summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #7534 from edsantiago/batsOpenShift Merge Robot2020-09-08
|\ | | | | Migrate away from docker.io
| * Migrate away from docker.ioEd Santiago2020-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CI and system tests currently pull some images from docker.io. Eliminate that, by: - building a custom image containing much of what we need for testing; and - copying other needed images to quay.io (Reason: effective 2020-11-01 docker.io will limit the number of image pulls). The principal change is to create a new quay.io/libpod/testimage, using the new test/system/build-testimage script, instead of relying on quay.io/libpod/alpine_labels. We also switch to using a hardcoded :YYYYMMDD tag, instead of :latest, in an attempt to futureproof our CI. This image includes 'httpd' from busybox-extras, which we use in our networking test (previously we had to pull and run busybox from docker.io). The testimage can and should be extended as needed for future tests, e.g. adding test file content or other useful tools. For the '--pull' tests which require actually pulling from the registry, I've created an image with the same name but tagged :00000000 so it will never be pulled by default. Since this image is only used minimally, it's just busybox. Unfortunately there remain two cases we cannot solve in this tiny alpine-based image: 1) docker registry 2) systemd For those, I've (manually) run: podman pull [ docker.io/library/registry:2.7 | registry.fedoraproject.org/fedora:31 ] podman tag !$ quay.io/... podman push !$ ...and amended the calling tests accordingly. I've tried to make the the smallest reasonable diff, not the smallest possible one. I hope it's a reasonable tradeoff. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7538 from edsantiago/cap_test_robustOpenShift Merge Robot2020-09-08
|\ \ | |/ |/| Update VM images for new crun; adapt Cap tests to work with new kernel
| * WIP: update VM imagesEd Santiago2020-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (This is an adoption of #7533 because Brent is on PTO). Pick up new crun and crio-runc. Also: renames from useful fedora-32 and -31 to less-useful names; presumably this is needed by something-something in the new VM setup. Also: tweak two e2e tests to more properly handle a kernel (5.8.4) with a greater set of capabilities than what we or crun can yet handle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Fix unconfined AppArmor profile usage for unsupported systemsSascha Grunert2020-09-07
| | | | | | | | | | | | | | | | If we select "unconfined" as AppArmor profile, then we should not error even if the host does not support it at all. This behavior has been fixed and a corresponding e2e test has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7437 from openSUSE/rmOpenShift Merge Robot2020-09-06
|\ \ | | | | | | Just use `rm` for helper command to remove storage
| * | Just use `rm` for helper command to remove storageSascha Grunert2020-08-28
| | | | | | | | | | | | | | | | | | This allows to use any kind of `rm` in `$PATH` for the system tests. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | Merge pull request #7329 from Luap99/generate-systemd-remoteOpenShift Merge Robot2020-09-05
|\ \ \ | |_|/ |/| | APIv2 add generate systemd endpoint
| * | APIv2 add generate systemd endpointPaul Holzinger2020-09-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for generating systemd units via the api and podman-remote. Change the GenerateSystemdReport type to return the units as map[string]string with the unit name as key. Add `--format` flag to `podman generate systemd` to allow the output to be formatted as json. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | We should not be mounting /run as noexec when run with --systemdDaniel J Walsh2020-09-02
|/ / | | | | | | | | | | | | The system defaults /run to "exec" mode, and we default --read-only mounts on /run to "exec", so --systemd should follow suit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #7426 from Edward5hen/apiv2-containers-testOpenShift Merge Robot2020-09-02
|\ \ | | | | | | APIv2 test: add more tests for containers
| * | APIv2 test: add more tests for containersEdward Shen2020-09-01
| | | | | | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | | Ensure rootless containers without a passwd can startMatthew Heon2020-08-31
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to modify /etc/passwd to add an entry for the user in question, but at the same time we don't want to require the container provide a /etc/passwd (a container with a single, statically linked binary and nothing else is perfectly fine and should be allowed, for example). We could create the passwd file if it does not exist, but if the container doesn't provide one, it's probably better not to make one at all. Gate changes to /etc/passwd behind a stat() of the file in the container returning cleanly. Fixes #7515 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ \ | | | | | | play kube: handle Socket HostPath type
| * | play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #7469 from zhangguanzhang/generate-kube-with-ExtraHostsOpenShift Merge Robot2020-08-28
|\ \ \ | |/ / |/| | fix podman generate kube with HostAliases
| * | fix podman generate kube with HostAliaseszhangguanzhang2020-08-27
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | Merge pull request #7464 from edsantiago/batsOpenShift Merge Robot2020-08-28
|\ \ \ | | | | | | | | BATS: fix corner case in --userns=keep-id test
| * | | BATS: fix corner case in --userns=keep-id testEd Santiago2020-08-27
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The test that does 'adduser' in a keep-id container had a really dumb bug: if the user running the test has UID 1000, then podman itself (via keep-id) will add the "1000" passwd entry, and the in-container "adduser" will allocate 1001, making our test fail. This triggered in f31/f32 podman gating tests, but (?!?) never in rawhide gating tests. Solution: explicitly feed a UID to adduser. Make sure that it's not the same as the UID of the current user. Also (unrelated): fix a ridiculous "run mkdir || die". At the time I wrote that I probably had no idea how BATS works. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / | Fix log level case regressionSascha Grunert2020-08-28
|/ / | | | | | | | | | | | | | | | | | | With previous versions of Podman (like v1.9.2) it was always possible to specify the log level in any case, for example `INFO`. This behavior has silently changed, where the `--log-level` flag only accepts lower case levels. This commit re-enables the old behavior and adds an e2e test for it. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7438 from openSUSE/commentDaniel J Walsh2020-08-27
|\ \ | |/ |/| Remove test comment for now-succeeding tests
| * Remove test comment for now succeeding testsSascha Grunert2020-08-25
| | | | | | | | | | | | | | The related issue seems fixed so the test execution should work as intended. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | fix apiv2 will create containers with incorrect commandszhangguanzhang2020-08-24
|/ | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* Merge pull request #7390 from baude/podnetOpenShift Merge Robot2020-08-21
|\ | | | | error when adding container to pod with network information
| * error when adding container to pod with network informationBrent Baude2020-08-21
| | | | | | | | | | | | | | | | | | | | | | | | because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes. this has been difficult for users to understand. we now return an error when a container is being created inside a pod and passes any of the following attributes: * static IP (v4 and v6) * static mac * ports -p (i.e. -p 8080:80) * exposed ports (i.e. 222-225) * publish ports from image -P Signed-off-by: Brent Baude <bbaude@redhat.com>
* | fix /libpod/pods/json returns null when there are no podszhangguanzhang2020-08-21
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | fix pod creation with "new:" syntax followup + allow hostnamePaul Holzinger2020-08-20
|/ | | | | | | | | | | | | | | | | | | | | Fixes: 4c75fe3f70ed ("fix pod creation with "new:" syntax") Commit 4c75fe3f70ed passes all net options to the pod but forgot to unset the options for the container creation. This leads to erros when using flags like `--ip` since we tried setting the ip on the pod and container which obviously fails. I didn't notice the bug because we don't throw an error when specifing port bindings on a container which joins the pods network namespace. (#7373) Also allow the use of `--hostname` and pass that option to the pod and unset it for the container. The container has to use the pods hostname anyway. This would error otherwise. Added tests to prevent regression. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* system tests: enable more remote tests; cleanupEd Santiago2020-08-19
| | | | | | | | | | | | | | | | | | | | | | | | info, images, run, networking tests: remove some skip_if_remote()s that were added in the varlink days. All of these tests now seem to work with APIv2. help test: check that first output line from 'podman --help' is the program description (regression check for #7273). load test: clean up stray images, rewrite test to make it conform to existing convention. In the process, discover and file #7337 exec test (and networking): file #7360, and add FIXME comment to skip()s suggesting evaluating those tests once that is fixed. pod test: now that #6328 is fixed, use 'podman pod inspect --format' instead of relying on jq Various other tests: add an explanation of why test is disabled so we can more easily distinguish "this will never be meaningful under remote" vs "hey, doesn't work for now, but maybe someday". Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7361 from Luap99/version-builttimeOpenShift Merge Robot2020-08-19
|\ | | | | fix podman version output to include git commit and builttime
| * fix podman version output to include git commit and builttimePaul Holzinger2020-08-18
| | | | | | | | | | | | Add the go module version v2 to the libpod path. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #7341 from edsantiago/e2e_use_tmpdirsOpenShift Merge Robot2020-08-18
|\ \ | | | | | | e2e tests: use actual temp dirs, not "/tmp/dir"
| * | e2e tests: use actual temp dirs, not "/tmp/dir"Ed Santiago2020-08-18
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the --iidfile tests was flaking: Error: failed to write image ID to file "/tmp/dir/idFile": open /tmp/dir/idFile: no such file or directory Root cause: test was actually not mkdir'ing /tmp/dir. Test was mostly passing because _other_ tests in the suite were mkdir'ing it, but once in a while this test ran before the others. Solution: fixed this test to use CreateTempDirInTempDir(). And, since hardcoded tempdirs are bad practice, grepped for '"dir"' and fixed all other instances too. Signed-off-by: Ed Santiago <santiago@redhat.com>
* / flake fix: podman image trustEd Santiago2020-08-18
|/ | | | | | | | | The output of 'podman image trust' is in random order; but its e2e test was assuming a specific one. This caused flakes. Fixes: #6764 Signed-off-by: Ed Santiago <santiago@redhat.com>
* Re-disable sdnotify tests to try to fix CIEd Santiago2020-08-18
| | | | | | | | Some CI tests are hanging, timing out in 60 or 120 minutes. I wonder if it's #7316, the bug where all podman commands hang forever if NOTIFY_SOCKET is set? Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #7333 from openSUSE/bashifyOpenShift Merge Robot2020-08-17
|\ | | | | Use `bash` binary from env instead of /bin/bash for scripts
| * Use `bash` binary from env instead of /bin/bash for scriptsSascha Grunert2020-08-17
| | | | | | | | | | | | | | | | It's not possible to run any of the scripts on distributions which do have `bash` not in `/bin`. This is being fixed by using `/usr/bin/env bash` instead. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | Merge pull request #7317 from edsantiago/batsOpenShift Merge Robot2020-08-17
|\ \ | |/ |/| system tests: enable sdnotify tests
| * system tests: enable sdnotify testsEd Santiago2020-08-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Oops. PR #6693 (sdnotify) added tests, but they were disabled due to broken crun on f31. I tried for three weeks to get a magic CI:IMG PR to update crun on the CI VMs ... but in that time I forgot to actually enable those new tests. This PR removes a 'skip', replacing it with a check that systemd is running plus one more to make sure our runtime is crun. It looks like sdnotify just doesn't work on Ubuntu (it hangs), and my guess is that it's a crun/runc issue. I also changed the test image from fedora:latest to :31, because, sigh, fedora:latest removed the systemd-notify tool. WARNING WARNING WARNING: the symptom of a missing systemd-notify is that podman will hang forever, not even stopped by the timeout command in podman_run! (Filed: #7316). This means that if the sdnotify-in-container test ever fails, the symptom will be that Cirrus itself will time out (2 hours?). This is horrible. I don't know what to do about it other than push for a fix for 7316. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7314 from aojea/ipv6_default_gwOpenShift Merge Robot2020-08-16
|\ \ | |/ |/| IPv6 default route
| * podman support for IPv6 networksAntonio Ojea2020-08-15
| | | | | | | | | | | | | | | | | | | | | | podman containers using IPv6 were missing the default route, breaking deployments trying to use them. The problem is that the default route was hardcoded to IPv4, this takes into consideration the podman subnet IP family to generate the corresponding default route. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | run, create: add new security-opt proc-optsGiuseppe Scrivano2020-08-12
|/ | | | | | | it allows to customize the options passed down to the OCI runtime for setting up the /proc mount. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #7073 from QiWang19/save-stdoutOpenShift Merge Robot2020-08-12
|\ | | | | podman save use named pipe
| * podman save use named pipeQi Wang2020-08-12
| | | | | | | | | | | | | | podman save uses named pipe as output path, not directly using /dev/stdout. fix #7017 Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #7308 from hamzadis/slirp4netns-cidrOpenShift Merge Robot2020-08-12
|\ \ | | | | | | Add support for setting the CIDR when using slirp4netns
| * | Add support for setting the CIDR when using slirp4netnsAdis Hamzić2020-08-12
| |/ | | | | | | | | | | | | | | This adds support for the --cidr parameter that is supported by slirp4netns since v0.3.0. This allows the user to change the ip range that is used for the network inside the container. Signed-off-by: Adis Hamzić <adis@hamzadis.com>
* | Merge pull request #7267 from zhangguanzhang/check-invalid-network-createOpenShift Merge Robot2020-08-12
|\ \ | |/ |/| Add parameter verification for api creation network
| * Add parameter verification for api creation networkzhangguanzhang2020-08-12
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Replace deepcopy on history resultsBrent Baude2020-08-11
|/ | | | | | | | the deepcopy in the remote history code path was throwing an uncaught error on a type mismatch. we now manually do the conversion and fix the type mismatch on the fly. Fixes: #7122 Signed-off-by: Brent Baude <bbaude@redhat.com>
* Merge pull request #7269 from openSUSE/seccompOpenShift Merge Robot2020-08-11
|\ | | | | Allow specifying seccomp profiles for privileged containers