| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
top: parse ps(1) args correctly
|
| | |
| |
| |
| |
| |
| |
| | |
The arguments of ps(1) should be shlexed.
Fixes: #12452
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \
| | |
| | | |
More BeTrue cleanup
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
...done manually, not via sed, because some of the inner
expressions include nested commas.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Write a BeValidJSON() matcher, and replace IsJSONOutputValid():
sed -i -e 's/Expect(\(.*\)\.IsJSONOutputValid()).To(BeTrue())/Expect(\1.OutputToString())\.To(BeValidJSON())/' test/e2e/*_test.go
(Plus a few manual tweaks)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
tunnel: allow `remote` and `API` to accept `--secrets`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prevents temp secrets leaking into image by moving it away from context
directory to parent builder directory. Builder directory automatically
gets cleaned up when we are done with the build.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
Podman remote must treat build secrets as part of context directory. If
secret path is absolute path on host copy it to tar file and pass it to
remote server.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |\ \
| | |
| | | |
systemd: replace multi-user with default.target
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Replace `multi-user.target` with `default.target` across the code base.
It seems like the multi-user one is not available for (rootless) users
on F35 anymore is causing issues in all kinds of ways, for instance,
enabling the podman.service or generated systemd units.
Fixes: #12438
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-names
Fixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
fix: parsing of HostConfig.Mounts for container create
|
| | |
| |
| |
| | |
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |/
|
|
|
|
| |
...and fix problems found therewith.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
Returning 500 when copying to read-only destination.
Signed-off-by: Matej Vasek <mvasek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
improve the heuristic to detect the scope that was created for the container.
This is necessary with systemd running as PID 1, since it moves itself
to a different sub-cgroup, thus stats would not account for other
processes in the same container.
Closes: https://github.com/containers/podman/issues/12400
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\
| |
| | |
continue e2e test cleanup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
That previous commit made me wonder if there are any other
instances of Expect() with no assertions.
grep Expect test/e2e/*_test.go |egrep -v '\.(To|NotTo|Should)'
...finds a couple of handfuls, most of which are OK (continued
on the next line) but a few of which are bugs. Fix those.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
These were NOPs, and were testing the wrong thing (pod ID,
not container ID). Fixed manually.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| | |
via: sed -i -e 's/Expect(StringInSlice(\(.*\), \(.*\))).To(BeTrue())/Expect(\2)\.To(ContainElement(\1))/' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Continue eliminating GrepString() and BeTrue(), in tiny
incremental steps. Here I take the liberty of refactoring
some hard-to-read code by adding a helper.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
| |
This should fix the SELinux issue we are seeing with talking to
/run/systemd/private.
Fixes: https://github.com/containers/podman/issues/12362
Also unset the XDG_RUNTIME_DIR if set, since we don't know when running
as a service if this will cause issue.s
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\
| |
| | |
Support env variables based on ConfigMaps sent in payload
|
| | |
| |
| |
| |
| |
| | |
Fixes #12363
Signed-off-by: Jakub Dzon <jdzon@redhat.com>
|
| |\ \
| | |
| | | |
compat: Add subnet mask behind IP address to match Docker API
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Ambrose Chua <ambrose@hey.com>
|
| |\ \ \
| | | |
| | | | |
podman-remote does not support signature-policy
|
| | |/ /
| | |
| | |
| | |
| | |
| | | |
Fixes: https://github.com/containers/podman/issues/12357
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \
| |_|/
|/| | |
image lookup: do not match *any* tags
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For reasons buried in the history of Podman, looking up an untagged
image would match any tag of matching image. For instance, looking up
centos would match a local image centos:foobar. Change that behavior
to only match the latest tag.
Fix: #11964
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
generate systemd: add --start-timeout flag
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new flag to set the start timeout for a generated systemd unit.
To make naming consistent, add a new --stop-timeout flag as well and let
the previous --time map to it.
Fixes: #11618
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Commit 2 of 2: there were (still are?) a bunch of string
checks that didn't have a corresponding Expect(). IIUC
that means they were NOPs. Try to identify and fix those.
The first few were caught by Go linting, "ok is defined
but not used". When I realized the problem, I looked for
more using:
$ ack -A2 LineInOutputStartsWith
...and tediously eyeballing the results, looking for
matches in which the next line was not Expect(). If
test was wrong (e.g. "server" should've been "nameserver"),
fix that.
Also: remove the remove-betrue script. We don't need it
in the repo, I just wanted to preserve it for posterity.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Many ginkgo tests have been written to use this evil form:
GrepString("foo")
Expect(that to BeTrue())
...which yields horrible useless messages on failure:
false is not true
Identify those (automatically, via script) and convert to:
Expect(output to ContainSubstring("foo"))
...which yields:
"this output" does not contain substring "foo"
There are still many BeTrue()s left. This is just a start.
This is commit 1 of 2. It includes the script I used, and
all changes to *.go are those computed by the script.
Commit 2 will apply some manual fixes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Rename pod on generate of container
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When generating kube of a container, the podname and container name in
the yaml are identical. This offends rules in podman where pods and
containers cannot have the same name. We now append _pod to the
podname to avoid that collision.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Semiperiodic cleanup of obsolete Skip()s
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Found by my find-obsolete-skips script. Let's see which, if any,
of these skipped tests can be reenabled.
Some Skips are "this will never work", not "this is expected to
work one day". Update the message on those to reflect that.
Some were real bugs in the test framework. Fix those.
And, joy of joys, some work today. Remove those skips.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | | |
adrianreber/2021-11-18-restore-runtime-verification
Restore runtime verification
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
On container restore ensures that the same container runtime is used as
during checkpointing and it also ensures that the user does not select
a different runtime.
Signed-off-by: Adrian Reber <areber@redhat.com>
|
| |/
|
|
| |
Signed-off-by: Colin Bendell <colin@bendell.ca>
|
| |
|
|
|
|
|
|
| |
Use a substring matching the end of the error message.
Closes: #12366
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| |\
| |
| | |
System tests: new checkpoint test
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Includes a test for the stdout-goes-away bug (crun #756).
Skip on Ubuntu due to a many-months-old kernel bug that
keeps getting fixed and then un-fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
filters: add basic pattern matching for label keys i.e `--filter label=<pattern>`
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Following PR adds basic pattern matching to filter by labels for `keys`.
Adds support for use-cases like `--filter label=some.prefix.com/key/*`
where end-users want to match a pattern for keys as compared to exact
value.
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| | | |
| | |
| | |
| | | |
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Support `checkpoint --pre-checkpoint`
* Support `checkpoint --with-previous`
* Disable `restore --import-previous` for the remote client since we had
to send two files which in turn would require to tar them up and hence
be a breaking change. Podman 4.0 would be the chance and I hope we'll
find time before that to remote-restore prettier.
Note that I did not run over swagger yet to check whether all parameters
are actually documented due to time constraints.
Fixes: #12334
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Our fedora-minimal image on Quay bases on fedora-minimal:latest which
starting with F35 removed a number of binaries that our CI depends on.
Fix that by pulling `fedora-minimal:34` from the Fedora registry
directly.
Once the build bot on Quay has been disabled, we move the image over
there to make sure that it will not change over time.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
