summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Fix: unpause not supported for CGv1 rootlessChris Evich2020-12-16
| | | | | | Thanks Ed Santiago <santiago@redhat.com> for the fix. Signed-off-by: Chris Evich <cevich@redhat.com>
* Disable incompatible rootless + CGroupsV1 testsChris Evich2020-12-15
| | | | | | | | | | These tests simply will not work under these conditions. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
* Disable rootless pod stats tests w/ CgroupV1Chris Evich2020-12-15
| | | | | | | | | | | When running as rootless, on a CgroupV1 host these tests all report: `Error: pod stats is not supported in rootless mode without cgroups v2` Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
* Disable CGv1 pod stats on net=host postChris Evich2020-12-15
| | | | | | | | | | | This should be addressed by PR https://github.com/containers/podman/pull/8685 Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
* Disable pod stats tests in containerized Fedora w/ CGroupsV1Chris Evich2020-12-15
| | | | | | | | | | | | | Nearly/all of the 'podman stats' tests fail on Fedora when executing testing inside a container, and CGroupsV1 is used on the host. The typical failure message is of the form `Error: unable to load cgroup at /machine.slice/.../: cgroup deleted`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
* Disable blkio.weight test on UbuntuChris Evich2020-12-15
| | | | | | | | | | | | | | These tests fail with `Error: opening file `io.bfq.weight` for writing: Permission denied: OCI permission denied`. Upon examination of the VMs, it was found the kernel and OS lacks support for the `BFQ` scheduler (which supplies the `weight` option). The only available schedulers are `none` and `mq-deadline`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #8714 from edsantiago/more_journald_rootless_skipsOpenShift Merge Robot2020-12-14
|\ | | | | RHEL gating tests: more journald exceptions
| * RHEL gating tests: more journald exceptionsEd Santiago2020-12-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followup to #8284, due to my not having noticed #8096. RHEL gating tests are failing again due to rhbz#1895105, the one where we can't run journalctl rootless on RHEL. #8284 fixed this for some RHEL builds of older podman, but I missed #8096 which added yet another logs test. This brings us to three journalctl exceptions, which means it gets complicated because I have to refactor it all. **THIS IS NOT SUSTAINABLE**. We need some way to have a similar setup in CI, with a permission-less rootless login, so we don't add yet another logs test some day and discover, months later, that it doesn't work on RHEL and then have to go into crisis mode. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #8696 from Luap99/podman-events-untilOpenShift Merge Robot2020-12-14
|\ \ | | | | | | podman events allow future time for --until
| * | podman events allow future time for --untilPaul Holzinger2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The podman events aren't read until the given timestamp if the timestamp is in the future. It just reads all events until now and exits afterwards. This does not make sense and does not match docker. The correct behavior is to read all events until the given time is reached. This fixes a bug where the wrong event log file path was used when running first time with a new storage location. Fixes #8694 This also fixes the events api endpoint which only exited when an error occurred. Otherwise it just hung after reading all events. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8689 from bblenard/issue-8672-volume-pruneOpenShift Merge Robot2020-12-14
|\ \ \ | |_|/ |/| | Add volume prune --filter support
| * | Add volume prune --filter supportBaron Lenardson2020-12-12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change adds support for the `--filter` / `?filters` arguments on the `podman volume prune` subcommand. * Adds ParseFilterArgumentsIntoFilters helper for consistent Filter string slice handling * Adds `--filter` support to podman volume prune cli * Adds `?filters...` support to podman volume prune api * Updates apiv2 / e2e tests Closes #8672 Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
* | | Merge pull request #8553 from baude/composeciOpenShift Merge Robot2020-12-12
|\ \ \ | | | | | | | | add compose regression to ci
| * | | add compose test descriptionsbaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | adding compose test descriptions and validations. Signed-off-by: baude <bbaude@redhat.com>
| * | | test-compose: rewrite to new subdir formEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | ...in which we use all-local tests Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | add compose regression to cibaude2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | to prevent any regressions, we should be running regression tests using compose. Signed-off-by: baude <bbaude@redhat.com>
| * | | WIP: test docker-composeEd Santiago2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git-fetch a set of docker-compose examples Add a mechanism for 'curl'ing to verify that service is up. For each docker-compose directory: 1) test that it comes up 2) use 'curl' to confirm that the service is up 3) bring it back down Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7718 from QiWang19/sign-multi-archOpenShift Merge Robot2020-12-12
|\ \ \ \ | | | | | | | | | | Sign multi-arch images
| * | | | Sign multi-arch imagesQi Wang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman image sign handles muti-arch images. --all option to create signature for each manifest from the image manifest list. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | | | | Merge pull request #8688 from rhatdan/startOpenShift Merge Robot2020-12-11
|\ \ \ \ \ | |/ / / / |/| | | | Handle --rm when starting a container
| * | | | Handle --rm when starting a containerDaniel J Walsh2020-12-11
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | podman start should follow the same behaviour as podman run when removing a container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #8686 from Luap99/logs-stderrOpenShift Merge Robot2020-12-11
|\ \ \ \ | |_|/ / |/| | | podman logs honor stderr correctly
| * | | podman logs honor stderr correctlyPaul Holzinger2020-12-10
| |/ / | | | | | | | | | | | | | | | | | | | | | Make the ContainerLogsOptions support two io.Writers, one for stdout and the other for stderr. The logline already includes the information to which Writer it has to be written. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8690 from zhangguanzhang/apiv2-wrong-ImgNameOpenShift Merge Robot2020-12-11
|\ \ \ | | | | | | | | Fix Wrong img name used when creating a container from an image which had multi names
| * | | Fix Wrong image tag is used when creating a container from an image with ↵zhangguanzhang2020-12-11
| | | | | | | | | | | | | | | | | | | | | | | | multiple tags Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Fix some network compat api problemsPaul Holzinger2020-12-11
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Network create could panic when used with a json body like this: `{"Name":"net","IPAM":{"Config":[]}}` The network scope for list and inspect should not be empty. It can be swarm, global or local. We only support local networks so hardcode this field to local. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Fix panic in libpod images exists endpointPaul Holzinger2020-12-10
| |/ |/| | | | | | | | | | | | | | | | | The libpod images exists endpoint panics when called with a non existing image and therefore returns 500 as status code instead of the expected 404. A test is added to ensure it is working. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8670 from rhatdan/capsOpenShift Merge Robot2020-12-09
|\ \ | | | | | | Properly handle --cap-add all when running with a --user flag
| * | Properly handle --cap-add all when running with a --user flagDaniel J Walsh2020-12-09
| |/ | | | | | | | | | | | | | | | | | | Handle the ALL Flag when running with an account as a user. Currently we throw an error when the user specifies podman run --user bin --cap-add all fedora echo hello Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8669 from giuseppe/unmask-also-cover-ro-pathsOpenShift Merge Robot2020-12-09
|\ \ | | | | | | security: honor systempaths=unconfined for ro paths
| * | security: honor systempaths=unconfined for ro pathsGiuseppe Scrivano2020-12-09
| |/ | | | | | | | | | | | | | | | | we must honor systempaths=unconfined also for read-only paths, as Docker does: proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | Merge pull request #8653 from rhatdan/buildahOpenShift Merge Robot2020-12-09
|\ \ | | | | | | Honor the --layers flag
| * | Honor the --layers flagDaniel J Walsh2020-12-09
| |/ | | | | | | | | | | | | | | | | Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS environment variable being set is observed. Fixes: https://github.com/containers/podman/issues/8643 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8635 from Luap99/shell-completion-testOpenShift Merge Robot2020-12-09
|\ \ | |/ |/| Add system test for shell completion
| * Add system test for shell completionPaul Holzinger2020-12-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There exists a unit test to ensure that shell completion functions are defined. However there was no check about the quality of the provided shell completions. Lets change that. The idea is to create a general test that makes sure we are suggesting containers,pods,images... for the correct commands. This works by reading the command use line and checking for each arg if we provide the correct suggestions for this arg. It includes the following tests: - flag suggestions if [options] is set - container, pod, image, network, volume, registry completion - path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.) - no completion if there are no args - completion for more than one arg if it ends with `...]` The test does not cover completion values for flags and not every arg KEYWORD is supported. This is still a huge improvement and covers most use cases. This test spotted several inconsistencies between the completion and the command use line. All of them have been adjusted to make the test pass. The biggest advantage is that the completions always match the latest command changes. So if someone changes the arguments for a command this ensures that the completions must be adjusted. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Correct port range logic for port generationMatthew Heon2020-12-08
|/ | | | | | | | | | | | | The existing logic (Range > 0) always triggered, because range is guaranteed to be at least 1 (a single port has a range of 1, a two port range (e.g. 80-81) has a range of 2, and so on). As such this could cause ports that had a host port assigned to them by the user to randomly assign one instead. Fixes #8650 Fixes #8651 Signed-off-by: Matthew Heon <mheon@redhat.com>
* Merge pull request #8642 from jwhonce/issues/8444OpenShift Merge Robot2020-12-08
|\ | | | | Restore json format for fields as well as whole structs
| * Restore json format for fields as well as whole structsJhon Honce2020-12-07
| | | | | | | | | | | | | | | | | | * Add template func to inspect template processing * Added test using repro from #8444 Fixes #8444 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8648 from mheon/fix_7883OpenShift Merge Robot2020-12-08
|\ \ | | | | | | Make `podman stats` slirp check more robust
| * | Make `podman stats` slirp check more robustMatthew Heon2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Just checking for `rootless.IsRootless()` does not catch all the cases where slirp4netns is in use - we actually allow it to be used as root as well. Fortify the conditional here so we don't fail in the root + slirp case. Fixes #7883 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #8630 from umohnani8/sec-optOpenShift Merge Robot2020-12-08
|\ \ \ | |/ / |/| | Add systempaths=unconfined option
| * | Add systempaths=unconfined optionUrvashi Mohnani2020-12-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add the systempaths=unconfined option to --security-opt to match the docker options for unmasking all the paths that are masked by default. Add the mask and unmask options to the podman create doc. Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | Merge pull request #8571 from Luap99/podman-network-reloadOpenShift Merge Robot2020-12-08
|\ \ \ | |_|/ |/| | Implement pod-network-reload
| * | Implement pod-network-reloadMatthew Heon2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new command, 'podman network reload', to reload the networks of existing containers, forcing recreation of firewall rules after e.g. `firewall-cmd --reload` wipes them out. Under the hood, this works by calling CNI to tear down the existing network, then recreate it using identical settings. We request that CNI preserve the old IP and MAC address in most cases (where the container only had 1 IP/MAC), but there will be some downtime inherent to the teardown/bring-up approach. The architecture of CNI doesn't really make doing this without downtime easy (or maybe even possible...). At present, this only works for root Podman, and only locally. I don't think there is much of a point to adding remote support (this is very much a local debugging command), but I think adding rootless support (to kill/recreate slirp4netns) could be valuable. Signed-off-by: Matthew Heon <matthew.heon@pm.me> Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #8639 from Luap99/fix-network-ls-filter-flakeOpenShift Merge Robot2020-12-07
|\ \ \ | | | | | | | | Fix network ls --filter invalid value flake
| * | | Fix network ls --filter invalid value flakePaul Holzinger2020-12-07
| | | | | | | | | | | | | | | | | | | | | | | | The filter is only validated when at least one network exists. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #8581 from baude/kubegenOpenShift Merge Robot2020-12-07
|\ \ \ \ | |/ / / |/| | | generate kube on multiple containers
| * | | generate kube on multiple containersbaude2020-12-07
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | add the ability to add multiple containers into a single k8s pod instead of just one. also fixed some bugs in the resulting yaml where an empty service description was being added on error causing the k8s validation to fail. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8561 from mheon/fix_gatingOpenShift Merge Robot2020-12-07
|\ \ \ | | | | | | | | Do not mount sysfs as rootless in more cases
| * | | Do not mount sysfs as rootless in more casesMatthew Heon2020-12-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't mount sysfs as rootless unless we manage the network namespace. Problem: slirp4netns is now creating and managing a network namespace separate from the OCI runtime, so we can't mount sysfs in many circumstances. The `crun` OCI runtime will automatically handle this by falling back to a bind mount, but `runc` will not, so we didn't notice until RHEL gating tests ran on the new branch. Signed-off-by: Matthew Heon <mheon@redhat.com>