summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Do not reset storage when running inside of a containerDaniel J Walsh2021-02-16
| | | | | | | | | | | | | | | | | | | | | | | | Currently if the host shares container storage with a container running podman, the podman inside of the container resets the storage on the host. This can cause issues on the host, as well as causes the podman command running the container, to fail to unmount /dev/shm. podman run -ti --rm --privileged -v /var/lib/containers:/var/lib/containers quay.io/podman/stable podman run alpine echo hello * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy * unlinkat /var/lib/containers/storage/overlay-containers/a7f3c9deb0656f8de1d107e7ddff2d3c3c279c11c1635f233a0bffb16051fb2c/userdata/shm: device or resource busy Since podman is volume mounting in the graphroot, it will add a flag to /run/.containerenv to tell podman inside of container whether to reset storage or not. Since the inner podman is running inside of the container, no reason to assume this is a fresh reboot, so if "container" environment variable is set then skip reset of storage. Also added tests to make sure /run/.containerenv is runnig correctly. Fixes: https://github.com/containers/podman/issues/9191 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #9399 from vrothberg/home-sweet-homeOpenShift Merge Robot2021-02-16
|\ | | | | do not set empty $HOME
| * do not set empty $HOMEValentin Rothberg2021-02-16
| | | | | | | | | | | | | | | | | | | | | | Make sure to not set an empty $HOME for containers and let it default to "/". https://github.com/containers/crun/pull/599 is required to fully address #9378. Partially-Fixes: #9378 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9396 from rhatdan/stopOpenShift Merge Robot2021-02-16
|\ \ | | | | | | When stopping a container, print rawInput
| * | When stopping a container, print rawInputDaniel J Walsh2021-02-16
| |/ | | | | | | | | | | | | | | | | | | | | When we stop a container we are printing the full id, this does not match Docker behaviour or the start behavior. We should be printing the users rawInput when we successfully stop the container. Fixes: https://github.com/containers/podman/issues/9386 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9380 from baude/podinfraOpenShift Merge Robot2021-02-16
|\ \ | | | | | | Fix panic in pod creation
| * | Fix panic in pod creationbaude2021-02-16
| |/ | | | | | | | | | | | | | | | | | | when creating a pod with --infra-image and using a untagged image for the infra-image (none/none), the lookup for the image's name was creating a panic. Fixes: #9374 Signed-off-by: baude <bbaude@redhat.com>
* | Merge pull request #9397 from vrothberg/fix-9232OpenShift Merge Robot2021-02-16
|\ \ | | | | | | images/create: always pull image
| * | images/create: always pull imageValentin Rothberg2021-02-16
| |/ | | | | | | | | | | | | | | | | The `images/create` endpoint should always attempt to pull a newer image. Previously, the local images was used which is not compatible with Docker and caused issues in the Gitlab CI. Fixes: #9232 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9368 from vrothberg/fix-9365OpenShift Merge Robot2021-02-16
|\ \ | | | | | | podman build: pass runtime to buildah
| * | podman build: pass runtime to buildahValentin Rothberg2021-02-16
| |/ | | | | | | | | | | | | | | | | | | Make sure that Podman's default OCI runtime is passed to Buildah in `podman build`. In theory, Podman and Buildah should use the same defaults but the projects move at different speeds and it turns out we caused a regression in v3.0. Fixes: #9365 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9372 from matejvasek/fix_host_portOpenShift Merge Robot2021-02-16
|\ \ | | | | | | Docker [APIv2] create container: handle empty host port
| * | fix create container: handle empty host portMatej Vasek2021-02-16
| |/ | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* / Don't chown workdir if it already existsDaniel J Walsh2021-02-16
|/ | | | | | | | | Currently podman is always chowning the WORKDIR to root:root This PR will return if the WORKDIR already exists. Fixes: https://github.com/containers/podman/issues/9387 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* fix dns resolution on ubuntubaude2021-02-15
| | | | | | ubuntu's dns seems a little odd and requires a fq name in its tests. Signed-off-by: baude <bbaude@redhat.com>
* e2e: fix network alias testValentin Rothberg2021-02-15
| | | | | | | | | | | The logic in the e2e test for multiple network aliases is indicating the test should wait for the containerized nginx to be ready. As this may take some time, the test does an exponential backoff starting at 2050ms. Fix the logic by removing the `Expect(...)` call during the exponential backoff. Otherwise, the test errors immediately. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* fix failing image e2e testValentin Rothberg2021-02-15
| | | | | | | | The timestamps of some images must have changed changing the number of expected filtered images. The test conditions seem fragile but for now it's more important to get CI back. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* Merge pull request #9311 from deadNightTiger/fix-pull-dockerjavaOpenShift Merge Robot2021-02-12
|\ | | | | apiv2: handle docker-java clients pulling
| * apiv2: handle docker-java clients pullingIgor Korolev2021-02-11
| | | | | | | | | | | | | | | | | | When docker-java calls images/create?fromImage=x, it expects two things for a successful response: that both "error" and "errorDetail" are not set, and that the "progress" message contains one of five hard-coded strings ("Download complete" being one of them). Signed-off-by: Igor Korolev <missterr@gmail.com>
* | Merge pull request #9302 from giuseppe/cgroup-split-v1OpenShift Merge Robot2021-02-11
|\ \ | | | | | | utils: takes the longest path on cgroup v1
| * | utils: takes the longest path on cgroup v1Giuseppe Scrivano2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | now getCgroupProcess takes the longest path on cgroup v1, instead of complaining if the paths are different. This should help when --cgroups=split is used on cgroup v1 and the process cgroups look like: $ cat /proc/self/cgroup 11:pids:/user.slice/user-0.slice/session-4.scope 10:blkio:/ 9:cpuset:/ 8:devices:/user.slice 7:freezer:/ 6:memory:/user.slice/user-0.slice/session-4.scope 5:net_cls,net_prio:/ 4:hugetlb:/ 3:cpu,cpuacct:/ 2:perf_event:/ Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | container ps json format miscuebaude2021-02-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when printing out json format, we mistakenly changed the Created field output to be a time.time in a different commit. This allows for override of the Created field to be a unix ts as type int64. Fixes: #9315 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9312 from baude/issue9310OpenShift Merge Robot2021-02-11
|\ \ \ | | | | | | | | Correct compat network prune response
| * | | Correct compat network prune responsebaude2021-02-10
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | Correcting the structure of the compat network prune response. They should follow {"NetworksDeleted": [<network_name>",...]} Fixes: #9310 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9308 from mheon/fix_6003OpenShift Merge Robot2021-02-11
|\ \ \ | | | | | | | | Rewrite copy-up to use buildah Copier
| * | | Rewrite copy-up to use buildah CopierMatthew Heon2021-02-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old copy-up implementation was very unhappy with symlinks, which could cause containers to fail to start for unclear reasons when a directory we wanted to copy-up contained one. Rewrite to use the Buildah Copier, which is more recent and should be both safer and less likely to blow up over links. At the same time, fix a deadlock in copy-up for volumes requiring mounting - the Mountpoint() function tried to take the already-acquired volume lock. Fixes #6003 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | | | Display correct value for unlimited ulimitbaude2021-02-10
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When doing a container inspect on a container with unlimited ulimits, the value should be -1. But because the OCI spec requires the ulimit value to be uint64, we were displaying the inspect values as a uint64 as well. Simple change to display as an int64. Fixes: #9303 Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #9299 from Luap99/secret-shell-completion-testOpenShift Merge Robot2021-02-10
|\ \ \ | | | | | | | | Add shell completion tests for secrets
| * | | Add shell completion tests for secretsPaul Holzinger2021-02-10
| | |/ | |/| | | | | | | | | | | | | | | | | | | Add the SECRET keyword to the shell completion test. Also update the use line for podman secret create to use `NAME` instead of `SECRET`. This matches the other commands such as network/volume create. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #9297 from matejvasek/apiv2_push_get_digestOpenShift Merge Robot2021-02-10
|\ \ \ | |/ / |/| | Docker [APIv2] push sends digest in response body
| * | Docker APIv2 push sends digest in response bodyMatej Vasek2021-02-10
| | | | | | | | | | | | Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #9295 from Luap99/fix-9293OpenShift Merge Robot2021-02-10
|\ \ \ | |/ / |/| | Fix compat networks endpoint for a empty result
| * | Fix compat networks endpoint for a empty resultPaul Holzinger2021-02-09
| |/ | | | | | | | | | | | | | | | | The networks list compat api endpoint must return `[]` and not `null` if no networks are found. Fixes #9293 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9284 from rhatdan/annotationsOpenShift Merge Robot2021-02-09
|\ \ | | | | | | Support annotations from containers.conf
| * | Restart service when CONTAINERS_CONF changesDaniel J Walsh2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Service needs to be restarted in order to read the CONTAINERS_CONF file. Not resetting this can lead to lots of flakes, since the test will use whatever the host system has to be set in it's containers.conf. Fixes: https://github.com/containers/podman/issues/9286 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Support annotations from containers.confDaniel J Walsh2021-02-09
| |/ | | | | | | | | | | | | Currently podman does not use the annotations specified in the containers.conf. This PR fixes this. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9289 from edsantiago/apiv2_test_fixesOpenShift Merge Robot2021-02-09
|\ \ | | | | | | apiv2 test fixes
| * | APIv2 tests: lots of cleanupEd Santiago2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's been a while since I last looked at these; some cruft has crept in, generating noise and hence unreadable test results. Clean it up: * remove pushd/popd in one subtest, replace with 'tar -C'. (Also remove confusing quotation marks). This removes spurious directory names from output. * in like(), show only first line of actual output. Some commands ('tree', 'generate kube') produce voluminous multi-line output, which is super useless and distracting when reading a test run. * Recognize that some queries will not generate output, e.g. HEAD requests and some POSTs. Deal with that. This fixes "curl.result.out: no such file" and "parse error" warnings. * In cleanup, 'podman rm -a' and 'rmi -af'; this gets rid of errors when deleting $WORKDIR. (EBUSY error when root, EPERM when rootless). And, the original reason for poking in here: refactor the wait-for-port part of start_server() into its own helper function, so we can use it when starting a local registry in 12-imagesMore. (Ref: #9270) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #9270 from matejvasek/fix_apiv2_pushOpenShift Merge Robot2021-02-09
|\| | | | | | | | Fix Docker APIv2 push endpoint
| * | Fix Docker APIv2 push endpointMatej Vasek2021-02-09
| | | | | | | | | | | | | | | | | | | | | Docker doesn't have the destination parameter as libpod does, the "image name" path parameter is supposed to be the destination. Signed-off-by: Matej Vasek <mvasek@redhat.com>
* | | Merge pull request #9283 from vrothberg/fix-8897OpenShift Merge Robot2021-02-09
|\ \ \ | |_|/ |/| | generate kube: do not set caps with --privileged
| * | generate kube: support --privilegedValentin Rothberg2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not play with capabilities for privileged containers where all capabilities will be set implicitly. Also, avoid the device check when running privileged since all of /dev/* will be mounted in any case. Fixes: #8897 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #9125 from ashley-cui/secretswiringOpenShift Merge Robot2021-02-09
|\ \ \ | |/ / |/| | Implement Secrets
| * | Implement SecretsAshley Cui2021-02-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Bump containers/buildah to v1.19.4Daniel J Walsh2021-02-08
| | | | | | | | | | | | | | | | | | Fix handling of --iidfile to happen on the client side. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #9246 from rhatdan/buildOpenShift Merge Robot2021-02-08
|\ \ \ | |_|/ |/| | Implement missing arguments for podman build
| * | Implement missing arguments for podman buildDaniel J Walsh2021-02-08
| |/ | | | | | | | | | | | | | | Buildah bud passes a bunch more flags then podman build. We need to implement hook up all of these flags to get full functionality. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9266 from vrothberg/fix-6510OpenShift Merge Robot2021-02-08
|\ \ | | | | | | make `podman rmi` more robust
| * | make `podman rmi` more robustValentin Rothberg2021-02-08
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The c/storage library is subject to TOCTOUs as the central container and image storage may be shared by many instances of many tools. As shown in #6510, it's fairly easy to have multiple instances of Podman running in parallel and yield image-lookup errors when removing them. The underlying issue is the TOCTOU of removal being split into multiple stages of first reading the local images and then removing them. Some images may already have been removed in between the two stages. To make image removal more robust, handle errors at stage two when a given image is not present (anymore) in the storage. Fixes: #6510 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #9236 from baude/networkpruneOpenShift Merge Robot2021-02-08
|\ \ | |/ |/| add network prune