summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #12208 from cdoern/podSecurityOptOpenShift Merge Robot2022-01-05
|\ | | | | Pod Security Option support and Infra Inheritance changes
| * Pod Security Option supportcdoern2021-12-27
| | | | | | | | | | | | | | | | | | | | | | | | | | Added support for pod security options. These are applied to infra and passed down to the containers as added (unless overridden). Modified the inheritance process from infra, creating a new function Inherit() which reads the config, and marshals the compatible options into an intermediate struct `InfraInherit` This is then unmarshaled into a container config and all of this is added to the CtrCreateOptions. Removes the need (mostly) for special additons which complicate the Container_create code and pod creation. resolves #12173 Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #12168 from mtrmac/socket-collisionOpenShift Merge Robot2022-01-05
|\ \ | | | | | | Avoid RemoteSocket collisions in e2e tests
| * | Don't initialize the global RNG with GinkgoRandomSeed() in e2e testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - It probably doesn't actually make a difference: in experiments, the github.com/containers/storage/pkg/stringid RNG initialization has been happening later - This makes the RNG caller-controlled (which we don't benefit from), but also the same on all nodes of multi-process Ginkgo execution. So, if it works at all, it may make collisions of random ID values more likely, and our tests are not robust against that. So don't go out of our way to make collisions more likely. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Avoid collisions on RemoteSocket pathsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | Add lock files and re-generate the UUID if we are not a known-unique user of the socket path. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
| * | Refactor remote socket path determination in testsMiloslav Trmač2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate the code that determines the directory and file prefix from the code that chooses and applies a UUID; we will make the second part more complex in a bit. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* | | Merge pull request #12429 from cdoern/scpOpenShift Merge Robot2022-01-05
|\ \ \ | | | | | | | | podman image scp never enter podman user NS
| * | | podman image scp never enter podman user NScdoern2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman image scp should never enter the Podman UserNS unless it needs to. This allows for a sudo exec.Command to transfer images to and from rootful storage. If this command is run using sudo, the simple sudo podman save/load does not work, machinectl/su is necessary here. This modification allows for both rootful and rootless transfers, and an overall change of scp to be more of a wrapper function for different load and save calls as well as the ssh component Signed-off-by: cdoern <cdoern@redhat.com>
* | | | test/e2e/pod_initcontainers: fix a flakeKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 3c3fa6fac4d0f8e8 added a few test cases for the init containers. The "podman ensure always init containers always run" implicitly assumes that restarting a pod will take more than 1 second. When this assumption is not met (because computers are fast!), we get a flake. The fix (without using sleep) is to print nanoseconds in date output. This format option (%N) is not supported by date in Alpine Linux, so switch to Fedora. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | test/e2e/run: don't use date +%N on AlpineKir Kolyshkin2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit e1443fe05d146def6 added a test case that ran "date +%N" inside a Fedora container (without actually using its output). Commit ccc5bc167fa2c140 changed that test case to use Alpine. Problem is, %N is not supported by date in Alpine (it only prints a newline). To eliminate the ambiguity, replace date with touch. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* | | | Merge pull request #12735 from rhatdan/mountOpenShift Merge Robot2022-01-04
|\ \ \ \ | | | | | | | | | | Fix Container List API call to return mount info
| * | | | Fix Container List API call to return mount infoDaniel J Walsh2022-01-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We are hard coding mounts to return nil in compat API, since we have the data, we should return it. Fixes: https://github.com/containers/podman/issues/12734 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12643 from leahneukirchen/events-compatOpenShift Merge Robot2022-01-04
|\ \ \ \ \ | |/ / / / |/| | | | legacy events: also set Action="die"
| * | | | legacy events: also set exitCodeLeah Neukirchen2022-01-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Status = "die", Docker sets the exit code of the container to a field "exitCode". Podman uses "containerExitCode". Copy the value into "exitCode" as well, for compatibility. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* | | | | Merge pull request #12611 from Luap99/ipv6OpenShift Merge Robot2022-01-03
|\ \ \ \ \ | | | | | | | | | | | | add --ip6 flag to podman create/run
| * | | | | add --ip6 flag to podman create/runPaul Holzinger2022-01-03
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the --ipv6 flag to podman create/run and pod create. We support the --network name:ip6=<ip> syntax now but for docker compat we should also support the --ip6 flag. Note that there is no validation if the ip is actually a v6 or v4 address because the backend does not care either. Fixes #7511 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | | test/system: podman run image with filesystem permissionDaniel J Walsh2021-12-31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1854566. Replaces: #12220 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | test/system: podman run with log-opt optionDaniel J Walsh2021-12-31
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test case is used for covering rhbz#1763007. Replaces: #12221 Signed-off-by: Alex Jia <ajia@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | / prefix imageId with sha256: in containers listOliver2021-12-29
| |_|/ |/| | | | | | | | | | | | | | test for compat API ImageId Signed-off-by: Oliver Thallmair <oliver.thallmair@mailbox.org>
* | | Merge pull request #12627 from rhatdan/passwdOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Allow users to add host user accounts to /etc/passwd
| * | | Allow users to add host user accounts to /etc/passwdDaniel J Walsh2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some containers require certain user account(s) to exist within the container when they are run. This option will allow callers to add a bunch of passwd entries from the host to the container even if the entries are not in the local /etc/passwd file on the host. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1935831 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | container creation: don't apply reserved annotations from imageValentin Rothberg2021-12-23
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not apply reserved annotations from the image to the container. Reserved annotations are applied during container creation to retrieve certain information (e.g., custom seccomp profile or autoremoval) once a container has been created. Context: #12671 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #12672 from adrianreber/2021-12-21-check-for-memtrackOpenShift Merge Robot2021-12-23
|\ \ \ | | | | | | | | Error out early if system does not support pre-copy checkpointing
| * | | Error out early if system does not support pre-copy checkpointingAdrian Reber2021-12-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CRIU's pre-copy migration support relies on the soft dirty page tracking in the Linux kernel: https://www.kernel.org/doc/Documentation/vm/soft-dirty.txt This functionality is not implemented for all architectures and it can also be turned off in the kernel. CRIU can check if the combination of architecture/kernel/CRIU supports the soft dirty page tracking and exports this feature checking functionality in go-criu. This commit adds an early check if the user selects pre-copy checkpointing to error out if the system does not support it. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | | Merge pull request #12599 from rhatdan/kernelmemoryOpenShift Merge Robot2021-12-23
|\ \ \ \ | |/ / / |/| | | Warn on use of --kernel-memory
| * | | Warn on use of --kernel-memoryDaniel J Walsh2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It has been deprecated and is no longer supported. Fully remove it and only print a warning if a user uses it. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2011695 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | e2e: Add dev/shm checkpoint/restore testRadostin Stoyanov2021-12-23
| | | | | | | | | | | | | | | | Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
* | | | Merge pull request #12375 from rhatdan/hostsOpenShift Merge Robot2021-12-22
|\ \ \ \ | |/ / / |/| | | Use hosts public ip address in rootless containers
| * | | Use hosts public ip address in rootless containersDaniel J Walsh2021-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add first non localhost ipv4 of all host interfaces as destination for host.contaners.internal for rootless containers. Fixes: https://github.com/containers/podman/issues/12000 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #12668 from vrothberg/fix-12667OpenShift Merge Robot2021-12-22
|\ \ \ \ | | | | | | | | | | support hosts without /etc/hosts
| * | | | support hosts without /etc/hostsValentin Rothberg2021-12-22
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes: #12667 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #12664 from cdoern/noManagePasswdOpenShift Merge Robot2021-12-22
|\ \ \ \ \ | |/ / / / |/| | | | Podman run --passwd
| * | | | Podman run --passwdcdoern2021-12-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | added support for a new flag --passwd which, when false prohibits podman from creating entries in /etc/passwd and /etc/groups allowing users to modify those files in the container entrypoint resolves #11805 Signed-off-by: cdoern <cdoern@redhat.com>
* | | | | Merge pull request #12663 from vrothberg/compat-normalizationOpenShift Merge Robot2021-12-21
|\ \ \ \ \ | |_|/ / / |/| | | | compat: image normalization: handle sha256 prefix
| * | | | compat: image normalization: handle sha256 prefixValentin Rothberg2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When normalizing image names on the compat API, make sure to take the `sha256:` prefix into account when matching against the image ID. Otherwise, the name will mistakingly be subject to docker.io normalization. Signed-off-by: Valentin Rothberg <rothberg@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #12621 from giuseppe/honor-userns-auto-conf-fileOpenShift Merge Robot2021-12-21
|\ \ \ \ \ | |/ / / / |/| | | | specgen: honor userns=auto from containers.conf
| * | | | specgen: honor userns=auto from containers.confGiuseppe Scrivano2021-12-20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when using the default userns value, make sure its value is parsed so that userns=auto is parsed and the options for the storage are filled. Closes: https://github.com/containers/podman/issues/12615 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
| * | | | test: add --rm to podman run commandsGiuseppe Scrivano2021-12-20
| |/ / / | | | | | | | | | | | | Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Merge pull request #12640 from vrothberg/fix-12631OpenShift Merge Robot2021-12-20
|\ \ \ \ | | | | | | | | | | apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
| * | | | apiv2 tests: use quay.io/libpod/testimage:20210610 for platform testsValentin Rothberg2021-12-17
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The quay.io/libpod/testimage:20210610 is known not to change and to remain stable over time. While the same should apply for alpine image on quay.io/libpod, we've seen it flake and return the wrong image. The reasons for that observation are unknown. Fixes: #12631 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12648 from ttys3/fix-generate-kube-env-missingOpenShift Merge Robot2021-12-20
|\ \ \ \ | |_|/ / |/| | | fix(generate): fix up podman generate kube missing env field bug
| * | | fix(generate): fix up podman generate kube missing env field bug荒野無燈2021-12-18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the logic is: if the process env vars key exists in podman default or in image defined, and the value is equal, skip the env var key. the typo make it compare to itself -_- so, here comes the simple fixup. Signed-off-by: 荒野無燈 <ttys3.rust@gmail.com>
* | | | Merge pull request #12626 from vrothberg/may-the-force-be-with-removalDaniel J Walsh2021-12-19
|\ \ \ \ | |/ / / |/| | | image rm: allow for force-remove infra images
| * | | image rm: allow for force-remove infra imagesValentin Rothberg2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Force removal of images will also remove associated containers. Historically, infra containers have been excluded resulting in rather annoying errors, for instance, when running `rmi -af`. Since there is not reasons to exclude infra containers, allow for removing the entire pod when an infra image is force removed. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #12625 from adrianreber/2021-12-16-podman-inspectOpenShift Merge Robot2021-12-17
|\ \ \ \ | |_|/ / |/| | | Add more checkpoint/restore information to 'inspect'
| * | | Test for checkpoint specific inspect fieldsAdrian Reber2021-12-17
| |/ / | | | | | | | | | | | | | | | | | | | | | This extends one of the checkpoint/restore tests to see if the newly introduced checkpoint specific fields in 'inspect' work as intended. Signed-off-by: Adrian Reber <areber@redhat.com>
* | | Merge pull request #12622 from flouthoc/return_exit_code_for_buildOpenShift Merge Robot2021-12-17
|\ \ \ | | | | | | | | build: relay `exitcode` from imagebuildah to registry
| * | | tests: adjust old build test to expect exit codeAditya Rajan2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Old build tests were expecting genric error code `125` however another commit in this PR ensures that we relay exact exit code from build to registry. Hence adjusting tests Signed-off-by: Aditya Rajan <arajan@redhat.com>
| * | | build: relay exitcode from imagebuildah to registryAditya Rajan2021-12-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman does not relay exit code from buildah instead returns a generic error code `125`. Following PR allows `podman` to relay exit code from `imagebuildah` to `registry` as it is. Signed-off-by: Aditya Rajan <arajan@redhat.com>
* | | | Removed .service file for healthchecksBrent Baude2021-12-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | when a container with healthchecks exits due to stopping or failure, we need the cleanup process to remove both the timer file and the service file. Bz#:2024229 Signed-off-by: Brent Baude <bbaude@redhat.com>