summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* System tests: fix racy podman-inspectEd Santiago2021-04-14
| | | | | | | | Add 'podman wait' between kill & inspect. Fixes: #9751 Signed-off-by: Ed Santiago <santiago@redhat.com>
* System tests: setup: better cleanup of stray imagesEd Santiago2021-04-13
| | | | | | | | | | | | | | | | Fix a corner case in basic_setup(), where we rmi stray images. If a test tags $IMAGE and fails to rmi by tag name, cleanup could rmi both tag name and IID, wiping out the desired image: podman tag $IMAGE foo ... cleanup: rmi foo $FOO_IID [this removes $IMAGE!] Solution: rmi by name, but only rmi by IID if != $IMAGE. TOTH to ypu for bringing this to my attention. Signed-off-by: Ed Santiago <santiago@redhat.com>
* Merge pull request #9996 from giuseppe/disable-cgroupfs-rootless-on-cgroup-v2OpenShift Merge Robot2021-04-12
|\ | | | | cgroup: do not set cgroup parent when rootless and cgroupfs
| * cgroup: do not set cgroup parent when rootless and cgroupfsGiuseppe Scrivano2021-04-12
| | | | | | | | | | | | | | | | | | do not set the cgroup parent when running as rootless with cgroupfs, even if cgroup v2 is used. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1947999 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | [CI:DOCS] Correct status code for /pods/createJhon Honce2021-04-12
|/ | | | | | | | | | Swagger documentation reported that the API endpoint /pods/create returned 200 while the as-built code returned 201. 201 is more correct so documentation updated. Tests already checked for 201 so no updated needed. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Merge pull request #9969 from jwhonce/wip/manifestsOpenShift Merge Robot2021-04-12
|\ | | | | Update manifest API endpoints
| * Update manifest API endpointsJhon Honce2021-04-09
| | | | | | | | | | | | | | | | | | | | | | | | * Add validation for manifest name * Always return an array for manifests even if empty * Add missing return in df handler when returning error. Caused an additional null to be written to client crashing python decoder. When c/image is refactored to include manifests, manifest endpoints should be revisited. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #9935 from EduardoVega/5788-kube-volumeOpenShift Merge Robot2021-04-12
|\ \ | | | | | | Add support for play/generate kube PersistentVolumeClaims and Podman volumes
| * | Add support for play/generate kube volumesEduardo Vega2021-04-09
| | | | | | | | | | | | Signed-off-by: Eduardo Vega <edvegavalerio@gmail.com>
* | | Merge pull request #9950 from Luap99/unshare-rootless-cniOpenShift Merge Robot2021-04-12
|\ \ \ | | | | | | | | podman unshare: add --rootless-cni to join the ns
| * | | podman unshare: add --rootless-cni to join the nsPaul Holzinger2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new --rootless-cni option to podman unshare to also join the rootless-cni network namespace. This is useful if you want to connect to a rootless container via IP address. This is only possible from the rootless-cni namespace and not from the host namespace. This option also helps to debug problems in the rootless-cni namespace. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #9977 from edsantiago/bud_simplifyOpenShift Merge Robot2021-04-12
|\ \ \ \ | |_|_|/ |/| | | buildah-bud tests: simplify
| * | | buildah-bud tests: simplifyEd Santiago2021-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Experience this week has shown that managing .diff files is too difficult for humans, and too fragile. Opportunities for errors abound. So, let's try to minimize the diffs. We can't eliminate the diffs to helpers.bash: those are true code changes that are absolutely required for running tests using podman instead of buildah. We need to carry those ourselves: they are not appropriate for the buildah repo itself. What we can do is simplify the patching of bud.bats. That is fragile, because bud.bats changes often, and context- sensitive git patch files can easily get confused. Recognizing that the changes to bud.bats fall under two types: - tests that are skipped - tests in which podman error messages differ from buildah's ...we now have a new script, apply-podman-deltas, which is (I hope) much user-friendlier. It understands two directives: errmsg - alter the expected error message skip - skip a test Both operate based on a bats test name. The test name must match exactly. These directives use 'sed' to update bud.bats. If any directive fails, the script will keep going (so you get as many errors as possible in a run), then exits failure. Instructions (README.md) now explain the process for dealing with all expected test failures. (Sneak checkin: add '--filter=NAME' option to test runner, allowing for targeted and much shorter test runs). Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #9971 from jwhonce/wip/dfOpenShift Merge Robot2021-04-08
|\ \ \ \ | |/ / / |/| | | Add missing return
| * | | Add missing returnJhon Honce2021-04-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | libpod df handler missing a return after writing error to client. This caused a null to be appended to JSON and crashed python decoder. Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #9970 from baude/cispeedOpenShift Merge Robot2021-04-08
|\ \ \ \ | | | | | | | | | | speed up CI handling of images
| * | | | speed up CI handling of imagesbaude2021-04-07
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | now that ci uses cached images, putting the large toolbox image into cache should help speed up tests. Signed-off-by: baude <bbaude@redhat.com>
* | | | Merge pull request #9958 from jmguzik/limit-prune-filters-for-volumesOpenShift Merge Robot2021-04-07
|\ \ \ \ | |/ / / |/| | | Volumes prune endpoint should use only prune filters
| * | | Volumes prune endpoint should use only prune filtersJakub Guzik2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Volumes endpoints for HTTP compat and libpod APIs allowed usage of list HTTP endpoint filter funcs. Documentation in case of compat API does not allow that. This commit aligns code with the documentation and also ligns libpod with compat API. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9962 from edsantiago/podman_remote_archOpenShift Merge Robot2021-04-07
|\ \ \ \ | |_|/ / |/| | | Handle podman-remote --arch, --platform, --os
| * | | Update buildah-bud diffsEd Santiago2021-04-07
| | | | | | | | | | | | | | | | Signed-off-by: Ed Santiago <santiago@redhat.com>
| * | | Handle podman-remote --arch, --platform, --osDaniel J Walsh2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman remote should be able to handle remote specification of arches. Requires: https://github.com/containers/buildah/pull/3116 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
| * | | buildah-bud tests: handle go pseudoversions, plus...Ed Santiago2021-04-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle go pseudoversions, e.g. a custom non-released buildah used during testing of a PR. This will be something like: v1.20.1-0.20210402144408-36a37402d0c8 ...and it makes it impossible (AFAIK) to do a shallow checkout; we need to do a full clone of buildah, then git-checkout the SHA (last element of the long string above). FIXME: this is great for testing, but we almost certainly want some way to block this PR from merging, don't we? And, while testing this, found and fixed three bugs: - quote "$failhint" when echoing it on failure; otherwise we lose original whitespace. - invoke git-am with --reject! This makes it SO MUCH EASIER to identify the failing part of our patch! - sigh: generate the make-new-buildah-diffs helper *BEFORE* we try git-am! Otherwise, duh, if git-am fails we have no way to help the developer create a new diff file. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #9955 from edsantiago/batsOpenShift Merge Robot2021-04-07
|\ \ \ \ | | | | | | | | | | System tests: special case for RHEL: require runc
| * | | | System tests: special case for RHEL: require runcEd Santiago2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As discussed in watercooler 2021-04-06: make sure that RHEL8 and CentOS are using runc. Using crun is probably a packaging error that should be caught early. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | | Fix flaking rootless compose testPaul Holzinger2021-04-07
| |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The compose port test is flaking with an empty curl result. The curl retry does not work properly. Given the the tests never expect an empty result lets just wait one second and retry again. Unfortunately there is no way for me to actually verify if this will fix the flake. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | rootless cni add /usr/sbin to PATH if not presentPaul Holzinger2021-04-06
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | The CNI plugins need access to iptables in $PATH. On debian /usr/sbin is not added to $PATH for rootless users. This will break rootless cni completely. To prevent breaking existing users add /usr/sbin to $PATH in podman if needed. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #9754 from mheon/add_depOpenShift Merge Robot2021-04-06
|\ \ \ | |/ / |/| | Add --requires flag to podman run/create
| * | Add --requires flag to podman run/createMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Podman has, for a long time, had an internal concept of dependency management, used mainly to ensure that pod infra containers are started before any other container in the pod. We also have the ability to recursively start these dependencies, which we use to ensure that `podman start` on a container in a pod will not fail because the infra container is stopped. We have not, however, exposed these via the command line until now. Add a `--requires` flag to `podman run` and `podman create` to allow users to manually specify dependency containers. These containers must be running before the container will start. Also, make recursive starting with `podman start` default so we can start these containers and their dependencies easily. Fixes #9250 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #9942 from mheon/fix_9919OpenShift Merge Robot2021-04-06
|\ \ \ | |_|/ |/| | Ensure that `--userns=keep-id` sets user in config
| * | Ensure that `--userns=keep-id` sets user in configMatthew Heon2021-04-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | One of the side-effects of the `--userns=keep-id` command is switching the default user of the container to the UID of the user running Podman (though this can still be overridden by the `--user` flag). However, it did this by setting the UID and GID in the OCI spec, and not by informing Libpod of its intention to switch users via the `WithUser()` option. Because of this, a lot of the code that should have triggered when the container ran with a non-root user was not triggering. In the case of the issue that this fixed, the code to remove capabilities from non-root users was not triggering. Adjust the keep-id code to properly inform Libpod of our intention to use a non-root user to fix this. Also, fix an annoying race around short-running exec sessions where Podman would always print a warning that the exec session had already stopped. Fixes #9919 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | | Merge pull request #9933 from jmguzik/network-prune-with-until-testsOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | Http api tests for network prune with until filter
| * | | Http api tests for network prune with until filterJakub Guzik2021-04-04
| | | | | | | | | | | | | | | | Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #9940 from rhatdan/authOpenShift Merge Robot2021-04-05
|\ \ \ \ | | | | | | | | | | Verify existence of auth file if specified
| * | | | Verify existence of auth file if specifiedDaniel J Walsh2021-04-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/9572 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #9911 from rhatdan/storageOpenShift Merge Robot2021-04-05
|\ \ \ \ \ | | | | | | | | | | | | Allow users to override default storage opts with --storage-opt
| * | | | | Allow users to override default storage opts with --storage-optDaniel J Walsh2021-04-05
| | |_|/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We define in the man page that this overrides the default storage options, but the code was appending to the existing options. This PR also makes a change to allow users to specify --storage-opt="". This will turn off all storage options. https://github.com/containers/podman/issues/9852 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | | Merge pull request #9907 from rhatdan/optionsOpenShift Merge Robot2021-04-05
|\ \ \ \ \ | | | | | | | | | | | | Add support for podman --context default
| * | | | | Add support for podman --context defaultDaniel J Walsh2021-04-05
| |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a noop but helps with scripting and docker-compose. Fixes: https://github.com/containers/podman/issues/9806 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / / / / Don't relabel volumes if running in a privileged containerDaniel J Walsh2021-04-05
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Docker does not relabel this content, and openstack is running containers in this manner. There is a penalty for doing this on each container, that is not worth taking on a disable SELinux container. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #9423 from Luap99/rootless-cni-no-infraOpenShift Merge Robot2021-04-05
|\ \ \ \ | |/ / / |/| | | rootless cni without infra container
| * | | Add new docker-compose test for two networksPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | Also fix the tests so we can use the podman function with the output. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Make the docker-compose test work rootlessPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure the DOCKER_SOCK location is accessible by the user when run rootless. Alos set the DOCKER_HOST env var to ensure docker-compose will use the non default location. Cleanup steps such as `rm` or `umount` must be run inside podman unshare otherwise they can fail due missing privileges. Change the curl test to use --retry-all-errors otherwise the tests will flake. The web server inside the container will return http code 500 sometimes, most likely because it is not fully ready to accept connections. With --retry-all-errors curl will retry instead of failing and thus the test will work. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Fix dnsname testPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Enable rootless network connect/disconnectPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With the new rootless cni supporting network connect/disconnect is easy. Combine common setps into extra functions to prevent code duplication. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | Add rootless support for cni and --uidmapPaul Holzinger2021-04-01
| | | | | | | | | | | | | | | | | | | | | | | | This is supported with the new rootless cni logic. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
| * | | rootless cni without infra containerPaul Holzinger2021-04-01
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of creating an extra container create a network and mount namespace inside the podman user namespace. This ns is used to for rootless cni operations. This helps to align the rootless and rootful network code path. If we run as rootless we just have to set up a extra net ns and initialize slirp4netns in it. The ocicni lib will be called in that net ns. This design allows allows easier maintenance, no extra container with pause processes, support for rootless cni with --uidmap and possibly more. The biggest problem is backwards compatibility. I don't think live migration can be possible. If the user reboots or restart all cni containers everything should work as expected again. The user is left with the rootless-cni-infa container and image but this can safely be removed. To make the existing cni configs work we need execute the cni plugins in a extra mount namespace. This ensures that we can safely mount over /run and /var which have to be writeable for the cni plugins without removing access to these files by the main podman process. One caveat is that we need to keep the netns files at `XDG_RUNTIME_DIR/netns` accessible. `XDG_RUNTIME_DIR/rootless-cni/{run,var}` will be mounted to `/{run,var}`. To ensure that we keep the netns directory we bind mount this relative to the new root location, e.g. XDG_RUNTIME_DIR/rootless-cni/run/user/1000/netns before we mount the run directory. The run directory is mounted recursive, this makes the netns directory at the same path accessible as before. This also allows iptables-legacy to work because /run/xtables.lock is now writeable. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | Merge pull request #9928 from pendulm/fix_rootless_socket_activationOpenShift Merge Robot2021-04-05
|\ \ \ | | | | | | | | Fix rootless socket activation
| * | | Move socket activation check into init() and set global condition.pendulm2021-04-05
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | So rootless setup could use this condition in parent and child, child podman should adjust LISTEN_PID to its self PID. Add system test for systemd socket activation Signed-off-by: pendulm <lonependulm@gmail.com>
* / / Fix missing podman-remote build optionsDaniel J Walsh2021-04-02
|/ / | | | | | | | | | | | | | | | | | | | | | | | | Fix handling of SecurityOpts LabelOpts SeccompProfilePath ApparmorProfile Fix Ulimits Fixes: https://github.com/containers/podman/issues/9869 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>