summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #10237 from edsantiago/ci_rootless_add_ubuntuOpenShift Merge Robot2021-05-07
|\ | | | | CI: run rootless tests under ubuntu
| * CI: run rootless tests under ubuntuEd Santiago2021-05-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Reason: to catch errors before they surface in RHEL. One of the Ubuntus is specially crafted to run with cgroups v1 and runc. Although this isn't quite the same as RHEL, it's as close as we can come in our CI environment, and I suspect it would have caught #10234 (a regression). Sorry, team. Also: play kube limits test: skip on all rootless, not just rootless+fedora. There was a complicated and unnecessary check in there for Fedora. Also: workaround for bug #10248, a spurious error message on the first invocation of rootless podman on Ubuntu.Old Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Revert Patch to relabel if selinux not enabledDaniel J Walsh2021-05-06
| | | | | | | | | | | | | | | | | | | | Revert : https://github.com/containers/podman/pull/9895 Turns out that if Docker is in --selinux-enabeled, it still relabels if the user tells the system to, even if running a --privileged container or if the selinux separation is disabled --security-opt label=disable. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #9689 from boaz0/boaz-1OpenShift Merge Robot2021-05-06
|\ \ | |/ |/| add restart-policy to container filters & --filter to podman start
| * Add restart-policy to container filters & --filter to podman startBoaz Shuster2021-05-06
| | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
* | Merge pull request #10246 from zhangguanzhang/compose-static-ipOpenShift Merge Robot2021-05-06
|\ \ | |/ |/| Fixes docker-compose cannot set static ip when use ipam
| * Fixes docker-compose cannot set static ip when use ipamzhangguanzhang2021-05-06
| | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | codespell cleanupDaniel J Walsh2021-05-05
|/ | | | | | [NO TESTS NEEDED] This is just running codespell on podman Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* Merge pull request #10185 from rhatdan/volumeOpenShift Merge Robot2021-05-05
|\ | | | | Add filepath glob support to --security-opt unmask
| * Add filepath glob support to --security-opt unmaskDaniel J Walsh2021-05-04
| | | | | | | | | | | | | | | | Want to allow users to specify --security-opt unmask=/proc/*. This allows us to run podman within podman more securely, then specifing umask=all, also gives the user more flexibilty. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10208 from Luap99/play-kube-macOpenShift Merge Robot2021-05-05
|\ \ | | | | | | add --mac-address to podman play kube
| * | add --mac-address to podman play kubePaul Holzinger2021-05-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --mac-address flag to podman play kube. This is used to specify a static MAC address which should be used for the pod. This option can be specified several times because play kube can create more than one pod. Fixes #9731 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | migrate Podman to containers/common/libimageValentin Rothberg2021-05-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Migrate the Podman code base over to `common/libimage` which replaces `libpod/image` and a lot of glue code entirely. Note that I tried to leave bread crumbs for changed tests. Miscellaneous changes: * Some errors yield different messages which required to alter some tests. * I fixed some pre-existing issues in the code. Others were marked as `//TODO`s to prevent the PR from exploding. * The `NamesHistory` of an image is returned as is from the storage. Previously, we did some filtering which I think is undesirable. Instead we should return the data as stored in the storage. * Touched handlers use the ABI interfaces where possible. * Local image resolution: previously Podman would match "foo" on "myfoo". This behaviour has been changed and Podman will now only match on repository boundaries such that "foo" would match "my/foo" but not "myfoo". I consider the old behaviour to be a bug, at the very least an exotic corner case. * Futhermore, "foo:none" does *not* resolve to a local image "foo" without tag anymore. It's a hill I am (almost) willing to die on. * `image prune` prints the IDs of pruned images. Previously, in some cases, the names were printed instead. The API clearly states ID, so we should stick to it. * Compat endpoint image removal with _force_ deletes the entire not only the specified tag. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | Merge pull request #10199 from edsantiago/system_tests_with_runc_overrideOpenShift Merge Robot2021-05-04
|\ \ \ | |_|/ |/| | System tests: honor $OCI_RUNTIME (for CI)
| * | System tests: honor $OCI_RUNTIME (for CI)Ed Santiago2021-05-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some CI systems set $OCI_RUNTIME as a way to override the default crun. Integration (e2e) tests honor this, but system tests were not aware of the convention; this means we haven't been testing system tests with runc, which means RHEL gating tests are now failing. The proper solution would be to edit containers.conf on CI systems. Sorry, that would involve too much CI-VM work. Instead, this PR detects $OCI_RUNTIME and creates a dummy containers.conf file using that runtime. Add: various skips for tests that don't work with runc. Refactor: add a helper function so we don't need to do the complicated 'podman info blah blah .OCIRuntime.blah' thing in many places. BUG: we leave a tmp file behind on exit. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #8828 from boaz0/closes_8779OpenShift Merge Robot2021-05-04
|\ \ \ | |_|/ |/| | Add --all to podman start
| * | Add --all to podman startBoaz Shuster2021-05-03
| | | | | | | | | | | | | | | Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com> Co-authored-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #10206 from Luap99/fix-9837OpenShift Merge Robot2021-05-04
|\ \ \ | | | | | | | | compat api: Networks must be empty instead of null
| * | | compat api: Networks must be empty instead of nullPaul Holzinger2021-05-04
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | The compat endpoint for container inspect must return {} instead of null for NetworkSettings.Networks. Fixes #9837 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / | system test image: add arm64v8 imageEd Santiago2021-05-03
|/ / | | | | | | | | | | | | | | | | | | | | The RHEL multi-arch team informed me that we were missing aarch64; add it, using the new name (arm64v8). (This is from last week, so the image date tag does not match today's date. I was waiting for confirmation that things were working). Signed-off-by: Ed Santiago <santiago@redhat.com>
* / cgroup: always honor --cgroup-parent with cgroupfsGiuseppe Scrivano2021-05-03
|/ | | | | | | | | if --cgroup-parent is specified, always honor it without doing any detection whether cgroups are supported or not. Closes: https://github.com/containers/podman/issues/10173 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #10063 from ParkerVR/autoupdate-localOpenShift Merge Robot2021-04-29
|\ | | | | Autoupdate Local
| * TODO completeParker Van Roy2021-04-29
| | | | | | | | | | | | | | | | | | | | | | changed struct to policyMapper change "image" to "registry" in multiple locations Updated documentation with registry alias & autoupdate local Added relevant test Signed-off-by: Parker Van Roy <pvanroy@redhat.com>
* | Merge pull request #10155 from pablofsf/fix-default-seccompOpenShift Merge Robot2021-04-28
|\ \ | | | | | | Use seccomp_profile as default profile if defined in containers.conf
| * | Use seccomp_profile as default profile if defined in containers.confPablo Correa Gómez2021-04-28
| | | | | | | | | | | | | | | | | | | | | Edits `podman info` to provide the default seccomp profile detected in the output Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
* | | system tests: networking: fix another race conditionEd Santiago2021-04-28
|/ / | | | | | | | | | | | | Our current #1 flake; this is a simple one: we can't run 'logs' on a container run with '-d --rm'. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10157 from edsantiago/batsOpenShift Merge Robot2021-04-28
|\ \ | |/ |/| System tests: fix two race conditions
| * System tests: fix two race conditionsEd Santiago2021-04-27
| | | | | | | | | | | | | | Basically, add 'podman wait' before 'podman rm'. See if this fixes gating tests run on ppc64le (possibly very very slow hosts) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #10119 from rhatdan/timeoutOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Add podman run --timeout option
| * | Add podman run --timeout optionDaniel J Walsh2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | This option allows users to specify the maximum amount of time to run before conmon sends the kill signal to the container. Fixes: https://github.com/containers/podman/issues/6412 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10137 from cevich/update_ubuntu_2104OpenShift Merge Robot2021-04-27
|\ \ \ | |_|/ |/| | Cirrus: Update Ubuntu images to 21.04
| * | Skip blkio-weight test when no kernel BFQ supportChris Evich2021-04-27
| | | | | | | | | | | | | | | | | | | | | Namely the Ubuntu 21.04 Kernel does not support BFQ. Regardless of the distro. skip this test if the required cgroup node doesn't exist. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Allow docker volume create API to pass without nameDaniel J Walsh2021-04-27
|/ / | | | | | | | | | | | | | | | | The Docker API does not require Volume name to be specified when creating a volume. Fixes: https://github.com/containers/podman/issues/9803 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #10136 from zhangguanzhang/generate-kube-volumeOpenShift Merge Robot2021-04-27
|\ \ | | | | | | Fixes generate kube incorrect when bind-mounting "/" and "/root"
| * | Fixes generate kube incorrect when bind-mounting "/" and "/root"zhangguanzhang2021-04-26
| |/ | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #9941 from Luap99/fix-9828OpenShift Merge Robot2021-04-27
|\ \ | | | | | | Fix rootlesskit port forwarder with custom slirp cidr
| * | Fix rootlesskit port forwarder with custom slirp cidrPaul Holzinger2021-04-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The source ip for the rootlesskit port forwarder was hardcoded to the standard slirp4netns ip. This is incorrect since users can change the subnet used by slirp4netns with `--network slirp4netns:cidr=10.5.0.0/24`. The container interface ip is always the .100 in the subnet. Only when the rootlesskit port forwarder child ip matches the container interface ip the port forwarding will work. Fixes #9828 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #10074 from flouthoc/ancestor-truncate-bugOpenShift Merge Robot2021-04-26
|\ \ \ | | | | | | | | Fix podman ps --filter ancestor to match exact ImageName/ImageID
| * | | Fix podman ps --filter ancestor to match exact ImageName/ImageIDflouthoc2021-04-25
| | |/ | |/| | | | | | | Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | | Fix images prune filter untilJakub Guzik2021-04-26
| | | | | | | | | | | | | | | | | | | | | This commits fixes until filter. It is now checking if the created timestamp is before until filter value as expected in the docs. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | Merge pull request #10081 from sjug/cdi_device_libOpenShift Merge Robot2021-04-26
|\ \ \ | |/ / |/| | Add support for CDI device configuration
| * | Add support for CDI device configurationSebastian Jug2021-04-20
| | | | | | | | | | | | | | | | | | | | | | | | - Persist CDIDevices in container config - Add e2e test - Log HasDevice error and add additional condition for safety Signed-off-by: Sebastian Jug <seb@stianj.ug>
* | | Parse slirp4netns net options with compat apiPaul Holzinger2021-04-23
| |/ |/| | | | | | | | | | | | | | | Parse the slirp4netns network options when called via compat api. The options must be extracted from the NetworkMode string. Fixes #10110 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #9495 from rhatdan/groupsOpenShift Merge Robot2021-04-22
|\ \ | | | | | | Add '--group-add keep-groups': supplementary groups into container
| * | Add --group-add keep-groups: suplimentary groups into containerDaniel J Walsh2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have rootless users who want to leak their groups access into containers, but this group access is only able to be pushed in by a hard to find OCI Runtime annotation. This PR makes this option a lot more visable and hides the complexity within the podman client. This option is only really needed for local rootless users. It makes no sense for remote clients, and probably makes little sense for rootfull containers. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | Fixes from make codespellDaniel J Walsh2021-04-21
| | | | | | | | | | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #10102 from edsantiago/batsOpenShift Merge Robot2021-04-21
|\ \ \ | | | | | | | | corrupt-image test: fix an oops
| * | | corrupt-image test: fix an oopsEd Santiago2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #10033: actually implement the system reset test. And, just out of paranoia, extend the warning-message check. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #10088 from rhatdan/no-headersOpenShift Merge Robot2021-04-21
|\ \ \ \ | |_|/ / |/| | | Add --noheading flag to all list commands
| * | | Add --noheading flag to all list commandsDaniel J Walsh2021-04-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have only podman images list --noheading. This PR Adds this option to volumes, containers, pods, networks, machines, and secrets. Fixes: https://github.com/containers/podman/issues/10065 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>