aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #7590 from edsantiago/batsOpenShift Merge Robot2020-09-10
|\ | | | | system tests: cleanup
| * system tests: cleanupEd Santiago2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - run tests: better "skip" message for docker-archive test; remove FIXME, document that podman-remote doesn't support it - run tests: instrument the --conmon-pidfile test in hopes of tracking down flake #7580: cross-check pidfile against output of 'podman inspect', and add some debug messages that will only be seen on test failure. - load tests: the pipe test: save and load a temporary tag, not $IMAGE. Primary reason is because of #7371, in which 'podman load' assigns a new image ID (instead of preserving the saved one). This messes with our image management, and it turns out to be nonfixable. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | Merge pull request #7541 from mheon/modify_groupOpenShift Merge Robot2020-09-10
|\ \ | |/ |/| Make an entry in /etc/group when we modify /etc/passwd
| * Make an entry in /etc/group when we modify /etc/passwdMatthew Heon2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To ensure that the user running in the container ahs a valid entry in /etc/passwd so lookup functions for the current user will not error, Podman previously began adding entries to the passwd file. We did not, however, add entries to the group file, and this created problems - our passwd entries included the group the user is in, but said group might not exist. The solution is to mirror our logic for /etc/passwd modifications to also edit /etc/group in the container. Unfortunately, this is not a catch-all solution. Our logic here is only advanced enough to *add* to the group file - so if the group already exists but we add a user not a part of it, we will not modify that existing entry, and things remain inconsistent. We can look into adding this later if we absolutely need to, but it would involve adding significant complexity to this already massively complicated function. While we're here, address an edge case where Podman could add a user or group whose UID overlapped with an existing user or group. Also, let's make users able to log into users we added. Instead of generating user entries with an 'x' in the password field, indicating they have an entry in /etc/shadow, generate a '*' indicating the user has no password but can be logged into by other means e.g. ssh key, su. Fixes #7503 Fixes #7389 Fixes #7499 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
* | Merge pull request #7577 from rhatdan/runlabel1OpenShift Merge Robot2020-09-10
|\ \ | | | | | | podman container runlabel should pull the image if it does not exist
| * | podman container runlabel should pull the image if it does not existDaniel J Walsh2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since --pull is deprecated, remove it from help and hide if from --help Also set it to true by default. Share image pull code betweern podman image pull and podman container runlabel. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7578 from giuseppe/join-userns-reuse-mappingsOpenShift Merge Robot2020-09-10
|\ \ \ | | | | | | | | libpod: read mappings when joining a container userns
| * | | libpod: read mappings when joining a container usernsGiuseppe Scrivano2020-09-10
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | when joining an existing container user namespace, read the existing mappings so the storage can be created with the correct ownership. Closes: https://github.com/containers/podman/issues/7547 Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
* | | Merge pull request #7460 from AkihiroSuda/allow-rootless-cniOpenShift Merge Robot2020-09-10
|\ \ \ | | | | | | | | rootless: support `podman network create` (CNI-in-slirp4netns)
| * | | rootless: support `podman network create` (CNI-in-slirp4netns)Akihiro Suda2020-09-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usage: ``` $ podman network create foo $ podman run -d --name web --hostname web --network foo nginx:alpine $ podman run --rm --network foo alpine wget -O - http://web.dns.podman Connecting to web.dns.podman (10.88.4.6:80) ... <h1>Welcome to nginx!</h1> ... ``` See contrib/rootless-cni-infra for the design. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
* | | | Merge pull request #7574 from vrothberg/fix-7117OpenShift Merge Robot2020-09-10
|\ \ \ \ | | | | | | | | | | remote run: consult events for exit code
| * | | | remote run: consult events for exit codeValentin Rothberg2020-09-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After attaching to a container, we wait for the container to finish and return its exit code. Waiting for the container may not always succeed, for instance, when the container has been force removed by another process. In such case, we have to look at the *last* container-exit event. Also refactor the `ContainerRun` method a bit to return early on errors and de-spaghetti the code. Enable the remote-disabled system test. Fixes: #7117 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | | Merge pull request #7536 from Luap99/api-network-filterOpenShift Merge Robot2020-09-10
|\ \ \ \ \ | |_|_|/ / |/| | | | APIv2 Add network list filtering
| * | | | APIv2 Add network list filteringPaul Holzinger2020-09-07
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the filter option to the libpod endpoint. Add support for the name filter on the docker endpoint. Add apiv2 tests for the network list endpoints. Enable podman network integration tests for remote. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7575 from rhatdan/runlabelOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Fix podman container runlabel --display
| * | | | Fix podman container runlabel --displayDaniel J Walsh2020-09-09
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current podman container runlabel --display is being ignored. This is just supposed to display the command that would be run, and then exit, but instead is actually running the command. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877186 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7573 from rhatdan/oomOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Make oom-score-adj actually work
| * | | | Make oom-score-adj actually workDaniel J Walsh2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | During the redesign of podman 2.0, we dropped the support for --oom-score-adj. Test for this flag was bogus and thus passing when it was broken. Basically just need to set the value in the spec. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877187 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7572 from vrothberg/fix-7135OpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | remote kill: don't wait for the container to stop
| * | | | remote kill: don't wait for the container to stopValentin Rothberg2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Invert the branch logic to match the comment. Docker seems to wait for the container while Podman does not. Enable the remote-disabled system test as well. Fixes: #7135 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7570 from rhatdan/logfileOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Fix podman build --logfile
| * | | | Fix podman build --logfileDaniel J Walsh2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently this command blows up because it closes the file descriptor before doing the build. Add tests to make sure we don't regress. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1877188 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7571 from vrothberg/fix-7157OpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | generate systemd: catch `--name=foo`
| * | | | generate systemd: catch `--name=foo`Valentin Rothberg2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The systemd generator looks for certain flags in the containers' create commands to determine which flags need to be added. In case of named containers, the generator adds the `--replace` flag to prevent name conflicts at container creation. Fix the generator to not only cover the `--name foo` syntax but also the `--name=foo` one. Fixes: #7157 Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7568 from rhatdan/latestOpenShift Merge Robot2020-09-09
|\ \ \ \ | | | | | | | | | | Fix podman ps -l
| * | | | Fix podman ps -lDaniel J Walsh2020-09-09
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the --latest flag is ignored by podman ps command. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1877182 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | | Merge pull request #7569 from zhangguanzhang/fix-apiv2-top-response-two-valueOpenShift Merge Robot2020-09-09
|\ \ \ \ | |/ / / |/| | | fix APIv2 pods top of non-exist pod gets two response value
| * | | fix APIv2 pods top of non-exist pod gets two response valuezhangguanzhang2020-09-09
| | | | | | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | | | Merge pull request #6811 from vrothberg/multi-image-archivesOpenShift Merge Robot2020-09-09
|\ \ \ \ | |_|_|/ |/| | | podman load/save: support multi-image docker archive
| * | | support multi-image (docker) archivesValentin Rothberg2020-09-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Support loading and saving tarballs with more than one image. Add a new `/libpod/images/export` endpoint to the rest API to allow for exporting/saving multiple images into an archive. Note that a non-release version of containers/image is vendored. A release version must be vendored before cutting a new Podman release. We force the containers/image version via a replace in the go.mod file; this way go won't try to match the versions. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | | | Merge pull request #7564 from Luap99/remote-subcmds-usageOpenShift Merge Robot2020-09-08
|\ \ \ \ | | | | | | | | | | Don't setup the Image/ContainerEngine when calling a cmd with subcmds
| * | | | Don't setup the Image/ContainerEngine when calling a cmd with subcmdsPaul Holzinger2020-09-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is no need to setup the image and container engine when calling a command with subcommands since we only print a usage message. e.g `podman`,`podman container` This also allows the remote client to show the usage message on these commands without a running endpoint. I added a test for this. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | | | Merge pull request #7534 from edsantiago/batsOpenShift Merge Robot2020-09-08
|\ \ \ \ | | | | | | | | | | Migrate away from docker.io
| * | | | Migrate away from docker.ioEd Santiago2020-09-08
| |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CI and system tests currently pull some images from docker.io. Eliminate that, by: - building a custom image containing much of what we need for testing; and - copying other needed images to quay.io (Reason: effective 2020-11-01 docker.io will limit the number of image pulls). The principal change is to create a new quay.io/libpod/testimage, using the new test/system/build-testimage script, instead of relying on quay.io/libpod/alpine_labels. We also switch to using a hardcoded :YYYYMMDD tag, instead of :latest, in an attempt to futureproof our CI. This image includes 'httpd' from busybox-extras, which we use in our networking test (previously we had to pull and run busybox from docker.io). The testimage can and should be extended as needed for future tests, e.g. adding test file content or other useful tools. For the '--pull' tests which require actually pulling from the registry, I've created an image with the same name but tagged :00000000 so it will never be pulled by default. Since this image is only used minimally, it's just busybox. Unfortunately there remain two cases we cannot solve in this tiny alpine-based image: 1) docker registry 2) systemd For those, I've (manually) run: podman pull [ docker.io/library/registry:2.7 | registry.fedoraproject.org/fedora:31 ] podman tag !$ quay.io/... podman push !$ ...and amended the calling tests accordingly. I've tried to make the the smallest reasonable diff, not the smallest possible one. I hope it's a reasonable tradeoff. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Merge pull request #7538 from edsantiago/cap_test_robustOpenShift Merge Robot2020-09-08
|\ \ \ \ | |/ / / |/| | | Update VM images for new crun; adapt Cap tests to work with new kernel
| * | | WIP: update VM imagesEd Santiago2020-09-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (This is an adoption of #7533 because Brent is on PTO). Pick up new crun and crio-runc. Also: renames from useful fedora-32 and -31 to less-useful names; presumably this is needed by something-something in the new VM setup. Also: tweak two e2e tests to more properly handle a kernel (5.8.4) with a greater set of capabilities than what we or crun can yet handle. Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | | Fix unconfined AppArmor profile usage for unsupported systemsSascha Grunert2020-09-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we select "unconfined" as AppArmor profile, then we should not error even if the host does not support it at all. This behavior has been fixed and a corresponding e2e test has been added as well. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | Merge pull request #7437 from openSUSE/rmOpenShift Merge Robot2020-09-06
|\ \ \ \ | | | | | | | | | | Just use `rm` for helper command to remove storage
| * | | | Just use `rm` for helper command to remove storageSascha Grunert2020-08-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows to use any kind of `rm` in `$PATH` for the system tests. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
* | | | | Merge pull request #7329 from Luap99/generate-systemd-remoteOpenShift Merge Robot2020-09-05
|\ \ \ \ \ | |_|/ / / |/| | | | APIv2 add generate systemd endpoint
| * | | | APIv2 add generate systemd endpointPaul Holzinger2020-09-02
| | |_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for generating systemd units via the api and podman-remote. Change the GenerateSystemdReport type to return the units as map[string]string with the unit name as key. Add `--format` flag to `podman generate systemd` to allow the output to be formatted as json. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* / | | We should not be mounting /run as noexec when run with --systemdDaniel J Walsh2020-09-02
|/ / / | | | | | | | | | | | | | | | | | | The system defaults /run to "exec" mode, and we default --read-only mounts on /run to "exec", so --systemd should follow suit. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #7426 from Edward5hen/apiv2-containers-testOpenShift Merge Robot2020-09-02
|\ \ \ | | | | | | | | APIv2 test: add more tests for containers
| * | | APIv2 test: add more tests for containersEdward Shen2020-09-01
| | | | | | | | | | | | | | | | Signed-off-by: Edward Shen <weshen@redhat.com>
* | | | Ensure rootless containers without a passwd can startMatthew Heon2020-08-31
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We want to modify /etc/passwd to add an entry for the user in question, but at the same time we don't want to require the container provide a /etc/passwd (a container with a single, statically linked binary and nothing else is perfectly fine and should be allowed, for example). We could create the passwd file if it does not exist, but if the container doesn't provide one, it's probably better not to make one at all. Gate changes to /etc/passwd behind a stat() of the file in the container returning cleanly. Fixes #7515 Signed-off-by: Matthew Heon <mheon@redhat.com>
* | / handle play kube with pod.spec.hostAliaseszhangguanzhang2020-08-31
| |/ |/| | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>
* | Merge pull request #7494 from haircommander/play-kube-socketOpenShift Merge Robot2020-08-31
|\ \ | | | | | | play kube: handle Socket HostPath type
| * | play kube: handle Socket HostPath typePeter Hunt2020-08-28
| | | | | | | | | | | | | | | | | | as well as add test cases for it and the other HostPath types we currently support Signed-off-by: Peter Hunt <pehunt@redhat.com>
* | | Merge pull request #7469 from zhangguanzhang/generate-kube-with-ExtraHostsOpenShift Merge Robot2020-08-28
|\ \ \ | |/ / |/| | fix podman generate kube with HostAliases
| * | fix podman generate kube with HostAliaseszhangguanzhang2020-08-27
| | | | | | | | | | | | Signed-off-by: zhangguanzhang <zhangguanzhang@qq.com>