summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Podman Pod Create --sysctl supportcdoern2022-01-12
| | | | | | | | | | added support for pod wide sysctls. The sysctls supported are the same as the continer run controls. These controls are only valid if the proper namespaces are shared within the pod, otherwise only the infra ctr gets the sysctl resolves #12747 Signed-off-by: cdoern <cdoern@redhat.com>
* Merge pull request #12733 from rhatdan/copyOpenShift Merge Robot2022-01-07
|\ | | | | Set volume NeedsCopyUp to false iff data was copied up
| * Set volume NeedsCopyUp to false iff data was copied upDaniel J Walsh2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | Currently Docker copies up the first volume on a mountpoint with data. Fixes: https://github.com/containers/podman/issues/12714 Also added NeedsCopyUP, NeedsChown and MountCount to the podman volume inspect code. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12764 from edsantiago/batsOpenShift Merge Robot2022-01-07
|\ \ | | | | | | Emergency system-test fixes
| * | Emergency system-test fixesEd Santiago2022-01-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Emergency fix to image-scp tests. DO NOT CREATE A USER! These tests are run in all sorts of environments. We do not have the right to vandalize a production system. Also remove some misleading unneeded tests; and refactor a little; and add a bunch of FIXMEs which will need to be addressed later. Also, super-low priority, add 'crun: ' to expected error message in a run test (minor followup to #12758). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #12726 from hikhvar/remove-superflous-pod-renameOpenShift Merge Robot2022-01-07
|\ \ \ | |/ / |/| | Don't rename pod if container has the same name
| * | Don't rename pod if container has the same nameChristoph Petrausch2022-01-06
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | We enforce the naming scheme "<podname>-<containername>" here [1]. Therefore we must not rename the pod in case of a naming conflict between pod name and container name. Not renaming the pod increases the usability for the user and easies scripting based on the name. Otherwise a user must set some label to reliable find a pod after creation. Or have to implement the renaming logic in the script. [1] https://github.com/containers/podman/blob/main/pkg/specgen/generate/kube/kube.go#L140 Fixes #12722 Signed-off-by: Christoph Petrausch <chrobbert@gmail.com>
* | Merge pull request #12758 from rhatdan/runtimeOpenShift Merge Robot2022-01-06
|\ \ | | | | | | add OCI Runtime name to errors
| * | add OCI Runtime name to errorsDaniel J Walsh2022-01-06
| |/ | | | | | | | | | | | | | | | | It would be easier to diagnose OCI runtime errors if the error actually had the name of the OCI runtime that produced the error. [NO NEW TESTS NEEDED] Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / fix healthcheck timeouts and ut8 coercionBrent Baude2022-01-06
|/ | | | | | | | | | | | | | | | | this commit fixes two bugs and adds regression tests. when getting healthcheck values from an image, if the image does not have a timeout defined, this resulted in a 0 value for timeout. The default as described in the man pages is 30s. when inspecting a container with a healthcheck command, a customer observed that the &, <, and > characters were being converted into a unicode escape value. It turns out json marshalling will by default coerce string values to ut8. Fixes: bz2028408 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #12687 from rhatdan/volumeOpenShift Merge Robot2022-01-06
|\ | | | | Support volume bind mounts for rootless containers
| * Support all volume mounts for rootless containersDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of "bind" and "tmpfs" olumes to actually work. Allow bind, tmpfs local volumes to work in rootless mode. Also removed the string "error" from all error messages that begine with it. All Podman commands are printed with Error:, so this causes an ugly stutter. Fixes: https://github.com/containers/podman/issues/12013 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #12750 from rhatdan/errorOpenShift Merge Robot2022-01-05
|\ \ | | | | | | Change Tests to ignore missing containers when removing --all
| * | Change Tests to ignore missing containers when removing --allDaniel J Walsh2022-01-05
| | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/12740 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ \ \ | | | | | | | | Pod Security Option support and Infra Inheritance changes
| * | | Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | Merge pull request #12168 from mtrmac/socket-collisionOpenShift Merge Robot2022-01-05
|\ \ \ \ | | | | | | | | | | Avoid RemoteSocket collisions in e2e tests
| * | | | Don't initialize the global RNG with GinkgoRandomSeed() in e2e testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - It probably doesn't actually make a difference: in experiments, the github.com/containers/storage/pkg/stringid RNG initialization has been happening later - This makes the RNG caller-controlled (which we don't benefit from), but also the same on all nodes of multi-process Ginkgo execution. So, if it works at all, it may make collisions of random ID values more likely, and our tests are not robust against that. So don't go out of our way to make collisions more likely. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Avoid collisions on RemoteSocket pathsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add lock files and re-generate the UUID if we are not a known-unique user of the socket path. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | | | Refactor remote socket path determination in testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate the code that determines the directory and file prefix from the code that chooses and applies a UUID; we will make the second part more complex in a bit. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | | | Merge pull request #12429 from cdoern/scpOpenShift Merge Robot2022-01-05
|\ \ \ \ \ | |_|_|/ / |/| | | | podman image scp never enter podman user NS
| * | | | podman image scp never enter podman user NScdoern2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman image scp should never enter the Podman UserNS unless it needs to. This allows for a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo, the simple sudo podman save/load does not work, machinectl/su is necessary here. This modification allows for both rootful and rootless transfers, and an overall change of scp to be more of a wrapper function for different load and save calls as well as the ssh component Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | test/e2e/pod_initcontainers: fix a flakeKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers. The "podman ensure always init containers always run" implicitly assumes that restarting a pod will take more than 1 second. When this assumption is not met (because computers are fast!), we get a flake. The fix (without using sleep) is to print nanoseconds in date output. This format option (%N) is not supported by date in Alpine Linux, so switch to Fedora. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | | test/e2e/run: don't use date +%N on AlpineKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit e1443fe05d146def6 added a test case that ran "date +%N" inside a Fedora container (without actually using its output). Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem is, %N is not supported by date in Alpine (it only prints a newline). To eliminate the ambiguity, replace date with touch. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | | | | | | | | | | | | Fix Container List API call to return mount info
| * | | | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | |_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | |/ / / / |/| | | | legacy events: also set Action="die"
| * | | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | | Merge pull request #12611 from Luap99/ipv6OpenShift Merge Robot2022-01-03
|\ \ \ \ \ | | | | | | | | | | | | add --ip6 flag to podman create/run
| * | | | | add --ip6 flag to podman create/runPaul Holzinger2022-01-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the --ipv6 flag to podman create/run and pod create. We support the --network name:ip6=<ip> syntax now but for docker compat we should also support the --ip6 flag. Note that there is no validation if the ip is actually a v6 or v4 address because the backend does not care either. Fixes #7511 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | test/system: podman run image with filesystem permissionDaniel J Walsh2021-12-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1854566. Replaces: #12220 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | test/system: podman run with log-opt optionDaniel J Walsh2021-12-31
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1763007. Replaces: #12221 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | / prefix imageId with sha256: in containers listOliver2021-12-29
| |_|/ |/| | | | | | | | | | | | | | test for compat API ImageId Signed-off-by: Oliver Thallmair <oliver.thallmair@mailbox.org>
* | | Merge pull request #12627 from rhatdan/passwdOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Allow users to add host user accounts to /etc/passwd
| * | | Allow users to add host user accounts to /etc/passwdDaniel J Walsh2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some containers require certain user account(s) to exist within the container when they are run. This option will allow callers to add a bunch of passwd entries from the host to the container even if the entries are not in the local /etc/passwd file on the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | container creation: don't apply reserved annotations from imageValentin Rothberg2021-12-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12672 from adrianreber/2021-12-21-check-for-memtrackOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Error out early if system does not support pre-copy checkpointing
| * | | Error out early if system does not support pre-copy checkpointingAdrian Reber2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU's pre-copy migration support relies on the soft dirty page tracking in the Linux kernel: https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt This functionality is not implemented for all architectures and it can also be turned off in the kernel. CRIU can check if the combination of architecture/kernel/CRIU supports the soft dirty page tracking and exports this feature checking functionality in go-criu. This commit adds an early check if the user selects pre-copy checkpointing to error out if the system does not support it. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12599 from rhatdan/kernelmemoryOpenShift Merge Robot2021-12-23
|\ \ \ \ | |/ / / |/| | | Warn on use of --kernel-memory
| * | | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | e2e: Add dev/shm checkpoint/restore testRadostin Stoyanov2021-12-23
| | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | | | Merge pull request #12375 from rhatdan/hostsOpenShift Merge Robot2021-12-22
|\ \ \ \ | |/ / / |/| | | Use hosts public ip address in rootless containers
| * | | Use hosts public ip address in rootless containersDaniel J Walsh2021-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add first non localhost ipv4 of all host interfaces as destination for host.contaners.internal for rootless containers. Fixes: https://github.com/containers/podman/issues/12000 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12668 from vrothberg/fix-12667OpenShift Merge Robot2021-12-22
|\ \ \ \ | | | | | | | | | | support hosts without /etc/hosts
| * | | | support hosts without /etc/hostsValentin Rothberg2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes: #12667 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12664 from cdoern/noManagePasswdOpenShift Merge Robot2021-12-22
|\ \ \ \ \ | |/ / / / |/| | | | Podman run --passwd
| * | | | Podman run --passwdcdoern2021-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #12663 from vrothberg/compat-normalizationOpenShift Merge Robot2021-12-21
|\ \ \ \ \ | |_|/ / / |/| | | | compat: image normalization: handle sha256 prefix
| * | | | compat: image normalization: handle sha256 prefixValentin Rothberg2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When normalizing image names on the compat API, make sure to take the `sha256:` prefix into account when matching against the image ID. Otherwise, the name will mistakingly be subject to docker.io normalization. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12621 from giuseppe/honor-userns-auto-conf-fileOpenShift Merge Robot2021-12-21
|\ \ \ \ \ | |/ / / / |/| | | | specgen: honor userns=auto from containers.conf