aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* add container-init supportValentin Rothberg2019-01-04
| | | | | | | | | | | | | | | | | | | Add support for executing an init binary as PID 1 in a container to forward signals and reap processes. When the `--init` flag is set for podman-create or podman-run, the init binary is bind-mounted to `/dev/init` in the container and "/dev/init --" is prepended to the container's command. The default base path of the container-init binary is `/usr/libexec/podman` while the default binary is catatonit [1]. This default can be changed permanently via the `init_path` field in the `libpod.conf` configuration file (which is recommended for packaging) or temporarily via the `--init-path` flag of podman-create and podman-run. [1] https://github.com/openSUSE/catatonit Fixes: #1670 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Re-enable checkpoint/restore CI tests on FedoraAdrian Reber2018-12-28
| | | | | | | | Now that the correct distribution CRIU packages are installed the checkpoint/restore tests should no longer fail. This re-enables the disabled tests on Fedora. Signed-off-by: Adrian Reber <areber@redhat.com>
* Fixes to handle /dev/shm correctly.Daniel J Walsh2018-12-24
| | | | | | | | | | | | | | | | | | We had two problems with /dev/shm, first, you mount the container read/only then /dev/shm was mounted read/only. This is a bug a tmpfs directory should be read/write within a read-only container. The second problem is we were ignoring users mounted /dev/shm from the host. If user specified podman run -d -v /dev/shm:/dev/shm ... We were dropping this mount and still using the internal mount. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* rootless tests using stop is more reliablebaude2018-12-23
| | | | | | | | | | | when testing rootless containers, it is more reliable to stop a container with a zero timeout than kill a container. We made this change in non-rootless tests as well. When IO or CPU are taxed, it avoids a situation where the kill signal is sent but the container has not been able to update its status when a subsequent action occurs. Signed-off-by: baude <bbaude@redhat.com>
* Switch all referencs to image.ContainerConfig to image.ConfigDaniel J Walsh2018-12-21
| | | | | | This will more closely match what Docker is doing. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Change all 'can not' to 'cannot' for proper usageDaniel J Walsh2018-12-21
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* test: add test for rootless exportGiuseppe Scrivano2018-12-21
| | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* skip test for blkio.weight when kernel does not support itbaude2018-12-20
| | | | Signed-off-by: baude <bbaude@redhat.com>
* Merge pull request #2030 from baude/111OpenShift Merge Robot2018-12-19
|\ | | | | prepare for move to validate on 1.11 only
| * prepare for move to validate on 1.11 onlybaude2018-12-19
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Support podman image trust commandQi Wang2018-12-19
|/ | | | | | Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories. Signed-off-by: Qi Wang <qiwan@redhat.com>
* Show image only once with images -qTomSweeneyRedHat2018-12-17
| | | | Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
* Cirrus: Migrate PAPR testing of F28 to CirrusChris Evich2018-12-14
| | | | | | | | | | | Since the most recent TWO versions of Fedora are officially supported upstream, both need to be tested. Implement the concept of a 'prior' Fedora release in both base-image and cache-image production. Utilize the produced cache-image to test libpod. Remove F28 testing from PAPR. Much thanks to @baude @giuseppe for help with this. Signed-off-by: Chris Evich <cevich@redhat.com>
* Skip checkpoint tests on Fedora <30Chris Evich2018-12-14
| | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #1988 from mheon/use_dependency_resolvOpenShift Merge Robot2018-12-13
|\ | | | | Containers sharing a netns should share resolv/hosts
| * Add test for sharing resolv and hosts with netnsMatthew Heon2018-12-12
| | | | | | | | Signed-off-by: Matthew Heon <mheon@redhat.com>
* | Merge pull request #1989 from baude/deletecontainerfailstartOpenShift Merge Robot2018-12-13
|\ \ | | | | | | failed containers with --rm should remove themselves
| * | failed containers with --rm should remove themselvesbaude2018-12-12
| |/ | | | | | | | | | | | | | | | | | | when starting or running a container that has --rm, if the starting container fails (like due to an invalid command), the container should get removed. Resolves: #1985 Signed-off-by: baude <bbaude@redhat.com>
* / e2e: add tests for systemdEmilien Macchi2018-12-12
|/ | | | | | | | | | | | | Add functional tests to start a container from systemd. This patch will: - create a systemd unit file to start redis container - create the container with `podman create` - enable the service - start the container with systemd - check that the service is actually running Signed-off-by: Emilien Macchi <emilien@redhat.com>
* Merge pull request #1975 from giuseppe/fix-rootless-restartOpenShift Merge Robot2018-12-11
|\ | | | | rootless: fix restart when using fuse-overlayfs
| * rootless: fix restart when using fuse-overlayfsGiuseppe Scrivano2018-12-11
| | | | | | | | | | | | | | | | | | | | With rootless containers we cannot really restart an existing container as we would need to join the mount namespace as well to be able to reuse the storage, so ensure the container is stopped first. Closes: https://github.com/containers/libpod/issues/1965 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Update for API changeMiloslav Trmač2018-12-08
|/ | | | Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Merge pull request #1928 from baude/podtokubeOpenShift Merge Robot2018-12-07
|\ | | | | generate kube
| * generate kubebaude2018-12-04
| | | | | | | | | | | | | | add the ability to generate kubernetes pod and service yaml representations of libpod containers and pods. Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1904 from umohnani8/volumeOpenShift Merge Robot2018-12-06
|\ \ | | | | | | Add "podman volume" command
| * | Tests for podman volume commandsUrvashi Mohnani2018-12-06
| | | | | | | | | | | | Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Add ability to prune containers and imagesbaude2018-12-05
|/ / | | | | | | | | | | | | | | | | | | | | Allow user to prune unused/unnamed images, the layer images from building, via podman rmi --prune. Allow user to prune stopped/exiuted containers via podman rm --prune. This should resolve #1910 Signed-off-by: baude <bbaude@redhat.com>
* | test for rmi with childrenbaude2018-12-04
| | | | | | | | Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #1920 from wking/explicit-hooks-dirsOpenShift Merge Robot2018-12-04
|\ \ | | | | | | libpod/container_internal: Deprecate implicit hook directories
| * | libpod/container_internal: Deprecate implicit hook directoriesW. Trevor King2018-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Part of the motivation for 800eb863 (Hooks supports two directories, process default and override, 2018-09-17, #1487) was [1]: > We only use this for override. The reason this was caught is people > are trying to get hooks to work with CoreOS. You are not allowed to > write to /usr/share... on CoreOS, so they wanted podman to also look > at /etc, where users and third parties can write. But we'd also been disabling hooks completely for rootless users. And even for root users, the override logic was tricky when folks actually had content in both directories. For example, if you wanted to disable a hook from the default directory, you'd have to add a no-op hook to the override directory. Also, the previous implementation failed to handle the case where there hooks defined in the override directory but the default directory did not exist: $ podman version Version: 0.11.2-dev Go Version: go1.10.3 Git Commit: "6df7409cb5a41c710164c42ed35e33b28f3f7214" Built: Sun Dec 2 21:30:06 2018 OS/Arch: linux/amd64 $ ls -l /etc/containers/oci/hooks.d/test.json -rw-r--r--. 1 root root 184 Dec 2 16:27 /etc/containers/oci/hooks.d/test.json $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:31:19-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:31:19-08:00" level=warning msg="failed to load hooks: {}%!(EXTRA *os.PathError=open /usr/share/containers/oci/hooks.d: no such file or directory)" With this commit: $ podman --log-level=debug run --rm docker.io/library/alpine echo 'successful container' 2>&1 | grep -i hook time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /usr/share/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="reading hooks from /etc/containers/oci/hooks.d" time="2018-12-02T21:33:07-08:00" level=debug msg="added hook /etc/containers/oci/hooks.d/test.json" time="2018-12-02T21:33:07-08:00" level=debug msg="hook test.json matched; adding to stages [prestart]" time="2018-12-02T21:33:07-08:00" level=warning msg="implicit hook directories are deprecated; set --hooks-dir="/etc/containers/oci/hooks.d" explicitly to continue to load hooks from this directory" time="2018-12-02T21:33:07-08:00" level=error msg="container create failed: container_linux.go:336: starting container process caused "process_linux.go:399: container init caused \"process_linux.go:382: running prestart hook 0 caused \\\"error running hook: exit status 1, stdout: , stderr: oh, noes!\\\\n\\\"\"" (I'd setup the hook to error out). You can see that it's silenly ignoring the ENOENT for /usr/share/containers/oci/hooks.d and continuing on to load hooks from /etc/containers/oci/hooks.d. When it loads the hook, it also logs a warning-level message suggesting that callers explicitly configure their hook directories. That will help consumers migrate, so we can drop the implicit hook directories in some future release. When folks *do* explicitly configure hook directories (via the newly-public --hooks-dir and hooks_dir options), we error out if they're missing: $ podman --hooks-dir /does/not/exist run --rm docker.io/library/alpine echo 'successful container' error setting up OCI Hooks: open /does/not/exist: no such file or directory I've dropped the trailing "path" from the old, hidden --hooks-dir-path and hooks_dir_path because I think "dir(ectory)" is already enough context for "we expect a path argument". I consider this name change non-breaking because the old forms were undocumented. Coming back to rootless users, I've enabled hooks now. I expect they were previously disabled because users had no way to avoid /usr/share/containers/oci/hooks.d which might contain hooks that required root permissions. But now rootless users will have to explicitly configure hook directories, and since their default config is from ~/.config/containers/libpod.conf, it's a misconfiguration if it contains hooks_dir entries which point at directories with hooks that require root access. We error out so they can fix their libpod.conf. [1]: https://github.com/containers/libpod/pull/1487#discussion_r218149355 Signed-off-by: W. Trevor King <wking@tremily.us>
* | | create pod on the flybaude2018-12-03
| |/ |/| | | | | | | | | | | | | | | | | when a user specifies --pod to podman create|run, we should create that pod automatically. the port bindings from the container are then inherited by the infra container. this signicantly improves the workflow of running containers inside pods with podman. the user is still encouraged to use podman pod create to have more granular control of the pod create options. Signed-off-by: baude <bbaude@redhat.com>
* | podman pod existsbaude2018-12-03
|/ | | | | | | | | like containers and images, users would benefit from being able to check if a pod exists in local storage. if the pod exists, the return code is 0. if the pod does not exists, the return code is 1. Any other return code indicates a real errors, such as permissions or runtime. Signed-off-by: baude <bbaude@redhat.com>
* Add create test with --mount flagYiqiao Pu2018-11-29
| | | | Signed-off-by: Yiqiao Pu <ypu@redhat.com>
* Merge pull request #1890 from baude/disablecheckpointtestsOpenShift Merge Robot2018-11-28
|\ | | | | disable checkpoint tests on f29
| * disable checkpoint tests on f29baude2018-11-28
| | | | | | | | | | | | temporarily disabling checkpoint tests on f29 as they don't currently pass. Signed-off-by: baude <bbaude@redhat.com>
* | test, rootless: specify USER env variableGiuseppe Scrivano2018-11-28
|/ | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1798 from giuseppe/fix-notify-socketOpenShift Merge Robot2018-11-28
|\ | | | | systemd: fix NOTIFY_SOCKET with patched runc
| * tests: fix NOTIFY_SOCKET testGiuseppe Scrivano2018-11-28
| | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * test: fix test for NOTIFY_SOCKETGiuseppe Scrivano2018-11-28
| | | | | | | | | | | | do not make any assumption on the path inside of the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #1879 from mheon/stop_stopped_is_validOpenShift Merge Robot2018-11-28
|\ \ | |/ |/| Stopping a stopped container is not an error for Podman
| * Add test to ensure stopping a stopped container worksMatthew Heon2018-11-28
| | | | | | | | | | | | | | We regressed on this at some point. Adding a new test should help ensure that doesn't happen again. Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
* | Merge pull request #1848 from adrianreber/masterOpenShift Merge Robot2018-11-28
|\ \ | |/ |/| Add tcp-established to checkpoint/restore
| * Added more checkpoint/restore test casesAdrian Reber2018-11-28
| | | | | | | | | | | | | | | | | | | | This adds checkpoint/restore test cases for the newly added options * --leave-running * --tcp-established * --all * --latest Signed-off-by: Adrian Reber <areber@redhat.com>
* | Merge pull request #1849 from giuseppe/report-rootless-netmodeOpenShift Merge Robot2018-11-28
|\ \ | | | | | | rootless: add new netmode "slirp4netns"
| * | rootless: add new netmode "slirp4netns"Giuseppe Scrivano2018-11-27
| | | | | | | | | | | | | | | | | | | | | | | | so that inspect reports the correct network configuration. Closes: https://github.com/containers/libpod/issues/1453 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | tests: change return type for PodmanAsUser to PodmanTestIntegrationGiuseppe Scrivano2018-11-27
| |/ | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* / rootless: fix cleanupGiuseppe Scrivano2018-11-28
|/ | | | | | | | | | | | | The conmon exit command is running inside of a namespace where the process is running with uid=0. When it launches again podman for the cleanup, podman is not running in rootless mode as the uid=0. Export some more env variables to tell podman we are in rootless mode. Closes: https://github.com/containers/libpod/issues/1859 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* test: cleanup CNI network used by the testsGiuseppe Scrivano2018-11-27
| | | | | | | | issue introduced with: https://github.com/containers/libpod/pull/1871 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #1874 from ypu/mount-testOpenShift Merge Robot2018-11-27
|\ | | | | Improve podman run --mount test
| * Remove mount options relatime from podman run --mount with sharedYiqiao Pu2018-11-27
| | | | | | | | | | | | | | In some test env, mount with shared options is not included relatime in the mountinfo file. So remove this from the test case. Signed-off-by: Yiqiao Pu <ypu@redhat.com>