aboutsummaryrefslogtreecommitdiff
path: root/test
Commit message (Collapse)AuthorAge
* Merge pull request #8143 from aojea/dualOpenShift Merge Robot2020-11-10
|\ | | | | enable ipv6 networks
| * skip ipv6 e2e tests on rootlessAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | The IPv6 e2e tests on the CI for rootles mode fails because it needs the ip6tables modules loaded. Example error: stdout="", stderr="failed to list chains: running [/sbin/ip6tables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory\nip6tables v1.8.4 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)\nPerhaps ip6tables or your kernel needs to be upgraded.\n\n" Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * add e2e test for network with same subnetAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | add e2e test that checks that is not possible to create different networks with the same subnet, in IPv6 neither in IPv4 Signed-off-by: Antonio Ojea <aojea@redhat.com>
| * enable ipv6 network configuration optionsAntonio Ojea2020-11-10
| | | | | | | | | | | | | | | | | | | | | | | | | | enable the ipv6 flag in podman network to be able to create dual-stack networks for containers. This is required to be compatible with docker, where --ipv6 really means dual stack. podman, unlike docker, support IPv6 only containers since 07e3f1bba9674c0cb93a0fa260930bfebbf75728. Signed-off-by: Antonio Ojea <aojea@redhat.com>
* | Merge pull request #8270 from andylibrian/log-driver-option-for-play-kubeOpenShift Merge Robot2020-11-10
|\ \ | | | | | | Add --log-driver to play kube
| * | Add --log-driver to play kubeAndy Librian2020-11-08
| | | | | | | | | | | | | | | | | | addresses #6604 Signed-off-by: Andy Librian <andylibrian@gmail.com>
* | | Merge pull request #8286 from baude/dnsnamecleanupOpenShift Merge Robot2020-11-10
|\ \ \ | |_|/ |/| | make network name uniq for dnsname tests
| * | make network name uniq for dnsname testsbaude2020-11-09
| | | | | | | | | | | | | | | | | | | | | | | | ed identified that the dnsname integration test does not use a unique name and therefore cannot be cleaned up. this was made worse by a improper defer statement to remove the network should the test fail. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8284 from edsantiago/batsOpenShift Merge Robot2020-11-10
|\ \ \ | | | | | | | | system tests: skip journald tests on RHEL8
| * | | system tests: skip journald tests on RHEL8Ed Santiago2020-11-09
| | |/ | |/| | | | | | | | | | | | | | | | | | | (actually, on any system exhibiting the symptom wherein journalctl fails due to insufficient permissions, which for all practical purposes means only RHEL8) Signed-off-by: Ed Santiago <santiago@redhat.com>
* | | Merge pull request #8236 from jwhonce/jira/run-976OpenShift Merge Robot2020-11-09
|\ \ \ | |_|/ |/| | Update CI tests to run python docker library against API
| * | Update CI tests to run python docker library against APIJhon Honce2020-11-09
| |/ | | | | | | | | | | | | | | | | | | | | * Update reference to docker-py to docker to reflect change in library name * Update tests to create storage sandbox * Enable all tests that endpoints support * Refactor containers/{id}/rename to return 404 not 500 * Refactor tests to use quay.io vs. docker.io Signed-off-by: Jhon Honce <jhonce@redhat.com>
* / Add support for podman search --format jsonPaul Holzinger2020-11-09
|/ | | | | | Fixes #8274 Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* Merge pull request #8185 from rhatdan/mountOpenShift Merge Robot2020-11-05
|\ | | | | Add support for mounting external containers
| * Add support for mounting external containersDaniel J Walsh2020-11-04
| | | | | | | | | | | | | | | | | | Continue progress on use of external containers. This PR adds the ability to mount, umount and list the storage containers whether they are in libpod or not. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8238 from joelsmith/masterOpenShift Merge Robot2020-11-05
|\ \ | |/ |/| Use regex for "pod ps" name filter to match "ps" behavior
| * Use regex for "pod ps" name filter to match "ps" behaviorJoel Smith2020-11-03
| | | | | | | | Signed-off-by: Joel Smith <joelsmith@redhat.com>
* | Use ping from alpineChris Evich2020-11-04
| | | | | | | | | | | | | | | | | | | | | | As of this commit, in Fedora 33, without without `CAP_NET_ADMIN` and `CAP_NET_RAW`, require setting `net.ipv3.ping_group_range` in order for the `ping` command to work inside a container. However, not all images `ping` are created equal. For whatever reason, the busybox version in the busybox container image, does not function. Switch to the Alpine image's busybox ping, which seems to work fine. Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #8225 from ↵OpenShift Merge Robot2020-11-04
|\ \ | |/ |/| | | | | debarshiray/wip/rishi/exec_test-use-containsubstring Improve error messages from failing tests
| * Improve error messages from failing testsDebarshi Ray2020-11-03
| | | | | | | | | | | | | | | | | | | | Using a function like ContainSubstring or Equal is better because if the test fails it will log a descriptive error that includes the actual string generated during the test. This is more helpful than a function like BeTrue that will only indicate that an assertion failed without giving further details of the failure. Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | Merge pull request #8232 from ashley-cui/volfiltOpenShift Merge Robot2020-11-03
|\ \ | | | | | | Make volume filters inclusive
| * | Make volume filters inclusiveAshley Cui2020-11-03
| | | | | | | | | | | | | | | | | | | | | | | | When using multiple filters, return a volume that matches any one of the used filters, rather than matching both of the filters. This is for compatibility with docker's cli, and more importantly, the apiv2 compat endpoint Closes #6765 Signed-off-by: Ashley Cui <acui@redhat.com>
* | | Merge pull request #8204 from jwhonce/jira/run-976OpenShift Merge Robot2020-11-03
|\ \ \ | |_|/ |/| | Add test/apiv2/rest_api tests to make target
| * | Add test/apiv2/rest_api tests to make targetJhon Honce2020-11-02
| |/ | | | | | | | | | | | | | | * renamed old API tests to not be discovered, they do not pass * Updated the API tests to use a pristine storage configuration * Skipped attach test, it needs to be re-written Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | Merge pull request #8231 from baude/fedorarootlesscpulimitOpenShift Merge Robot2020-11-03
|\ \ | | | | | | fedora rootless cpu settings
| * | fedora rootless cpu settingsbaude2020-11-03
| | | | | | | | | | | | | | | | | | | | | fedora does not have the the ability in rootless to set cpu limits. this requires a simple fix for fedora 33 to pass ci tests. Signed-off-by: baude <bbaude@redhat.com>
* | | Merge pull request #8226 from ↵OpenShift Merge Robot2020-11-03
|\ \ \ | |/ / |/| | | | | | | | debarshiray/wip/rishi/toolbox_test-userns-keepid-HOME Test $HOME when it's parent is bind mounted with --userns=keep-id
| * | Test $HOME when it's parent is bind mounted with --userns=keep-idDebarshi Ray2020-11-03
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When --userns=keep-id is used, Podman is supposed to set up the home directory of the user inside the container to match that on the host as long as the home directory or any of its parents are marked as volumes to be bind mounted into the container. Currently, the test only considers the case where the home directory itself is bind mounted into the container. It doesn't cover the Podman code that walks through all the bind mounts looking for ancestors in case the home directory itself wasn't specified as a bind mount. Therefore, this improves the existing test added in commit 6ca8067956128585 ("Setup HOME environment when using --userns=keep-id") Note that this test can't be run as root. The home directory of the root user is /root, and it's parent is /. Bind mounting the entire / from the host into the container prevents it from starting: Error: openat2 ``: No such file or directory: OCI not found Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
* | specgen: keep capabilities with --userns=keep-idGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | | | if --userns=keep-id is specified and not --user is specified, take the unprivileged capabilities code path so that ambient capabilities are honored in the container. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: fix check for root userGiuseppe Scrivano2020-11-02
| | | | | | | | | | | | | | if the username is specified in the USER:GROUP form, make sure we only check for USER. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* | specgen: add support for ambient capabilitiesGiuseppe Scrivano2020-11-02
|/ | | | | | | | | | if the kernel supports ambient capabilities (Linux 4.3+), also set them when running with euid != 0. This is different that what Moby does, as ambient capabilities are never set. Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
* Merge pull request #8203 from Luap99/fix-8194OpenShift Merge Robot2020-10-31
|\ | | | | Fix dnsname when joining a different network namespace in a pod
| * Fix dnsname when joining a different network namespace in a podPaul Holzinger2020-10-30
| | | | | | | | | | | | | | | | | | | | When creating a container in a pod the podname was always set as the dns entry. This is incorrect when the container is not part of the pods network namespace. This happend both rootful and rootless. To fix this check if we are part of the pods network namespace and if not use the container name as dns entry. Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
* | Merge pull request #8100 from QiWang19/mirror-manifestOpenShift Merge Robot2020-10-31
|\ \ | | | | | | manifest list inspect single image
| * | manifest list inspect single imageQi Wang2020-10-30
| |/ | | | | | | | | | | If the image name not a manifest list type, enable manifest inspect to return manifest of single image manifest type vnd.docker.distribution.manifest.v2+json. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8201 from QiWang19/search-limitOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Remove search limit since pagination support
| * | Remove search limit since pagination supportQi Wang2020-10-30
| |/ | | | | | | | | | | Remove the search limit check since the c/image v5.6.0 supports pagination and can give result over 100 entries. Signed-off-by: Qi Wang <qiwan@redhat.com>
* | Merge pull request #8177 from rhatdan/wrapOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Stop excessive wrapping of errors
| * | Stop excessive wrapping of errorsDaniel J Walsh2020-10-30
| |/ | | | | | | | | | | | | | | | | | | | | | | Most of the builtin golang functions like os.Stat and os.Open report errors including the file system object path. We should not wrap these errors and put the file path in a second time, causing stuttering of errors when they get presented to the user. This patch tries to cleanup a bunch of these errors. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8187 from jwhonce/wip/tableOpenShift Merge Robot2020-10-30
|\ \ | | | | | | Restore --format table header support
| * | Restore --format table header supportJhon Honce2020-10-29
| | | | | | | | | | | | Signed-off-by: Jhon Honce <jhonce@redhat.com>
* | | Pod's that share the IPC Namespace need to share /dev/shmDaniel J Walsh2020-10-30
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | Containers that share IPC Namespaces share each others /dev/shm, which means a private /dev/shm needs to be setup for the infra container. Added a system test and an e2e test to make sure the /dev/shm is shared. Fixes: https://github.com/containers/podman/issues/8181 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | Merge pull request #8174 from rhatdan/errorsOpenShift Merge Robot2020-10-29
|\ \ | | | | | | Podman often reports OCI Runtime does not exist, even if it does
| * | Podman often reports OCI Runtime does not exist, even if it doesDaniel J Walsh2020-10-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the OCI Runtime tries to set certain settings in cgroups it can get the error "no such file or directory", the wrapper ends up reporting a bogus error like: ``` Request Failed(Internal Server Error): open io.max: No such file or directory: OCI runtime command not found error {"cause":"OCI runtime command not found error","message":"open io.max: No such file or directory: OCI runtime command not found error","response":500} ``` On first reading of this, you would think the OCI Runtime (crun or runc) were not found. But the error is actually reporting message":"open io.max: No such file or directory Which is what we want the user to concentrate on. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* | | Merge pull request #8146 from vrothberg/image-mountsOpenShift Merge Robot2020-10-29
|\ \ \ | |_|/ |/| | new "image" mount type
| * | new "image" mount typeValentin Rothberg2020-10-29
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new "image" mount type to `--mount`. The source of the mount is the name or ID of an image. The destination is the path inside the container. Image mounts further support an optional `rw,readwrite` parameter which if set to "true" will yield the mount writable inside the container. Note that no changes are propagated to the image mount on the host (which in any case is read only). Mounts are overlay mounts. To support read-only overlay mounts, vendor a non-release version of Buildah. Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
* | Merge pull request #8165 from edsantiago/move_from_dockerioOpenShift Merge Robot2020-10-29
|\ \ | |/ |/| Move from docker.io
| * move from docker.ioEd Santiago2020-10-28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Followon to #7965 (mirror registry). mirror.gcr.io doesn't cache all the images we need, and I can't find a way to add to its cache, so let's just use quay.io for those images that it can't serve. Tools used: skopeo copy --all docker://docker.io/library/alpine:3.10.2 \ docker://quay.io/libpod/alpine:3.10.2 ...and also: docker.io/library/alpine:3.2 docker.io/library/busybox:latest docker.io/library/busybox:glibc docker.io/library/busybox:1.30.1 docker.io/library/redis:alpine docker.io/libpod/alpine-with-bogus-seccomp:label docker.io/libpod/alpine-with-seccomp:label docker.io/libpod/alpine_healthcheck:latest docker.io/libpod/badhealthcheck:latest Since most of those were new quay.io/libpod images, they required going in through the quay.io GUI, image, settings, Make Public. Signed-off-by: Ed Santiago <santiago@redhat.com>
| * Cirrus: Use google mirror for docker.ioChris Evich2020-10-28
| | | | | | | | Signed-off-by: Chris Evich <cevich@redhat.com>
* | Merge pull request #8081 from mheon/pod_degradedOpenShift Merge Robot2020-10-28
|\ \ | |/ |/| Add a Degraded state to pods