summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* error when adding container to pod with network informationBrent Baude2020-08-24
| | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com> <MH: Fixed cherry pick conflicts and compile> Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #7363 from mheon/lets_try_this_againOpenShift Merge Robot2020-08-21
|\ | | | | Lets try this again: v2.0.5 backports, round 2
| * fix pod creation with "new:" syntax followup + allow hostnamePaul Holzinger2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax") Commit 4c75fe3f70ed passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * Fix a system test failureMatthew Heon2020-08-20
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * fix podman version output to include git commit and builttimePaul Holzinger2020-08-20
| | | | | | | | | | | | Add the go module version v2 to the libpod path. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * [WIP] Refactor podman system connectionJhon Honce2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add support to manage multiple connections * Add connection * Remove connection * Rename connection * Set connection as default * Add markdown/man pages * Fix recursion in hack/xref-helpmsgs-manpages Signed-off-by: Jhon Honce <jhonce@redhat.com> <MH: Fixed build after rebase> Signed-off-by: Matt Heon <matthew.heon@pm.me>
| * Fix one import path pointing to containers/podmanMatthew Heon2020-08-20
| | | | | | | | Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Default .Repository and .Tag values to <none>Jhon Honce2020-08-20
| | | | | | | | | | | | | | | | | | | | Refactor the processing of Repository and Tag fields to default to <none> when printing via --format flag. Previously, the default format would print <none> but --format {{.Tag}} would not in some cases. Fixes #7123 Signed-off-by: Jhon Honce <jhonce@redhat.com>
| * Fix handling of working dirDaniel J Walsh2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Buildah and podman build can create images without a working dir. FROM fedora WORKDIR /test If you build this image with caching twice, the second time the image will not have a working dir. Similarly if you execute podman run --workdir /foobar fedora It blows up since the workingdir is not created automatically. Finally there was duplicated code for getting the workingdir out of an image, that this PR removes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * Do not use image CMD if user gave ENTRYPOINTMatthew Heon2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This matches Docker behavior, and seems to make sense - the CMD may have been specific to the original entrypoint and probably does not make sense if it was changed. While we're in here, greatly simplify the logic for populating the SpecGen's Command. We create the full command when making the OCI spec, so the client should not be doing any more than setting it to the Command the user passed in, and completely ignoring ENTRYPOINT. Fixes #7115 Signed-off-by: Matthew Heon <mheon@redhat.com>
| * Ensure WORKDIR from images is createdMatthew Heon2020-08-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | A recent crun change stopped the creation of the container's working directory if it does not exist. This is arguably correct for user-specified directories, to protect against typos; it is definitely not correct for image WORKDIR, where the image author definitely intended for the directory to be used. This makes Podman create the working directory and chown it to container root, if it does not already exist, and only if it was specified by an image, not the user. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
| * Allow specifying seccomp profiles for privileged containersSascha Grunert2020-08-20
| | | | | | | | | | | | | | To sync the behavior between AppArmor and seccomp it is now possible to also specify seccomp profiles for privileged containers. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
| * Replace deepcopy on history resultsBrent Baude2020-08-20
| | | | | | | | | | | | | | | | the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly. Fixes: #7122 Signed-off-by: Brent Baude <bbaude@redhat.com>
| * Add parameter verification for api creation networkzhangguanzhang2020-08-20
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
| * podman save use named pipeQi Wang2020-08-20
| | | | | | | | | | | | | | | | | | | | | | podman save uses named pipe as output path, not directly using /dev/stdout. fix #7017 Signed-off-by: Qi Wang <qiwan@redhat.com> <MH: Corrected imports during cherry-pick> Signed-off-by: Matt Heon <matthew.heon@pm.me>
| * podman support for IPv6 networksAntonio Ojea2020-08-20
| | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | Cleanup handling of podman mount/unmountDaniel J Walsh2020-08-20
|/ | | | | | | | | | | We should default to the user name unmount rather then the internal name of umount. Also User namespace was not being handled correctly. We want to inform the user that if they do a mount when in rootless mode that they have to be first in the podman unshare state. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* system tests: invoke with abs path to podmanEd Santiago2020-08-11
| | | | | | | | | | | | | | | | | | | | | | Reversion of one part of #6679: my handling of 'realpath' would not work when $PODMAN is 'podman-remote --url etc'. Trying to handle that case got unmaintainable; so instead let's just force 'make {local,remote}system' to invoke with a full PODMAN path. This breaks down if someone runs the tests with a manual 'bats' invocation, but I think I'm the only one who ever does that. Since podman path will now be very long in the logs, add code to logformatter to abbreviate it like we do for the ginkgo logs. And, one thing that has bugged me for a long time: in the error logs, show a different prompt ('#' vs '$') to distinguish root vs rootless. This should make it much easier to see at-a-glance whether a log file is root or not. Add tests for it. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Make changes to /etc/passwd on disk for non-read onlyMatthew Heon2020-08-11
| | | | | | | | | | | | | | | | | | | | Bind-mounting /etc/passwd into the container is problematic becuase of how system utilities like `useradd` work. They want to make a copy and then rename to try to prevent breakage; this is, unfortunately, impossible when the file they want to rename is a bind mount. The current behavior is fine for read-only containers, though, because we expect useradd to fail in those cases. Instead of bind-mounting, we can edit /etc/passwd in the container's rootfs. This is kind of gross, because the change will show up in `podman diff` and similar tools, and will be included in images made by `podman commit`. However, it's a lot better than breaking important system tools. Fixes #6953 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add username to /etc/passwd inside of container if --userns keep-idDaniel J Walsh2020-08-11
| | | | | | | | | | If I enter a continer with --userns keep-id, my UID will be present inside of the container, but most likely my user will not be defined. This patch will take information about the user and stick it into the container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix pod creation with "new:" syntaxPaul Holzinger2020-08-11
| | | | | | | | | | | When you execute podman create/run with the --pod new:<name> syntax the pod was created but the namespaces where not shared and therefore containers could not communicate over localhost. Add the default namespaces and pass the network options to the pod create options. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Add versioned _ping endpointJhon Honce2020-08-11
| | | | | | Fixes #7008 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* API returns 500 in case network is not found instead of 404zhangguanzhang2020-08-11
| | | | | Backported-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Handle podman-remote run --rmDaniel J Walsh2020-08-11
| | | | | | | | We need to remove the container after it has exited for podman-remote run --rm commands. If we don't remove this container at this step, we open ourselves up to race conditions. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* correct go-binding key for volumesBrent Baude2020-08-11
| | | | | | | | the go binding for remove container was using 'vols' for a key to remove volumes associated to the container. the correct key should be "v" and is documented as such. Fixes: #7128 Signed-off-by: Brent Baude <bbaude@redhat.com>
* cherry-pick: Reenable remote system testsEd Santiago2020-08-11
| | | | | | | | | | | | | | | | | | | | | | | | NOTE: the remote tests are not reenabled but the changes are applied. Future commits depend on some of the changes and having the commit applied will likely facilitate future backports as well. podman-remote is in better shape now. Let's see what needs to be done to reenable remote system tests. - logs test: skip multilog, it doesn't work remote - diff test: use -l only when local, not with remote - many other tests: skip_if_remote, with 'FIXME: pending #xxxx' where xxxx is a filed issue. Unrelated: added new helper to skip_if_remote and _if_rootless, where we check if the source message includes "remote"/"rootless" and insert it if missing. This is a minor usability enhancement to make it easier to understand at-a-glance why a skip triggers. Backported-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Ed Santiago <santiago@redhat.com>
* system tests: new tests for run, execEd Santiago2020-08-11
| | | | | | | | | | | | | | | | | | | | | | - Issue #6735 : problem with multiple namespaces; confirms combinations of --userns=keep-id, --privileged, --user=XX - Issue #6829 : --userns=keep-id will add a /etc/passwd entry - Issue #6593 : podman exec, with --userns=keep-id, errors (test is currently skipped because issue remains live) ...and, addendum: add new helper function, remove_same_dev_warning. Some CI systems issue a warning on podman run --privileged: WARNING: The same type, major and minor should not be used for multiple devices. We already had special-case code to ignore than in the SELinux test, but now we're seeing it in the new run tests I added, so I've refactored the "ignore this warning" code and written tests for the removal code. Signed-off-by: Ed Santiago <santiago@redhat.com>
* implement the exitcode when start a container with attachzhangguanzhang2020-08-11
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Do not set host IP on ports when 0.0.0.0 requestedMatthew Heon2020-08-11
| | | | | | | | | | | | | | | | Docker and CNI have very different ideas of what 0.0.0.0 means. Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4 address on the host. CNI (and, thus, root Podman) take it to mean the literal IP 0.0.0.0. Instead, CNI interprets the empty string ("") as "bind to all IPs". We could ask CNI to change, but given this is established behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and turn it into "" when we parse ports. Fixes #7014 Signed-off-by: Matthew Heon <mheon@redhat.com>
* fix bug podman sign storage pathQi Wang2020-08-11
| | | | | | | | | | - fix the bud podman not using specified --directory as signature storage. - use manifest and image referce to set repo@digest. close #6994 close #6993 Backported-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Qi Wang <qiwan@redhat.com>
* podman-remote send name and tagBrent Baude2020-08-11
| | | | | | | | | when loading an image with podman-remote load, we need to send a name and a tag to the endpoint Fixes: #7124 Backported-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Brent Baude <bbaude@redhat.com>
* Ensure that exec errors write exit codes to the DBMatthew Heon2020-08-11
| | | | | | | | | | | | | | | | | | | In local Podman, the frontend interprets the error and exit code given by the Exec API to determine the appropriate exit code to set for Podman itself; special cases like a missing executable receive special exit codes. Exec for the remote API, however, has to do this inside Libpod itself, as Libpod will be directly queried (via the Inspect API for exec sessions) to get the exit code. This was done correctly when the exec session started properly, but we did not properly handle cases where the OCI runtime fails before the exec session can properly start. Making two error returns that would otherwise not set exit code actually do so should resolve the issue. Fixes #6893 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* fix podman logs --tail when log is bigger than pagesizePaul Holzinger2020-08-11
| | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* generate systemd: fix error handlingValentin Rothberg2020-08-11
| | | | | | | | | Fix a bug in the error handling which returned nil instead of an error and ultimately lead to nil dereferences in the client. To prevent future regressions, add a test and check for the error message. Fixes: #7271 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Publish IP from YAML (podman play kube)Ashley Cui2020-08-04
| | | | | | podman play kube didn't set host ip correctly from YAML Signed-off-by: Ashley Cui <acui@redhat.com>
* Disable a nonfunctional build testMatthew Heon2020-07-31
| | | | | | | The amount of drift in the system tests on v2.0 is starting to become difficult to deal with. 2.1.0 can't come soon enough. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* volumes: do not recurse when chowningGiuseppe Scrivano2020-07-31
| | | | | | | | | | | | | keep the file ownership when chowning and honor the user namespace mappings. Closes: https://github.com/containers/podman/issues/7130 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> <MH: Fixed conflicts from cherry pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* add {{.RunningFor}} placeholder in ps --formatAshley Cui2020-07-31
| | | | | | For docker compatibility Signed-off-by: Ashley Cui <acui@redhat.com>
* Binding the same container port to >1 host port is OKMatthew Heon2020-07-31
| | | | | | | | | | | The initial version of the new port code mistakenly restricted this, so un-restrict it. We still need to maintain the map of container ports, unfortunately (need to verify if the port in question is a duplicate, for example). Fixes #7062 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Specifying --ipc=host --pid=host is brokenDaniel J Walsh2020-07-31
| | | | | | | | For some reason we were overwriting memory when handling both --pid=host and --ipc=host. Simplified the code to handle this correctly, and add test to make sure it does not happen again. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Fix building from http or '-' optionsDaniel J Walsh2020-07-31
| | | | | | | | | | | | | | When copying from a URL, podman will download and create a context directory in a temporary file. The problem was that this directory was being removed as soon as the function that created it was returned. Later the build code would look for content in the temporary directory and fail to find it, blowing up the build. By pulling the extraction code back into the build function, we keep the temporary directory around until the build completes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* test/apiv2: add a simple events testValentin Rothberg2020-07-27
| | | | | | | Add a simple test to exercise the events API without the "filters" parameter. Prevents regressing on #7078. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Drop a nonfunctional test in test/apiv2Matthew Heon2020-07-22
| | | | | | | | | I'm somewhat reluctant to do this, but the file has diverged majorly from master, and the amount of stuff we've backported (versus not backported) makes me very hesitant to try cherry picking more from master in the hope that it will start working. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix handling of entrypointDaniel J Walsh2020-07-22
| | | | | | | If a user specifies an entrypoint of "" then we should not use the images entrypoint. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix API: Create container with an invalid configurationzhangguanzhang2020-07-22
| | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* version/info: format: allow more json variantsValentin Rothberg2020-07-22
| | | | | | | | | Allow more variants to yield json output for `podman version` and `podman info`. Instead of comparing strings, use a regex and add unit and e2e tests. Fixes: #6927 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Correctly print STDOUT on non-terminal remote execMatthew Heon2020-07-22
| | | | | | | | | | | | | | I confused STDIN and STDOUT's file descriptors (it's 0 and 1, I thought they were 1 and 0). As such, we were looking at whether we wanted to print STDIN when we looked to print STDOUT. This bool was set when `-i` was set in at the `podman exec` command line, which masked the problem when it was set. Fixes #6890 Fixes #6891 Fixes #6892 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Add SystemdMode to inspect for containersMatthew Heon2020-07-22
| | | | | | | | | | | | | This allows us to determine if the container auto-detected that systemd was in use, and correctly activated systemd integration. Use this to wire up some integration tests to verify that systemd integration is working properly. Signed-off-by: Matthew Heon <matthew.heon@pm.me> <MH: Fixed Compile after cherry-pick> Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* Fix lintMatthew Heon2020-07-22
| | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* Include infra container information in `pod inspect`Matthew Heon2020-07-22
| | | | | | | | | | We had a field for this in the inspect data, but it was never being populated. Because of this, `podman pod inspect` stopped showing port bindings (and other infra container settings). Add code to populate the infra container inspect data, and add a test to ensure we don't regress again. Signed-off-by: Matthew Heon <mheon@redhat.com>