summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* force run container detached if container CreateCommand missing the detach param荒野無燈2020-03-14
| | | | | | | | | | | | | | | | | | | | | | | | the podman generated systemd service file has `Type=forking` service, so the command after `ExecStart=` should not run in front. if someone created a container and has the detach(`-d`) param missing like this ``` podman create --name ngxdemo -P nginxdemos/hello ``` and generate the file with `--new` param: ``` podman generate systemd --name --new ngxdemo ``` because `podman run xxx` has no `-d` param, so the container is not run in background and nerver exit. and systemd will fail to start the service: ``` sudo systemctl start container-ngxdemo.service Job for container-ngxdemo.service failed because a timeout was exceeded. See "systemctl status container-ngxdemo.service" and "journalctl -xe" for details. ``` Signed-off-by: 荒野無燈 <ttys3@outlook.com>
* generate systemd: remove leading slashesValentin Rothberg2020-03-05
| | | | | | | | | Remove leading slashes from the run-dir paths. It was meant to make it explicit that we're dealing with an absolute path but user feedback has shown that most are aware. It also cleans up the path in the systemctl status output. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #4772 from boaz0/closes_4628OpenShift Merge Robot2020-03-04
|\ | | | | Add the rmi flag to podman-run to delete container image
| * Add the rmi flag to podman-run to delete container imageBoaz Shuster2020-03-03
| | | | | | | | | | | | | | | | | | | | The --rmi flag will delete the container image after its execution unless that image is already been used by another container(s). This is useful when one wants to execute a container once and remove any resources attached to it. Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Merge pull request #5344 from edsantiago/log_formatOpenShift Merge Robot2020-03-04
|\ \ | | | | | | CI: format cirrus logs
| * | CI: format cirrus logsEd Santiago2020-03-02
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This introduces a new cirrus helper script, logformatter. Usage is: [commands...] | logformatter TEST-NAME It reformats its input into a readable, highlighed, linkable form. Some features: - boring stuff (timestamps, standard podman options) is deemphasized - important stuff (warnings, errors) is emphasized - in-page links to the actual failures - active links to source files - jumps to bottom of page on load, because that's where the errors are. (All errors are linked) Add it to select test commands (integration, system) and add a new artifacts_html, run in the 'always' block, which uploads generated *.log.html into Cirrus; from there we generate a live URL that can be viewed in browser. Unfortunately, due to security concerns in Cirrus, it is not currently possible to make the link a live one. Kludge: add a line of dashes after Restoring images; without this, the first test ("systemd PID 1") has no dashes before it, so logformatter doesn't see it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5379 from edsantiago/test_apiv2OpenShift Merge Robot2020-03-03
|\ \ | | | | | | APIv2 tests: add tests for stop
| * | APIv2 tests: add tests for stopEd Santiago2020-03-03
| |/ | | | | | | | | | | | | | | ...and allow status 'stopped' in addition to 'exited'. Fixes: #5336 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5206 from rhatdan/capabilitiesOpenShift Merge Robot2020-03-03
|\ \ | |/ |/| Allow devs to set labels in container images for default capabilities.
| * Allow devs to set labels in container images for default capabilities.Daniel J Walsh2020-03-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch allows users to specify the list of capabilities required to run their container image. Setting a image/container label "io.containers.capabilities=setuid,setgid" tells podman that the contained image should work fine with just these two capabilties, instead of running with the default capabilities, podman will launch the container with just these capabilties. If the user or image specified capabilities that are not in the default set, the container will print an error message and will continue to run with the default capabilities. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | CI: add API v2 testsEd Santiago2020-03-02
|/ | | | | | | | | | API v2 has been quiet for a few days, and the test script is actually passing. Let's take advantage of this opportunity to get them running in CI. Requires adding a check for cgroupsv2 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Ensure that exec sessions inherit supplemental groupsMatthew Heon2020-02-28
| | | | | | | | This corrects a regression from Podman 1.4.x where container exec sessions inherited supplemental groups from the container, iff the exec session did not specify a user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Merge pull request #5295 from mheon/advanced_network_inspectOpenShift Merge Robot2020-02-27
|\ | | | | Add support for multiple CNI networks in podman inspect
| * Add support for multiple CNI networks in podman inspectMatthew Heon2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When inspecting containers, info on CNI networks added to the container by name (e.g. --net=name1) should be displayed separately from the configuration of the default network, in a separate map called Networks. This patch adds this separation, improving our Docker compatibility and also adding the ability to see if a container has more than one IPv4 and IPv6 address and more than one MAC address. Fixes #4907 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | kill test: clean up warnings; document betterEd Santiago2020-02-26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 9f69c4eca (part of the f31 pr, #3091) semi-broke the kill test, there's now an ugly warning: setup(): removing stray images quay.io/libpod/fedora-minimal:latest 7bb5a60e8a78 The comments also didn't actually explain the problem being addressed, and included a misleading reference to busybox. Here we switch to using fedora-minimal only with podman-remote, clean it up (rmi) when finished, and include an explanation in the comments about why this is needed; making it clear that this workaround can be removed once we get rid of podman-remote. We also reformat back to 80 columns. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5332 from giuseppe/uts-lookup-containerOpenShift Merge Robot2020-02-26
|\ \ | | | | | | spec: allow container alias name in lookup
| * | spec: allow container alias name in lookupGiuseppe Scrivano2020-02-26
| | | | | | | | | | | | | | | | | | | | | | | | Previously --uts=container: expected the full container ID. Closes: https://github.com/containers/libpod/issues/5289 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | Merge pull request #5330 from baude/flakefixesforedOpenShift Merge Robot2020-02-26
|\ \ \ | |/ / |/| | curb flakes in integration tests
| * | curb flakes in integration testsBrent Baude2020-02-26
| |/ | | | | | | | | | | | | | | instead of searching the fedora registry which is error prone, we instead search a local registry for the empty set search. when running two containers with the same IP, i suspect the first container has not fully gotten its ip information back from cni when the second container fires. rework this test such that we use nginx to make sure the container is up and running before continues which should pace the subsequent test. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #3901 from cevich/support_f31OpenShift Merge Robot2020-02-25
|\ \ | | | | | | Cirrus: Support testing with F31
| * | Fix kill test obtaining CIDChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's possible/likely the container image for the test will need to be pulled as part of the `run` command. Due to the way BATS handles output, messages regarding image-pull could be misinterpreted as the container's CID. Force the CID to be obtained by only the last line of output. Signed-off-by: Chris Evich <cevich@redhat.com>
| * | System Tests: Force default signal handlersChris Evich2020-02-25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Recommended as part of: https://github.com/containers/libpod/issues/5004 and https://github.com/containers/crun/issues/230 Signed-off-by: Chris Evich <cevich@redhat.com>
| * | Fix cgroupsv2 run test, unexpected outputChris Evich2020-02-25
| |/ | | | | | | | | | | | | | | | | | | | | Sometime between 10th and 23rd of Feb. 2020, the behavior of crun changed. Upon consulting with Giuseppe, the podman run tests for `device-read-*` and `device-write-*` do not depend on the container output for success, only the exit code. Add a comment and conditional regarding this in case of cgroupsv2. Also noted that these tests will likely require future refactoring/simplification. Signed-off-by: Chris Evich <cevich@redhat.com>
* / apiv2 tests: add more pod tests, timing checkEd Santiago2020-02-25
|/ | | | | | | | | | | | | | | | Looks like /libpod/pods/create has been fixed to return an actual pod ID. Extend those tests. Also, update timeout in the server command: it's now seconds, not milliseconds. Also, update FIXME comments in /pods/prune . Still doesn't work, but clarify what we're seeing. Also, add a new test that runs ten /info requests and barfs if it takes more than 5 seconds. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #4889 from baude/portsearchOpenShift Merge Robot2020-02-23
|\ | | | | fix port list by container with port
| * Friendly amendment: tests, and a help messageEd Santiago2020-02-23
| | | | | | | | | | | | | | | | | | | | | | 1) Help message for podman port was missing [PORT] 2) Add test for 'podman port'. And, actually, an entire networking test that I'd written some weeks ago but apparently didn't 'git add'. Signed-off-by: Ed Santiago <santiago@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Add --no-healthcheck command to create/runBrent Baude2020-02-22
|/ | | | | | | | Now support --no-healthcheck option to disable defined healthchecks in a container image. --health-cmd=none remains supported as well. Fixes: #5299 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #5286 from edsantiago/flake_fix_same_ipOpenShift Merge Robot2020-02-21
|\ | | | | Flake fix: race condition in same-IP test
| * Flake fix: race condition in same-IP testEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The "create two containers with the same IP" test failed: https://api.cirrus-ci.com/v1/task/5992323062431744/logs/integration_test.log#t--Podman-create-two-containers-with-the-same-IP ... (basically, expected error exit code, got 0) Analysis: the sequence is 'start test1, start test2'. Perhaps it's possible that 'podman start' exits before the test1 container has an IP address assigned? There are no checks in the test, so it's impossible to know what happened. Solution: add a wait-loop invoking 'podman inspect', waiting for a nonempty IP address on test 1; then assert that it's what we expect it to be. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5222 from mheon/fix_5219OpenShift Merge Robot2020-02-20
|\ \ | | | | | | Use cleaned destination path for indexing image volumes
| * | Use cleaned destination path for indexing image volumesMatthew Heon2020-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We use filepath.Clean() to remove trailing slashes to ensure that when we supercede image mounts with mounts from --volume and --mount, paths are consistent when we compare. Unfortunately, while we used the cleaned path for the destination in the mount, it was accidentally not used to index the maps that we use to identify what to supercede, so our comparisons might be thrown off by trailing slashes and similar. Fixes #5219 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | search test on fedora registry: retry 5 timesEd Santiago2020-02-20
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | ...to try to compensate for flaky host. registry.fedoraproject.org is just not reliable. It's flaking with 503 errors, causing massive amounts of wasted CI time and developer effort. There is exactly one instance of that registry in these tests. We can't replace it with quay.io, because "search quay.io/" (trailing slash) fails with some sort of authentication error. So let's just try a sleep/retry cycle instead. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Login test: use --password-stdinEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | Great timing: this new test collided against #5268, which added a warning about using command-line --password. CI is now going to fail all over. Fix: rework test to use --password-stdin. Am doing so only in the places where output string is checked; other instances can keep using '--password xxx' because it's simpler. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | podman images: add --filter=since=XXEd Santiago2020-02-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Looks like a bit of a misunderstanding from early on. Docker implements --filter=since=IMAGE. Podman implements 'after' instead of 'since'. Add an equivalent case statement to handle both, keeping 'after' because we have no way of knowing if it is used in the field. Update documentation ... and fix what looks like a complete misinterpretation of what the code actually does: the man page claimed that these were time fields, but I don't see any possible incantation in which a time value works or could work. Updated docs to reflect IMAGE usage. Also changed nonworking '==' to single '='. Added tests. [UPDATE: skip with broken podman-remote] Fixes: #5040 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #5241 from mheon/pod_network_opts_addOpenShift Merge Robot2020-02-20
|\ \ | | | | | | Add network opts to pods
| * | Add network options to podman pod createMatthew Heon2020-02-19
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enables most of the network-related functionality from `podman run` in `podman pod create`. Custom CNI networks can be specified, host networking is supported, DNS options can be configured. Also enables host networking in `podman play kube`. Fixes #2808 Fixes #3837 Fixes #4432 Fixes #4718 Fixes #4770 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | New login and push testsEd Santiago2020-02-19
| | | | | | | | | | | | | | | | | | | | Test podman login/logout, login with wrong credentials, auth file contents, auth file path override, push/pull, and, if skopeo is installed, credentials sharing Fixes: #4283 Signed-off-by: Ed Santiago <santiago@redhat.com>
* | fix mandatory parameter in login/logoutQi Wang2020-02-18
| | | | | | | | | | | | | | fix #5146 Insted of using a registry as mandatory parameter, this path allows podman to use the first registry from registries.conf. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | podman-ps: support image IDsValentin Rothberg2020-02-17
|/ | | | | | | Support printing image IDs via `--format "{{.ImageID}}"`. Fixes: #5160 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Rework label parsingMatthew Heon2020-02-14
| | | | | | | | | | | | | | | We attempted to share all logic for parsing labels and environment variables, which on the surface makes lots of sense (both are formatted key=value so parsing logic should be identical) but has begun to fall apart now that we have added additional logic to environment variable handling. Environment variables that are unset, for example, are looked up against environment variables set for the process. We don't want this for labels, so we have to split parsing logic. Fixes #3854 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add pkg/signalValentin Rothberg2020-02-14
| | | | | | | | | Add pkg/signal to deal with parts of signal processing and translating signals from string to numeric representations. The code has been copied from docker/docker (and attributed with the copyright) but been reduced to only what libpod needs (on Linux). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #5189 from mheon/only_set_all_on_statusOpenShift Merge Robot2020-02-13
|\ | | | | Only set --all when a status filter is given to ps
| * Only set --all when a status filter is given to psMatthew Heon2020-02-12
| | | | | | | | | | | | | | | | The changes in #5075 turn out to be too aggressive; we should only be setting --all if a status= filter is given. Otherwise only running containers are filtered. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Fix up play kube to use image dataDaniel J Walsh2020-02-13
| | | | | | | | | | | | | | | | | | | | | | podman play kube was ignoring the imageData.Config Volumes WorkingDir Labels StopSignal Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #5115 from QiWang19/images-formatOpenShift Merge Robot2020-02-13
|\ \ | | | | | | images --format compatible with docker
| * | images --format compatible with dockerQi Wang2020-02-10
| | | | | | | | | | | | | | | | | | | | | This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince. Keep CreatedTime and Created are valid as hidden options. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | Merge pull request #5191 from baude/fedoraminimaliskillingmeOpenShift Merge Robot2020-02-13
|\ \ \ | | | | | | | | use quay.io/libpod/fedora-minimal for reliability
| * | | use quay.io/libpod/fedora-minimal for reliabilityBrent Baude2020-02-12
| | |/ | |/| | | | | | | Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #5152 from QiWang19/device-cgroup-ruleOpenShift Merge Robot2020-02-13
|\ \ \ | |/ / |/| | support device-cgroup-rule
| * | support device-cgroup-ruleQi Wang2020-02-12
| | | | | | | | | | | | | | | | | | | | | fix #4876 Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created. Signed-off-by: Qi Wang <qiwan@redhat.com>