| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
Add support for multiple CNI networks in podman inspect
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When inspecting containers, info on CNI networks added to the
container by name (e.g. --net=name1) should be displayed
separately from the configuration of the default network, in a
separate map called Networks.
This patch adds this separation, improving our Docker
compatibility and also adding the ability to see if a container
has more than one IPv4 and IPv6 address and more than one MAC
address.
Fixes #4907
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
9f69c4eca (part of the f31 pr, #3091) semi-broke the kill test,
there's now an ugly warning:
setup(): removing stray images quay.io/libpod/fedora-minimal:latest 7bb5a60e8a78
The comments also didn't actually explain the problem
being addressed, and included a misleading reference
to busybox.
Here we switch to using fedora-minimal only with podman-remote,
clean it up (rmi) when finished, and include an explanation in
the comments about why this is needed; making it clear that
this workaround can be removed once we get rid of podman-remote.
We also reformat back to 80 columns.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
spec: allow container alias name in lookup
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Previously --uts=container: expected the full container ID.
Closes: https://github.com/containers/libpod/issues/5289
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
curb flakes in integration tests
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
instead of searching the fedora registry which is error prone, we instead search a local registry for the empty set search.
when running two containers with the same IP, i suspect the first container has not fully gotten its ip information back from cni when the second container fires. rework this test such that we use nginx to make sure the container is up and running before continues which should pace the subsequent test.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \
| | |
| | | |
Cirrus: Support testing with F31
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's possible/likely the container image for the test will need to be
pulled as part of the `run` command. Due to the way BATS handles
output, messages regarding image-pull could be misinterpreted as the
container's CID. Force the CID to be obtained by only the last line of
output.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Recommended as part of:
https://github.com/containers/libpod/issues/5004
and
https://github.com/containers/crun/issues/230
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sometime between 10th and 23rd of Feb. 2020, the behavior of crun
changed. Upon consulting with Giuseppe, the podman run tests for
`device-read-*` and `device-write-*` do not depend on the container
output for success, only the exit code. Add a comment and conditional
regarding this in case of cgroupsv2. Also noted that these tests
will likely require future refactoring/simplification.
Signed-off-by: Chris Evich <cevich@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looks like /libpod/pods/create has been fixed to return an
actual pod ID. Extend those tests.
Also, update timeout in the server command: it's now seconds,
not milliseconds.
Also, update FIXME comments in /pods/prune . Still doesn't
work, but clarify what we're seeing.
Also, add a new test that runs ten /info requests and
barfs if it takes more than 5 seconds.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
fix port list by container with port
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
1) Help message for podman port was missing [PORT]
2) Add test for 'podman port'. And, actually, an entire
networking test that I'd written some weeks ago but
apparently didn't 'git add'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |/
|
|
|
|
|
|
| |
Now support --no-healthcheck option to disable defined healthchecks in a container image. --health-cmd=none remains supported as well.
Fixes: #5299
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
Flake fix: race condition in same-IP test
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The "create two containers with the same IP" test failed:
https://api.cirrus-ci.com/v1/task/5992323062431744/logs/integration_test.log#t--Podman-create-two-containers-with-the-same-IP
...
(basically, expected error exit code, got 0)
Analysis: the sequence is 'start test1, start test2'. Perhaps it's
possible that 'podman start' exits before the test1 container has
an IP address assigned? There are no checks in the test, so it's
impossible to know what happened.
Solution: add a wait-loop invoking 'podman inspect', waiting
for a nonempty IP address on test 1; then assert that it's
what we expect it to be.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Use cleaned destination path for indexing image volumes
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We use filepath.Clean() to remove trailing slashes to ensure that
when we supercede image mounts with mounts from --volume and
--mount, paths are consistent when we compare. Unfortunately,
while we used the cleaned path for the destination in the mount,
it was accidentally not used to index the maps that we use to
identify what to supercede, so our comparisons might be thrown
off by trailing slashes and similar.
Fixes #5219
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
...to try to compensate for flaky host.
registry.fedoraproject.org is just not reliable. It's flaking
with 503 errors, causing massive amounts of wasted CI time
and developer effort.
There is exactly one instance of that registry in these tests.
We can't replace it with quay.io, because "search quay.io/"
(trailing slash) fails with some sort of authentication error.
So let's just try a sleep/retry cycle instead.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Great timing: this new test collided against #5268, which added
a warning about using command-line --password. CI is now going
to fail all over.
Fix: rework test to use --password-stdin. Am doing so only
in the places where output string is checked; other instances
can keep using '--password xxx' because it's simpler.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Looks like a bit of a misunderstanding from early on.
Docker implements --filter=since=IMAGE. Podman implements 'after'
instead of 'since'. Add an equivalent case statement to handle
both, keeping 'after' because we have no way of knowing if it
is used in the field.
Update documentation ... and fix what looks like a complete
misinterpretation of what the code actually does: the man page
claimed that these were time fields, but I don't see any
possible incantation in which a time value works or could
work. Updated docs to reflect IMAGE usage. Also changed
nonworking '==' to single '='.
Added tests. [UPDATE: skip with broken podman-remote]
Fixes: #5040
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \
| | |
| | | |
Add network opts to pods
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Enables most of the network-related functionality from
`podman run` in `podman pod create`. Custom CNI networks can be
specified, host networking is supported, DNS options can be
configured.
Also enables host networking in `podman play kube`.
Fixes #2808
Fixes #3837
Fixes #4432
Fixes #4718
Fixes #4770
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Test podman login/logout, login with wrong credentials,
auth file contents, auth file path override, push/pull,
and, if skopeo is installed, credentials sharing
Fixes: #4283
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
fix #5146
Insted of using a registry as mandatory parameter, this path allows podman to use the first registry from registries.conf.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |/
|
|
|
|
|
| |
Support printing image IDs via `--format "{{.ImageID}}"`.
Fixes: #5160
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We attempted to share all logic for parsing labels and
environment variables, which on the surface makes lots of sense
(both are formatted key=value so parsing logic should be
identical) but has begun to fall apart now that we have added
additional logic to environment variable handling. Environment
variables that are unset, for example, are looked up against
environment variables set for the process. We don't want this for
labels, so we have to split parsing logic.
Fixes #3854
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
| |
Add pkg/signal to deal with parts of signal processing and translating
signals from string to numeric representations. The code has been
copied from docker/docker (and attributed with the copyright) but been
reduced to only what libpod needs (on Linux).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
Only set --all when a status filter is given to ps
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The changes in #5075 turn out to be too aggressive; we should
only be setting --all if a status= filter is given. Otherwise
only running containers are filtered.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
podman play kube was ignoring the
imageData.Config
Volumes
WorkingDir
Labels
StopSignal
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \
| | |
| | | |
images --format compatible with docker
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
This patch lets valid values of --format be compatible with docker. Replace CreatedTime with CreatedAt, Created with CreatedSince.
Keep CreatedTime and Created are valid as hidden options.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
use quay.io/libpod/fedora-minimal for reliability
|
| | | |/
| |/|
| | |
| | | |
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
support device-cgroup-rule
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
fix #4876
Add `--device-cgroup-rule` to podman create and run. This enables to add device rules after the container has been created.
Signed-off-by: Qi Wang <qiwan@redhat.com>
|
| |\ \ \
| | | |
| | | | |
Do not copy up when volume is not empty
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When Docker performs a copy up, it first verifies that the volume
being copied into is empty; thus, for volumes that have been
modified elsewhere (e.g. manually copying into then), the copy up
will not be performed at all. Duplicate this behavior in Podman
by checking if the volume is empty before copying.
Furthermore, move setting copyup to false further up. This will
prevent a potential race where copy up could happen more than
once if Podman was killed after some files had been copied but
before the DB was updated.
This resolves CVE-2020-1726.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| | |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Lots has changed since I first checked this in:
* Switch to new podman system service invocation
* /containers API has changed drastically
* /pods API has some fixes; check for them (e.g.
container-exists is now 409 Conflict, not 500)
* One test ('?invalidparam=x') still doesn't work;
comment it out so we can get everything passing.
Also, some work on the test framework itself:
* Cleaner port-open testing (the bash /dev/tcp check).
* Add a 'podman' function to invoke local podman and
log its output.
The above two allow us to:
* Get rid of stderr special-casing
Furthermore:
* t() no longer needs leading '.'; this allows jq
features such as 'length' and perhaps other filters
* special-case handling of 204 and 304: rfc2616 demands
that they return no message body; assert that it is so.
* new root & rootless helper functions (check server)
* remove the "unlikely to work" message for rootless;
it seems to be working fine
* fix pod tests for rootless
* BUT: add a bolder FIXME because the ID field seems wrong
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
The validation logic was failing on properly-formatted changes.
There's already validation in Commit itself, so no need to
duplicate.
Fixes #5148
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
| |
As a follow up of the location fix in #5080 we now add an e2e test for
that use case.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
|
| |
|
|
|
|
|
|
|
|
| |
When we filter, it should be out of all containers, not just
running ones, by default - this is necessary to ensure Docker
compatability.
Fixes #5050
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| |\
| |
| | |
Throw error on invalid sort value
|
| | |
| |
| |
| |
| |
| |
| | |
We define the valid sort values, so we should throw an error
on invalid sort values.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
| |
On F31 CI tests, we have uncovered several failing tests as rootless that need to be fixed. For the interim, we are going to disable those tests. Issue #5006 has been created to track and complete this.
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |
|
|
|
|
|
|
| |
When a container specification has a pull policy, we should honor it when recreating the pods/containers from yaml. furthermore, ini kube, if a tag is :latest, then the always pull policy is automatically instituted.
Fixes: #4880
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
| |\
| |
| | |
inspect image healthchecks
|
| | |
| |
| |
| |
| |
| |
| | |
when a docker image has a defined healthcheck, it should be displayed with inspect. this is only valid for docker images as oci images are not aware of healthchecks.
Fixes: #4799
Signed-off-by: Brent Baude <bbaude@redhat.com>
|
