during container init: write /proc/self/attr/keycreate: invalid argument' which is caused by the fact that runc 1.1 uses newer opencontainers/selinux package, which changes custom errors to standard os.PathError instances (so that they can be unwrapped if needed). Fix the test case accordingly. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* / system test image: bump to 20220615Ed Santiago2022-06-15
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes: - use --timestamp option to produce 'created' stamps that can be reliably tested in the image-history test - podman now supports manifest & multiarch run, so we no longer need buildah - bump up base alpine & busybox images This turned out to be WAY more complicated than it should've been, because: - alpine 3.14 fixed 'date -Iseconds' to include a colon in the TZ offset ("-07:00", was "-0700"). This is now consistent with GNU date's --iso-8601 format, yay, so we can eliminate a minor workaround. - with --timestamp, all ADDed files are set to that timestamp, including the custom-reference-timestamp file that many tests rely on. So we need to split the build into two steps. But: - ...with a two-step build I need to use --squash-all, not --squash, but: - ... (deep sigh) --squash-all doesn't work with --timestamp (#14536) so we need to alter existing tests to deal with new image layers. - And, long and sordid story relating to --rootfs. TL;DR that option only worked by a miracle relating to something special in one specific test image; it doesn't work with any other images. Fix seems to be complicated, so we're bypassing with a FIXME (#14505). And, unrelated: - remove obsolete skip and workaround in run-basic test (dating back to varlink days) - add a pause-image cleanup to avoid icky red warnings in logs Fixes: #14456 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #14596 from ↵openshift-ci[bot]2022-06-15
|\ | | | | | | | | giuseppe/move-conmon-different-cgroup-system-service libpod: improve check to create conmon cgroup
| * libpod: improve check to create conmon cgroupGiuseppe Scrivano2022-06-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit 1951ff168a63157fa2f4711fde283edfc4981ed3 introduced a check so that conmon is not moved to a new cgroup when podman is running inside of a systemd service. This is helpful to integrate podman in systemd so that the spawned conmon lives in the same cgroup as the service that created it. Unfortunately this breaks when podman daemon is running in a systemd service since the same check is in place thus all the conmon processes end up in the same cgroup as the podman daemon. When the podman daemon systemd service stops the conmon processes are also terminated as well as the containers they monitor. Improve the check to exclude podman running as a daemon. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=2052697 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | podman cp: do not overwrite non-dirs with dirs and vice versaValentin Rothberg2022-06-10
| | | | | | | | | | | | | | | | | | | | Add a new `--overwrite` flag to `podman cp` to allow for overwriting in case existing users depend on the behavior; they will have a workaround. By default, the flag is turned off to be compatible with Docker and to have a more sane behavior. Fixes: #14420 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | Merge pull request #14539 from Luap99/completion5OpenShift Merge Robot2022-06-09
|\ \ | | | | | | shell completion: fix problems with container path completion
| * | shell completion: fix problems with container path completionPaul Holzinger2022-06-09
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When you try to complete a path which exists and it is a file the completion logic did not check the parent dir for other matching file names. To fix that we have to check if the current completion is not a dir and use the parent dir in this case. See the updated test for an example why this is required. Also make sure directories are correctly completed, the shell always adds the "/" as suffix to signal the user that this path is a directory. In this case we do not want to automatically add a space. When the path is a regular file we want the space after the suggestion since there is nothing more to complete. This better matches the normal default shell completion. The test were changed to not assume any particular ordering since this is irrelevant for the shell completion script and there is no guarantee about the ordering. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | Merge pull request #14542 from hshiina/restore-filelockOpenShift Merge Robot2022-06-09
|\ \ | |/ |/| Pass '--file-locks' to OCI runtime at restoring
| * Pass '--file-locks' to OCI runtime at restoringHironori Shiina2022-06-09
| | | | | | | | | | | | | | | | `podman container restore --file-locks` does not restore file locks because this option is not passed to OCI runtime. This patch fixes this issue. Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
* | --userns=keep-id,nomap are not allowed in rootful modeDaniel J Walsh2022-06-08
|/ | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* libpod: store network status when userns is usedPaul Holzinger2022-06-07
| | | | | | | | | | | | | | | | | | When a container with a userns is created the network setup is special. Normally the netns is setup before the oci runtime container is created, however with a userns the container is created first and then the network is setup. In the second case we never saved the container state afterwards. Because of it, podman inspect would not show the network info and network teardown will not happen. This worked with local podman because there was a save() call later in the code path which then also saved the network status. But in the podman API code path this save never happened thus all containers started via API had this problem. Fixes #14465 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #14460 from cipherboy/align-docker-podman-load-outputOpenShift Merge Robot2022-06-02
|\ | | | | Align docker load and podman load output
| * Update test output expectationAlexander Scheel2022-06-02
| | | | | | | | Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
* | Merge pull request #14457 from Luap99/completion4OpenShift Merge Robot2022-06-02
|\ \ | | | | | | shell completion for paths inside the image/container
| * | shell completion for paths inside the image/containerPaul Holzinger2022-06-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add shell completion for paths inside the container or image. Currently podman run IMAGE [TAB] only uses the default shell completion which suggests paths on the host. This is fine for some cases but often the user wants a path which only exists in the image/container. This commits adds support for that. Both podman create/run can now complete the paths from the image, podman cp ctr:... now completes paths from the actual container. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #14301 from rhatdan/volumeOpenShift Merge Robot2022-06-02
|\ \ \ | |/ / |/| | Support setting image_volume_mode in containers.conf
| * | Support setting image_volume_mode in containers.confDaniel J Walsh2022-05-26
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/14230 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14344 from cdoern/podCreateOpenShift Merge Robot2022-06-02
|\ \ \ | | | | | | | | podman pod create --uidmap patch
| * | | podman pod create --uidmap patchcdoern2022-06-01
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podmans remote API does not marshal infra's spec due to the fact that if it did, all of those options would be available to the users on the command line. This means we need to manually map "backwards" some container spec items -> pod spec items before calling PodCreate, this was one of them that was forgotten resolves #14233 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | | Podman no-new-privileges formatNiall Crowe2022-05-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | In docker, the format of no-new-privileges is "no-new-privileges:true". However, for Podman all that's required is "no-new-privileges", leading to issues when attempting to use features desgined for docker in podman. Adding support for the ":" format to be used along with the "=" format, depedning on which one is entered by the user. fixes #14133 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* | Merge pull request #14358 from vrothberg/todo-part-2OpenShift Merge Robot2022-05-25
|\ \ | | | | | | Todo part 2
| * | test/system/250-systemd.bats: clean up outdated TODOValentin Rothberg2022-05-25
| | | | | | | | | | | | | | | | | | | | | `podman auto-update` is now properly exercised in the system tests, so we can safely remove the outdated TODO. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | | Merge pull request #14333 from rhatdan/podOpenShift Merge Robot2022-05-25
|\ \ \ | |/ / |/| | Allow podman pod create --share +pid
| * | Allow podman pod create --share +pidDaniel J Walsh2022-05-24
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/13422 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14334 from rhatdan/pod1OpenShift Merge Robot2022-05-24
|\ \ \ | | | | | | | | Allow podman pod create to accept name argument
| * | | Allow podman pod create to accept name argumentDaniel J Walsh2022-05-24
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I am constantly attempting to add the podname to the last argument to podman pod create. Allowing this makes it match podman volume create and podman network create. It does not match podman container create, since podman container create arguments specify the arguments to run with the container. Still need to support the --name option for backwards compatibility. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #14346 from edsantiago/helpmsg_testsOpenShift Merge Robot2022-05-24
|\ \ \ | |/ / |/| | help-message system test: catch more cases
| * | help-message system test: catch more casesEd Santiago2022-05-24
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Look for and prevent lower-case arg descriptions: podman cmd [arg] - Look for and prevent optional-mandatory misordering: podman cmd [ARG] ARG - Tighter whitespace checks (and fix podman pod ps) - simplify a no-longer-necessary mess! #8635 fixed the horrible "CONTAINER | IMAGE" strings (with spaces), so there's no longer a need to special-case those. The one-extra-arg check is now much cleaner. Minor refactoring. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #14341 from vrothberg/todo-part-1OpenShift Merge Robot2022-05-24
|\ \ | |/ |/| TODO's and FIXME's [PART 1]
| * podman image mount: print pretty tableValentin Rothberg2022-05-24
| | | | | | | | | | | | | | | | | | Make sure that `podman image mount` prints a pretty table unless there is only argument passed and without a custom format. Fixing a TODO item brought me to the specific code location and revealed the fart in the logic. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | system tests: fix flake waiting for container to runValentin Rothberg2022-05-24
|/ | | | | | | | | | | I have seen some system tests flake waiting for a container to transition into a specific running state. My theory is that the waiting time was not sufficient on nodes under high load. Hence, increase the waiting time. Also replace the break with a return to spare some cycles to redundantly compare with the already checked state. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* auto update: create an eventValentin Rothberg2022-05-23
| | | | | | | | | Create an auto-update event for each invocation, independent if images and containers are updated or not. Those events will be indicated in the events already but users will now know why. Fixes: #14283 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* k8systemd: run k8s workloads in systemdValentin Rothberg2022-05-17
| | | | | | | | | | | | | | | | | | | | Support running `podman play kube` in systemd by exploiting the previously added "service containers". During `play kube`, a service container is started before all the pods and containers, and is stopped last. The service container communicates its conmon PID via sdnotify. Add a new systemd template to dispatch such k8s workloads. The argument of the template is the path to the k8s file. Note that the path must be escaped for systemd not to bark: Let's assume we have a `top.yaml` file in the home directory: ``` $ escaped=$(systemd-escape ~/top.yaml) $ systemctl --user start podman-play-kube@$escaped.service ``` Closes: https://issues.redhat.com/browse/RUN-1287 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* [BZ #2083997] pod: build pause image in custom user NSValentin Rothberg2022-05-13
| | | | | | | | | | | Use the host UID and host GID mapping when building the local pause image for a Pod with a custom mapping. Otherwise, the mappings are off and the build fails. Propagating the mapping to the build container is not needed since the pause image ships merely a copied `catatonit` from the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2083997 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Merge pull request #14159 from vrothberg/service-containerDaniel J Walsh2022-05-12
|\ | | | | play kube: service container
| * play kube: service containerValentin Rothberg2022-05-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the notion of a "service container" to play kube. A service container is started before the pods in play kube and is (reverse) linked to them. The service container is stopped/removed *after* all pods it is associated with are stopped/removed. In other words, a service container tracks the entire life cycle of a service started via `podman play kube`. This is required to enable `play kube` in a systemd unit file. The service container is only used when the `--service-container` flag is set on the CLI. This flag has been marked as hidden as it is not meant to be used outside the context of `play kube`. It is further not supported on the remote client. The wiring with systemd will be done in a later commit. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* | sdnotify: send MAINPID only onceValentin Rothberg2022-05-12
|/ | | | | | | | | Send the main PID only once. Previously, `(*Container).start()` and the conmon handler sent them ~simultaneously and went into a race. I noticed the issue while debugging a WIP PR. Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Report correct RemoteURIDaniel J Walsh2022-05-04
| | | | | | | | | | | | Rather than assuming a filesystem path, the API service URI is recorded in the libpod runtime configuration and then reported as requested. Note: All schemes other than "unix" are hard-coded to report URI exists. Fixes #12023 Signed-off-by: Jhon Honce <jhonce@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* play kube default log driverNiall Crowe2022-05-04
| | | | | | | | | The default log driver is not used when using play kube without --log-driver. The LogDriver function needs to be called in order to use the default log driver. fixes #13781 Signed-off-by: Niall Crowe <nicrowe@redhat.com>
* pod: add exit policiesValentin Rothberg2022-05-02
| | | | | | | | | | | | | | | | | | | | | | | | Add the notion of an "exit policy" to a pod. This policy controls the behaviour when the last container of pod exits. Initially, there are two policies: - "continue" : the pod continues running. This is the default policy when creating a pod. - "stop" : stop the pod when the last container exits. This is the default behaviour for `play kube`. In order to implement the deferred stop of a pod, add a worker queue to the libpod runtime. The queue will pick up work items and in this case helps resolve dead locks that would otherwise occur if we attempted to stop a pod during container cleanup. Note that the default restart policy of `play kube` is "Always". Hence, in order to really solve #13464, the YAML files must set a custom restart policy; the tests use "OnFailure". Fixes: #13464 Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* libpod: host netns keep same /etc/resolv.confPaul Holzinger2022-04-29
| | | | | | | | | | | | When a container is run in the host network namespace we have to keep the same resolv.conf content and not use the systemd-resolve detection logic. But also make sure we still allow --dns options. Fixes #14055 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* fix incorrect permissions for /etc/resolv.conf in usernsPaul Holzinger2022-04-29
| | | | | | | | | | | | | | The files /etc/hosts, /etc/hostname and /etc/resolv.conf should always be owned by the root user in the container. This worked correct for /etc/hostname and /etc/hosts but not for /etc/resolv.conf. A container run with --userns keep-id would have the reolv.conf file owned by the current container user which is wrong. Consolidate some common code in a new helper function to make the code more cleaner. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Report properly whether pod shares host networkDaniel J Walsh2022-04-28
| | | | | | Fixes: https://github.com/containers/podman/issues/14028 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Add CreatedSince & CreatedAt format fields to podman image historyDaniel J Walsh2022-04-27
| | | | | | Fixes: https://github.com/containers/podman/issues/14012 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Truncate annotations when generating kubernetes yaml filesDaniel J Walsh2022-04-27
| | | | | | | | | | | | Kubernetes only allows 63 characters in an annotation. Make sure that we only add 63 or less charaters when generating kube. Warn if containers or pods have longer length and truncate. Discussion: https://github.com/containers/podman/discussions/13901 Fixes: https://github.com/containers/podman/issues/13962 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>