summaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Skip stats test in CGv1 container environmentsChris Evich2021-08-18
| | | | | | | | | | | | | | | | These tests were originally enabled in a situation where CI provided false-positive results. Now that has been corrected, these tests all fail under a CGv1 container environment with the error: ``` Error: unable to load cgroup at /machine.slice/libpod-e4f...086.scope/libpod_parent/libpod-fbd...425: cgroup deleted ``` This commit simply disables the tests under this specific environment. Signed-off-by: Chris Evich <cevich@redhat.com>
* Fix AVC denials in tests of volume mountsChris Evich2021-08-18
| | | | | | | | | This becomes a problem on hosts with upgraded policies. Ref: https://github.com/containers/podman/issues/10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <cevich@redhat.com>
* Restore buildah-bud test requiring new imagesChris Evich2021-08-18
| | | | | | | Ref: https://github.com/containers/podman/pull/10829#issuecomment-881355983 Signed-off-by: Chris Evich <cevich@redhat.com>
* Merge pull request #11154 from cdoern/imagesPullopenshift-ci[bot]2021-08-16
|\ | | | | Libpod images pull changes
| * Libpod images pull changescdoern2021-08-09
| | | | | | | | | | | | | | | | | | Added quiet param to docs to limit stream output. Formatted JSON. fixes #10612 Signed-off-by: cdoern <cbdoer23@g.holycross.edu> Signed-off-by: cdoern <cdoern@redhat.com>
* | Merge pull request #11169 from cevich/enable_docker_py_testingopenshift-ci[bot]2021-08-16
|\ \ | | | | | | Enable docker-py compat. testing w/ ignored result
| * | Enable docker-py compat. testing w/ ignored resultChris Evich2021-08-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Significant bitrot results in almost immediate test failure. This commit adds only the very basic, bare-minimum needed to get them started. ***TESTING RESULTS ARE IGNORED*** Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #11230 from Luap99/rootless-dnsopenshift-ci[bot]2021-08-16
|\ \ \ | | | | | | | | Fix rootless cni dns without systemd stub resolver
| * | | Fix rootless cni dns without systemd stub resolverPaul Holzinger2021-08-16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a host uses systemd-resolved but not the resolved stub resolver the following symlinks are created: `/etc/resolv.conf` -> `/run/systemd/resolve/stub-resolv.conf` -> `/run/systemd/resolve/resolv.conf`. Because the code uses filepath.EvalSymlinks we put the new resolv.conf to `/run/systemd/resolve/resolv.conf` but the `/run/systemd/resolve/stub-resolv.conf` link does not exists in the mount ns. To fix this we will walk the symlinks manually until we reach the first one under `/run` and use this for the resolv.conf file destination. This fixes a regression which was introduced in e73d4829900c. Fixes #11222 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11228 from mlegenovic/mainopenshift-ci[bot]2021-08-16
|\ \ \ \ | |/ / / |/| | | Fixed healthcheck default values when container created via compat API
| * | | Fixed healthcheck default values when container created via compat APIMilivoje Legenovic2021-08-14
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #11225 Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | rename oneshot initcontainers to onceBrent Baude2021-08-12
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | after the init containers pr merged, it was suggested to use `once` instead of `oneshot` containers as it is more aligned with other terminiology used similarily. [NO TESTS NEEDED] Signed-off-by: Brent Baude <bbaude@redhat.com>
* | | Merge pull request #11203 from rhatdan/codespellopenshift-ci[bot]2021-08-12
|\ \ \ | | | | | | | | Run codespell to fix spelling
| * | | Run codespell to fix spellingDaniel J Walsh2021-08-11
| | | | | | | | | | | | | | | | | | | | | | | | [NO TESTS NEEDED] Just fixing spelling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | For compatibility, ignore Content-TypeJhon Honce2021-08-11
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Endpoint /build logs an info entry when a client uses the wrong Content-Type for build payload. Given Content-Type is ignored and assumed to be "application/x-tar". Endpoint /libpod/build will fail unless "application/x-tar" or "application/tar" is given for Content-Type. "application/tar" will be logged as an info entry. Fixes #11012 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Fix device tests using ls test filesChris Evich2021-08-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `ls` command is not intended for this purpose and may behave in unexpected ways, leading to false positive or negative results. Update the tests to use the purpose built `test` command instead. Also added several *TODO* comments for possible future testing enhancements. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Enhance priv. dev. checkChris Evich2021-08-11
| | | | | | | | | | | | | | | | | | | | | | | | Update test to confirm the negative-case, proving the `--privileged` "option is required" for this character device to be present in a container (including rootless). Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Workaround host availability of /dev/kvmChris Evich2021-08-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This test has been failing for a long time but nobody noticed because CI doesn't have the device node (nested-VM support was disabled). After having enabled nested VM support, tests fail due to some unknown special-handling of this device. Fix both problems by removing the `skip()` and switching to a more generic device which is only present when `--privileged` is used. Signed-off-by: Chris Evich <cevich@redhat.com>
* | | Merge pull request #11173 from jmguzik/pod-ps-until-filteropenshift-ci[bot]2021-08-11
|\ \ \ | | | | | | | | Add until filter to podman pod ps
| * | | Add until filter to podman pod psJakub Guzik2021-08-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds additional until filter to podman pod ps (ls/list). Additionally, it also adds descriptions for podman pod ps filters available via http api. Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
* | | | Merge pull request #10589 from umohnani8/pod-usernsopenshift-ci[bot]2021-08-10
|\ \ \ \ | | | | | | | | | | Add support for pod inside of user namespace.
| * | | | Add support for pod inside of user namespace.Daniel J Walsh2021-08-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the --userns flag to podman pod create and keep track of the userns setting that pod was created with so that all containers created within the pod will inherit that userns setting. Specifically we need to be able to launch a pod with --userns=keep-id Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* | | | Merge pull request #11166 from cevich/skip_cgroup_parent_testDaniel J Walsh2021-08-10
|\ \ \ \ | | | | | | | | | | Skip cgroup-parent test due to frequent flakes
| * | | | Skip cgroup-parent test due to frequent flakesChris Evich2021-08-09
| | |_|/ | |/| | | | | | | | | | | | | | | | | | Ref: https://github.com/containers/podman/issues/11165 Signed-off-by: Chris Evich <cevich@redhat.com>
* | | | skip flaking auto-update testPaul Holzinger2021-08-10
| |_|/ |/| | | | | | | | | | | | | | | | | This test flakes on almost every PR, so skip it for now until someone can fix it, see #11175. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | Merge pull request #11134 from rhatdan/buildxopenshift-ci[bot]2021-08-09
|\ \ \ | |_|/ |/| | Alias build to buildx, so it won't fail
| * | Alias build to buildx, so it won't failDaniel J Walsh2021-08-09
| |/ | | | | | | | | | | Add hidden --load and --progress flag as well. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* / podman info show correct slirp4netns pathPaul Holzinger2021-08-09
|/ | | | | | | | | The slirp4netns path can be set in the config file or with --network-cmd-path. Podman info should read the version information correctly and not use PATH in this case. Also show the slirp4netns version information to root users. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* Merge pull request #11074 from vrothberg/auto-update-rollbackopenshift-ci[bot]2021-08-06
|\ | | | | auto-update: simple rollback
| * auto-update: simple rollbackValentin Rothberg2021-08-05
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for simple rollbacks during `podman auto-update`. Rollbacks are enabled by default. If a systemd unit cannot be restarted after an update, the previous image will be retagged and the unit will be restarted a second time. Add system tests for rollbacks. Also fix a bug in the restart sequence; we have to use the channel to actually know whether the restart was successful or not. NOTE: To make rollbacks really useful, users must run their containers with `--sdnotify=container` such that the containers send the ready message over the (mounted) socket. This way, restarting the systemd units during auto update will block until the message has been received (or a timeout kicked in). Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | personality: Add support for setting execution domain.flouthoc2021-08-06
| | | | | | | | | | | | | | | | | | | | Execution domains tell Linux how to map signal numbers into signal actions. The execution domain system allows Linux to provide limited support for binaries compiled under other UNIX-like operating systems. Reference: https://man7.org/linux/man-pages/man2/personality.2.html Signed-off-by: flouthoc <flouthoc.git@gmail.com>
* | Merge pull request #11011 from baude/initcontainersopenshift-ci[bot]2021-08-05
|\ \ | |/ |/| implement init containers in podman
| * implement init containers in podmanBrent Baude2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | this is the first pass at implementing init containers for podman pods. init containersare made popular by k8s as a way to run setup for pods before the pods standard containers run. unlike k8s, we support two styles of init containers: always and oneshot. always means the container stays in the pod and starts whenever a pod is started. this does not apply to pods restarting. oneshot means the container runs onetime when the pod starts and then is removed. Signed-off-by: Brent Baude <bbaude@redhat.com>
* | Merge pull request #11128 from rhatdan/timezoneopenshift-ci[bot]2021-08-04
|\ \ | | | | | | Handle timezone on server containers.conf
| * | Handle timezone on server containers.confDaniel J Walsh2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | Fixes: https://github.com/containers/podman/issues/11124 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Daniel J Walsh <dwalsh@localhost.localdomain> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Fix podman unpause,pause,kill --all to work like podman stop --allDaniel J Walsh2021-08-04
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently if you execute podman unpause --all, podman pause --all Podman shows attempts to unpause containers that are not paused and prints an error. This PR catches this error and only prints errors if a paused container was not able to be unpaused. Currently if you execute podman pause --all or podman kill --all, Podman Podman shows attempts to pause or kill containers that are not running and prints an error. This PR catches this error and only prints errors if a running container was not able to be paused or killed. Also change printing of multiple errors to go to stderr and to prefix "Error: " in front to match the output of the last error. Fixes: https://github.com/containers/podman/issues/11098 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #11118 from mheon/use_host_resolveconfopenshift-ci[bot]2021-08-04
|\ \ \ | |/ / |/| | Do not add an entry to /etc/hosts with `--net=host`
| * | Do not add an entry to /etc/hosts with `--net=host`Matthew Heon2021-08-04
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | To match Docker's behavior, in the `--net=host` case, we need to use the host's `/etc/hosts` file, unmodified (without adding an entry for the container). We will still respect hosts from `--add-host` but will not make any automatic changes. Fortuntely, this is strictly a matter of removal and refactoring as we already base our `/etc/hosts` on the host's version - just need to remove the code that added entries when net=host was set. Fixes #10319 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #11003 from pascomnet/f_statsopenshift-ci[bot]2021-08-04
|\ \ | | | | | | stats: add a interval parameter to cli and api stats streaming
| * | e2e tests: re-enable and fix podman stats testsThomas Weber2021-08-02
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Renamed podman pod stats test specs to distinguish them from podman stats tests. podman stats tests where disabled by a +build flag. Fix podman stats format test, add negative test. Fix podman stats cli command, exit non-zero on invalid format string. Add tests for podman stats interval flag. Signed-off-by: Thomas Weber <towe75@googlemail.com>
* | | Merge pull request #11104 from jwhonce/bz/1988252openshift-ci[bot]2021-08-04
|\ \ \ | | | | | | | | Only support containers stats using cgroups v2
| * | | Only support containers stats using cgroups v2Jhon Honce2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1988252 Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | | Merge pull request #11114 from mlegenovic/masteropenshift-ci[bot]2021-08-03
|\ \ \ \ | | | | | | | | | | Compat API: Fix healthcheck status and healthcheck config
| * | | | Compat API: Fix healthcheck status and healthcheck configMilivoje Legenovic2021-08-03
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: - Do not show healthcheck status if not available or if container status is "created" (Docker behaviour) - Show healthcheck configuration if present (Config.Healthcheck) Tests: - Ensure State.Health is not present if container status is "created" - Ensure Config.Healthcheck is present and values correct - Ensure State.Health is present if container started Signed-off-by: Milivoje Legenovic <m.legenovic@gmail.com>
* | | | podman info: try qfile before equeryEd Santiago2021-08-03
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | podman info takes >20s on Gentoo, because equery is s..l..o..w. qfile is much faster and, I suspect, present in most Gentoo installations, so let's try it first. And, because packageVersion() was scarily unmaintainable, refactor it. Define a simple (string) list of packaging tools to query (rpm, dpkg, ...) and iterate until we find one that works. IMPORTANT NOTE: the Debian (and, presumably, Ubuntu) query does not include version number! There is no standard way on Debian to get a package version from a file path, you can only do it via pipes of chained commands, and I have no desire to implement that. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #11091 from Luap99/connect-disconnectopenshift-ci[bot]2021-08-03
|\ \ \ | | | | | | | | fix rootless port forwarding with network dis-/connect
| * | | fix rootless port forwarding with network dis-/connectPaul Holzinger2021-08-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The rootlessport forwarder requires a child IP to be set. This must be a valid ip in the container network namespace. The problem is that after a network disconnect and connect the eth0 ip changed. Therefore the packages are dropped since the source ip does no longer exists in the netns. One solution is to set the child IP to 127.0.0.1, however this is a security problem. [1] To fix this we have to recreate the ports after network connect and disconnect. To make this work the rootlessport process exposes a socket where podman network connect/disconnect connect to and send to new child IP to rootlessport. The rootlessport process will remove all ports and recreate them with the new correct child IP. Also bump rootlesskit to v0.14.3 to fix a race with RemovePort(). Fixes #10052 [1] https://nvd.nist.gov/vuln/detail/CVE-2021-20199 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
* | | | Merge pull request #11068 from giuseppe/drop-dir-cgroup-testopenshift-ci[bot]2021-08-03
|\ \ \ \ | |_|/ / |/| | | test: move container process to a sub-cgroup
| * | | test: move container process to a sub-cgroupGiuseppe Scrivano2021-07-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | move the container to a sub-cgroup before creating a sibling hierarchy. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | | | Fix handling of user specified container labelsDaniel J Walsh2021-08-02
| |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we override the SELinux labels specified by the user if the container is runing a kata container or systemd container. This PR fixes to use the label specified by the user. Fixes: https://github.com/containers/podman/issues/11100 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>