[skip ci]
While chasing a flake, I discovered that our alpine_nginx
image is broken: it returns 404 on all requests. We never
caught this because--surprise!--curl exits 0 even when
server returns 4xx/5xx status.
Let's be strict: add -f (--fail) option to all invocations
of curl.
And, although I couldn't identify the root cause of the
flake (in "run two containers with the same IP" test),
I can at least fix the broken wait-for-nginx loop, bump
up the number of retries, and improve diagnostics on
failure. And add a strict error-message check.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This reverts commit cc3790f332.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
Do not use a list of statuses outside of libpod to validate container
statuses. Removing status was never added to the list.
Fixes: https://github.com/containers/podman/issues/13986
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Starting the podman service in debug-mode causes aardvark to run in
debug mode. This does unexpected things with file-descriptors leading
to a test-hang. Thanks to @Luap99 for the fix.
Signed-off-by: Chris Evich <cevich@redhat.com>
golint, scopelint and interfacer are deprecated. golint is replaced by
revive. This linter is better because it will also check for our error
style: `error strings should not be capitalized or end with punctuation or a newline`
scopelint is replaced by exportloopref (already endabled)
interfacer has no replacement but I do not think this linter is
important.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Because /etc/hosts is shared for all containers with a shared network
namespace you should not be able to add hosts from a joined container.
Only the primary netns container can set the hosts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we connect or disconnect from a network we also have to update
/etc/hosts to ensure we only have valid entries in there.
This also fixes problems with docker-compose since this makes use of
network connect/disconnect.
Fixes#12533
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When we lookup the hostname for a given container we have to check if
the container is joined to another utsns and use this hostname then
instead.
This fixes a problem where the `hostname` command would use the correct
name but /etc/hostname would contain a different name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use the new logic from c/common to create the hosts file. This will help
to better allign the hosts files between buildah and podman.
Also this fixes several bugs:
- remove host entries when container is stopped and has a netNsCtr
- add entries for containers in a pod
- do not duplicate entries in the hosts file
- use the correct slirp ip when an userns is used
Features:
- configure host.containers.internal entry in containers.conf
- configure base hosts file in containers.conf
Fixes#12003Fixes#13224
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Following commit ensures that csv escaping is supported while using
inline `--mount=type=......` flag with `podman run` by using
`encoding/csv` to parse options instead of performing a `split.String(`
by `comma`.
Closes: https://github.com/containers/podman/issues/13922
Signed-off-by: Aditya R <arajan@redhat.com>
When run on an F36 host using netavark/aardvark-dns, for whatever
underlying reason most checkpoint/restore tests are emitting an error
similar to:
`criu: Symbol `__rseq_offset' has different size in shared object,
consider re-linking`
This extraneous output is causing the basic checkpoint system test to
fail. Since, all other testing of checkpoint/restore feature is
passing (also with the extraneous message) loosen the system test
sensitivity to match.
Signed-off-by: Chris Evich <cevich@redhat.com>
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
From a security point of view, it would be nice to be able to map a
rootless usernamespace that does not use your own UID within the
container.
This would add protection against a hostile process escapping the
container and reading content in your homedir.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It seems this breaks older version of `podman-remote` users hence it
looks like this patch would be a better candidate for podman `5.0`
Problem
* Client with `4.0` cannot interact with a server of `4.1`
Plan this patch for podman `5.0`
This reverts commit 0cebd158b6.
Signed-off-by: Aditya R <arajan@redhat.com>
On F36 / podman 4, at the time of this commit there is no
`/etc/containers/storage.conf` installed by default. Since the
test volume-mounts this file into the container, it was failing. Fix
this by using a conditional volume-mount based on the file existing (or
not).
Signed-off-by: Chris Evich <cevich@redhat.com>
When this option was added to the e2e tests, there was no CI Automation
support for running remote tests w/ netavark. When added, many
e2e test errors/failures are generated due to this option not being
valid for the remote client. Fix this in the tests by conditionally
adding the option if the test is running the remote client.
Signed-off-by: Chris Evich <cevich@redhat.com>
Problem: the system test 'is()' checker was poorly thought out.
For example, there is no way to check for inequality or for
absence of a substring.
Solution, step 1: introduce new assert(), copied almost verbatim
from buildah, where it has been successful in addressing the
gaps in is().
The logical next step is to search the tests for 'die' and
for 'run', looking for negative assertions which we can
replace with assert(). There were a lot, and in the process
I found a number of ugly bugs in the tests themselves. I've
taken the liberty of fixing these.
Important note: at this time we have both assert() and is().
Replacing all instances of is() would be impossible to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The patch introduces the following test cases:
1. An attempt to checkpoint a container that does not exist should fail.
2. Checkpoint of a running container with --create-image should create a
checkpoint image.
3. A single checkpoint image can be used to restore multiple containers,
each with a different name.
4. Restoring multiple containers from checkpoint images with a single
restore command.
Signed-off-by: Radostin Stoyanov <radostin@redhat.com>
Add a proof of concept for benchmarking Podman. The benchmarks are
implemented by means of the end-to-end test suite but hidden behind
a `benchmarks` build tag. Running `make localbenchmarks` will run
`test/e2e` with the specific build tag and set ginkgo's "focus" to
the specific "Podman Benchmark Suite" to only run this spec and skip
all others.
ginkgo will print a report before terminating listing the CPU and memory
stats for each benchmark. New benchmarks can easily be added via the
`newBenchmark` function that also supports adding an `init()` function
to each benchmark which allows for performing certain setups for the
specific benchmark. For instance, benchmarking `podman start` requires
creating a container beforehand.
Podman may be called more than once in the main function of a benchmark
but note that the displayed memory consumption is then a sum of all
Podman invocations. The memory consumption is collected via
`/usr/bin/time`.
A benchmark's report is split into CPU and memory as displayed below:
```
[CPU] podman images:
Fastest Time: 0.146s
Slowest Time: 0.187s
Average Time: 0.180s ± 0.015s
[MEM] podman images:
Smallest: 41892.0KB
Largest: 42792.0KB
Average: 42380.7KB ± 286.4KB
```
Note that the benchmarks are not wired into the CI yet. They are meant
as a proof of concept. More benchmarks and the plumbing into CI will
happen in a later change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
in specgen, CLI path uses the given memory limit to define the swap value (if not already specified)
add a route to this piece of code from within the api handlers
resolves#13145
Signed-off-by: cdoern <cdoern@redhat.com>
Ed Santiago
OpenShift Merge Robot
Ashley Cui
Paul Holzinger
aonoa
Daniel J Walsh
Chris Evich
Aditya R
cdoern
Radostin Stoyanov
Valentin Rothberg