If the RunAsUser, RunAsGroup, SupplementalGroups settings are not
overriden in the container security context, then take the value from
the pod security context.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Commit b58e7e7f11 was not fully rebased before merging and is now
breaking CI because commit 69c479b16e made the underlying error
visible. Using journald inside the container tests is not supported.
Fixes#14162
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
currently tags cause a panic due to an uninitialized map. Initialize the map
and add parsing to make sure we are only tagging with journald
resolves#13356
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Pulling the K8s pause image seems unnecessarily expensive to me. Let's
use the testgitest_v2s2 one which is under our control and weighs only a
couple of KB.
This cut the execution time in less than half on my machine. Since it's
network bound and I am running on fibre, I expect more significant speed
ups in slower networks.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Squash the --quiet test into another one. The test was more complex
than necessary and can easily be squashed into another one to avoid one
more expensive pull.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Once upon a time, the tests actually pulled from Docker Hub. This has
changed with the rate limits, so we can safely remove the redundant
tests to speed up CI.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rather than assuming a filesystem path, the API service URI is recorded
in the libpod runtime configuration and then reported as requested.
Note: All schemes other than "unix" are hard-coded to report URI exists.
Fixes#12023
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
podman system reset did not clean up machines fully, leaving some config
files, and breaking machines. Now it removes all machines files fully.
Signed-off-by: Ashley Cui <acui@redhat.com>
Polish the push and pull benchmarks. In particular, make sure to not be
network bound during these benchmarks by running a local registry and
pushing a local image that can later on be pulled.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
since the network config is a string map, json.unmarshal does not recognize
the config and spec as the same entity, need to map this option manually
resolves#13713
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
The test has been broken since it was added 4 years ago. Instead of
using hardcoded paths we should use tmp files.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The errcheck linter makes sure that errors are always check and not
ignored by accident. It spotted a lot of unchecked errors, mostly in the
tests but also some real problem in the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Two for this error:
invalid indirect of pod.Spec.DNSConfig.Options[0]
...and one for a gofmt error (spaces).
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is a very late followup to my ginkgo-improving work of 2021.
It has been stuck since December because it requires gomega 1.17,
which we've just enabled.
This commit is simply a copy-paste of a command I saved in
my TODO list many months ago:
sed -i -e 's/Expect(\([^ ]\+\)\.\([a-zA-Z0-9]\+\))\.To(Equal(/Expect(\1).To(HaveField(\"\2\", /' test/e2e/*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
We need to use the host network when it is set in the config and
--network was not used.
This regression was added in 3e9af2029f.
Fixes#14015
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We should not exclude contianers by name. If a users has a container
with the name "inf" it is currently skipped. This is wrong. The k8s yaml
does not contain infra containers so we do not have to skip them.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The linter ensures a common code style.
- use switch/case instead of else if
- use if instead of switch/case for single case statement
- add space between comment and text
- detect the use of defer with os.Exit()
- use short form var += "..." instead of var = var + "..."
- detect problems with append()
```
newSlice := append(orgSlice, val)
```
This could lead to nasty bugs because the orgSlice will be changed in
place if it has enough capacity too hold the new elements. Thus we
newSlice might not be a copy.
Of course most of the changes are just cosmetic and do not cause any
logic errors but I think it is a good idea to enforce a common style.
This should help maintainability.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add more benchmarks for the most common and performance-critical image
commands. Benchmarks for `podman build` should go into a separate
section.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
[skip ci]
While chasing a flake, I discovered that our alpine_nginx
image is broken: it returns 404 on all requests. We never
caught this because--surprise!--curl exits 0 even when
server returns 4xx/5xx status.
Let's be strict: add -f (--fail) option to all invocations
of curl.
And, although I couldn't identify the root cause of the
flake (in "run two containers with the same IP" test),
I can at least fix the broken wait-for-nginx loop, bump
up the number of retries, and improve diagnostics on
failure. And add a strict error-message check.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This reverts commit cc3790f332.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
golint, scopelint and interfacer are deprecated. golint is replaced by
revive. This linter is better because it will also check for our error
style: `error strings should not be capitalized or end with punctuation or a newline`
scopelint is replaced by exportloopref (already endabled)
interfacer has no replacement but I do not think this linter is
important.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Because /etc/hosts is shared for all containers with a shared network
namespace you should not be able to add hosts from a joined container.
Only the primary netns container can set the hosts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the new logic from c/common to create the hosts file. This will help
to better allign the hosts files between buildah and podman.
Also this fixes several bugs:
- remove host entries when container is stopped and has a netNsCtr
- add entries for containers in a pod
- do not duplicate entries in the hosts file
- use the correct slirp ip when an userns is used
Features:
- configure host.containers.internal entry in containers.conf
- configure base hosts file in containers.conf
Fixes#12003Fixes#13224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Giuseppe Scrivano
OpenShift Merge Robot
Paul Holzinger
cdoern
Valentin Rothberg
Daniel J Walsh
Ashley Cui
Jhon Honce
Ed Santiago
Chris Evich
aonoa