These tests were originally enabled in a situation where CI provided
false-positive results. Now that has been corrected, these tests all
fail under a CGv1 container environment with the error:
```
Error: unable to load cgroup at
/machine.slice/libpod-e4f...086.scope/libpod_parent/libpod-fbd...425:
cgroup deleted
```
This commit simply disables the tests under this specific environment.
Signed-off-by: Chris Evich <cevich@redhat.com>
This becomes a problem on hosts with upgraded policies. Ref:
https://github.com/containers/podman/issues/10522
Also, made a small change to compose-test setup to reduce runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
When playing a kube YAML file, it can be desirable to be able to build
an image on the fly. This is good for development of an image and YAML
files and somewhat mocks what compose does.
Signed-off-by: Brent Baude <bbaude@redhat.com>
after the init containers pr merged, it was suggested to use `once`
instead of `oneshot` containers as it is more aligned with other
terminiology used similarily.
[NO TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
The `ls` command is not intended for this purpose and may behave in
unexpected ways, leading to false positive or negative results. Update
the tests to use the purpose built `test` command instead.
Also added several *TODO* comments for possible future testing
enhancements.
Signed-off-by: Chris Evich <cevich@redhat.com>
Update test to confirm the negative-case, proving the `--privileged`
"option is required" for this character device to be present in a
container (including rootless).
Signed-off-by: Chris Evich <cevich@redhat.com>
This test has been failing for a long time but nobody noticed because CI
doesn't have the device node (nested-VM support was disabled). After
having enabled nested VM support, tests fail due to some unknown
special-handling of this device.
Fix both problems by removing the `skip()` and switching to a more generic
device which is only present when `--privileged` is used.
Signed-off-by: Chris Evich <cevich@redhat.com>
This commit adds additional until filter to podman pod ps (ls/list).
Additionally, it also adds descriptions for podman pod ps filters available
via http api.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Add the --userns flag to podman pod create and keep
track of the userns setting that pod was created with
so that all containers created within the pod will inherit
that userns setting.
Specifically we need to be able to launch a pod with
--userns=keep-id
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Execution domains tell Linux how to map signal numbers into signal actions.
The execution domain system allows Linux to provide limited support for binaries
compiled under other UNIX-like operating systems.
Reference: https://man7.org/linux/man-pages/man2/personality.2.html
Signed-off-by: flouthoc <flouthoc.git@gmail.com>
this is the first pass at implementing init containers for podman pods.
init containersare made popular by k8s as a way to run setup for pods
before the pods standard containers run.
unlike k8s, we support two styles of init containers: always and
oneshot. always means the container stays in the pod and starts
whenever a pod is started. this does not apply to pods restarting.
oneshot means the container runs onetime when the pod starts and then is
removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
To match Docker's behavior, in the `--net=host` case, we need to
use the host's `/etc/hosts` file, unmodified (without adding an
entry for the container). We will still respect hosts from
`--add-host` but will not make any automatic changes.
Fortuntely, this is strictly a matter of removal and refactoring
as we already base our `/etc/hosts` on the host's version - just
need to remove the code that added entries when net=host was set.
Fixes#10319
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Renamed podman pod stats test specs to distinguish them from podman stats tests.
podman stats tests where disabled by a +build flag.
Fix podman stats format test, add negative test.
Fix podman stats cli command, exit non-zero on invalid format string.
Add tests for podman stats interval flag.
Signed-off-by: Thomas Weber <towe75@googlemail.com>
added functionality for image secure copying from local to remote.
Also moved system connection add code around a bit so functions within that file
can be used by scp.
Signed-off-by: cdoern <cdoern@redhat.com>
This adds the integration tests for the repository or namespaced
registry feature introduced in c/common.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Compat healthcheck tests are of the format []string but podman's were of
the format string. Converted podman's to []string at the specgen level since it has the same effect
and removed the incorrect parsing of compat healthchecks.
fixes#10617
Signed-off-by: cdoern <cdoern@redhat.com>
The upcoming commit to support checkpointing out of Pods requires CRIU
3.16. This changes the CRIU version check to support checking for
different versions.
Signed-off-by: Adrian Reber <areber@redhat.com>
Compat healthcheck tests are of the format []string but podman's were of
the format string. Converted podman's to []string at the specgen level since it has the same effect
and removed the incorrect parsing of compat healthchecks.
fixes#10617
Signed-off-by: cdoern <cdoern@redhat.com>
This commit follows work started in #10756. Changes made in #11015
enabled cli support for volume prune --filter until. Adding e2e test
closes#10579.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Make sure podman network create reads all subnets from existing cni configs
and not only the first one.
Fixes#11032
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Pull policies in K8s yaml may be capitalized, so lower them before
parsing.
Fixes: bugzilla.redhat.com/show_bug.cgi?id=1985905
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
By proxy by vendoring containers/common. Previously, a "dangling" image
was an untagged image; just a described in the Docker docs. The
definition of dangling has now been refined to an untagged image without
children to be compatible with Docker.
Further update a redundant image-prune test.
Fixes: #10998Fixes: #10832
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
compat containers/logs was missing actual usage of until query param.
This led me to implement the until param for libpod's container logs as well. Added e2e tests.
Signed-off-by: cdoern <cdoern@redhat.com>
As a conclusion of a discussion in #10861, until filter is added
by this commit to volume ls filters.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Followup to #10932: add a validation check to prevent introduction
of new 'Expect(foo.ExitCode()).To(...)' patterns. If such use is
absolutely necessary -- there is one such instance in the code
already -- require that the assertion include a description.
Also: clean up instances that were introduced since the merging
of #10932.
Also: fix one remaining instance in run_exit_test.go: it had
a FIXME comment mentioning a race condition, but unfortunately
there was no issue or bug ID, hence no way to know if the race
is fixed or not. We will assume it is.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that containers configured for auto removal
(e.g., via `podman create --rm`) are removed in `podman start`
if starting the container failed.
Fixes: #10935
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.
Signed-off-by: cdoern <cdoern@redhat.com>
e2e test failures are rife with messages like:
Expected 1 to equal 0
These make me cry. They're anti-helpful, requiring the reader
to dive into the source code to figure out what those numbers
mean.
Solution: Go tests have a '.Should(Exit(NNN))' mechanism. I
don't know if it spits out a better diagnostic (I have no way
to run e2e tests on my laptop), but I have to fantasize that
it will, and given the state of our flakes I assume that at
least one test will fail and give me the opportunity to see
what the error message looks like.
THIS IS NOT REVIEWABLE CODE. There is no way for a human
to review it. Don't bother. Maybe look at a few random
ones for sanity. If you want to really review, here is
a reproducer of what I did:
cd test/e2e
! positive assertions. The second is the same as the first,
! with the addition of (unnecessary) parentheses because
! some invocations were written that way. The third is BeZero().
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\d+)\)\)/Expect($1).Should(Exit($2))/' *_test.go
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(\(Equal\((\d+)\)\)\)/Expect($1).Should(Exit($2))/' *_test.go
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(BeZero\(\)\)/Expect($1).Should(Exit(0))/' *_test.go
! Same as above, but handles three non-numeric exit codes
! in run_exit_test.go
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Equal\((\S+)\)\)/Expect($1).Should(Exit($2))/' *_test.go
! negative assertions. Difference is the spelling of 'To(Not)',
! 'ToNot', and 'NotTo'. I assume those are all the same.
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.To\(Not\(Equal\((0)\)\)\)/Expect($1).To(ExitWithError())/' *_test.go
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.NotTo\(Equal\((0)\)\)/Expect($1).To(ExitWithError())/' *_test.go
! negative, old use of BeZero()
perl -pi -e 's/Expect\((\S+)\.ExitCode\(\)\)\.ToNot\(BeZero\(\)\)/Expect($1).Should(ExitWithError())/' *_test.go
Run those on a clean copy of main branch (at the same branch
point as my PR, of course), then diff against a checked-out
copy of my PR. There should be no differences. Then all you
have to review is that my replacements above are sane.
UPDATE: nope, that's not enough, you also need to add gomega/gexec
to the files that don't have it:
perl -pi -e '$_ .= "$1/gexec\"\n" if m!^(.*/onsi/gomega)"!' $(grep -L gomega/gexec $(git log -1 --stat | awk '$1 ~ /test\/e2e\// { print $1}'))
UPDATE 2: hand-edit run_volume_test.go
UPDATE 3: sigh, add WaitWithDefaultTimeout() to a couple of places
UPDATE 4: skip a test due to bug #10935 (race condition)
Signed-off-by: Ed Santiago <santiago@redhat.com>
When optional information such as container IDs and names in pods, the
headers are not displayed. This fix restored the headers.
Documentation of this subcommand is also updated.
Signed-off-by: Hironori Shiina <shiina.hironori@jp.fujitsu.com>
First, make podman diff accept optionally a second argument. This allows
the user to specify a second image/container to compare the first with.
If it is not set the parent layer will be used as before.
Second, podman container diff should only use containers and podman
image diff should only use images. Previously, podman container diff
would use the image when both an image and container with this name
exists.
To make this work two new parameters have been added to the api. If they
are not used the previous behaviour is used. The same applies to the
bindings.
Fixes#10649
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
feat: read secret config from config file if the user hasn't entered
explicit config values
feat: allow to specify `--driver-opts opt1=val1,opt2=val2` in the secret
create command to allow overriding the default values
fix: show driver options in `podman secret inspect`
Signed-off-by: Tino Rusch <tino.rusch@gmail.com>
Added logic and handling for two new Podman pod create Flags.
--cpus specifies the total number of cores on which the pod can execute, this
is a combination of the period and quota for the CPU.
--cpuset-cpus is a string value which determines of these available cores,
how many we will truly execute on.
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
added Avg Cpu calculation and CPU up time to podman stats. Adding different feature sets in different PRs, CPU first.
resolves#9258
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Refactor podman commands that have drifted from using
c/common report pkg. Report pkg is needed to implement
go template functions.
Removed obsolete code from podman which exists in c/common.
Latest template library added default newlines and method to
remove them. Incorporated needed changes in c/common PR below.
Depends on https://github.com/containers/common/pull/624
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1855983
Signed-off-by: Jhon Honce <jhonce@redhat.com>
runc-1.0-rc95 refuses destination paths that are not absolute.
The test was causing a mount with a destination "[/etc/foo]" causing
the OCI runtime to fail.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Podman uses the volume option map to check if it has to mount the volume
or not when the container is started. Commit 28138dafcc added to uid
and gid options to this map, however when only uid/gid is set we cannot
mount this volume because there is no filesystem or device specified.
Make sure we do not try to mount the volume when only the uid/gid option
is set since this is a simple chown operation.
Also when a uid/gid is explicity set, do not chown the volume based on
the container user when the volume is used for the first time.
Fixes#10620
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
when looking up the container cgroup, ignore named hierarchies since
containers running systemd as payload will create a sub-cgroup and
move themselves there.
Closes: https://github.com/containers/podman/issues/10602
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Fix a race in the k8s-file logs driver. When "following" the logs,
Podman will print the container's logs until the end. Previously,
Podman logged until the state transitioned into something non-running
which opened up a race with the container still running, possibly in
the "stopping" state.
To fix the race, log until we've seen the wait event for the specific
container. In that case, conmon will have finished writing all logs to
the file, and Podman will read it until EOF.
Further tweak the integration tests for testing `logs -f` on a running
container. Previously, the test only checked for one of two lines
stating that there was a race. Indeed the race was in using `run --rm`
where a log file may be removed before we could fully read it.
Fixes: #10596
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Image prune --filter is fully implemented in the api, http api
yet not connected with the cli execution. User trying to use
filters does not see the effect. This commit adds glue code to enable
possiblity of using --filter in prune in the cli execution.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Certain event meta data was lost when converting the remote events to
libpod events and vice versa. Enable the skipped system tests for
remote.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Change the type of units generated with --new from "forking" to
"notify". This brings Podman closer to systemd and opens up
Podman to a number of use cases (see #5572).
Units generated without --new remain with `type=forking`. I
experimented a bit with adding a `--sdnotify` flag to `podman start` but
it doesn't really work well since we're competing with the default
sdnotify mode set during container creation.
Fixes: #5572
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Vendor in the latest HEAd of containers/common to implicitly support the
tag@digest notation for images. To remain compatible with Docker, the
tag will be stripped off the image reference and is entirely ignored.
Fixes: #6721
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
When the containers.conf field "NetNS" is set to "Bridge" and the
"RootlessNetworking" field is set to "cni", Podman will now
handle rootless in the same way it does root - all containers
will be joined to a default CNI network, instead of exclusively
using slirp4netns.
If no CNI default network config is present for the user, one
will be auto-generated (this also works for root, but it won't be
nearly as common there since the package should already ship a
config).
I eventually hope to remove the "NetNS=Bridge" bit from
containers.conf, but let's get something in for Brent to work
with.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Fix a race in journald driver. Following the logs implies streaming
until the container is dead. Streaming happened in one goroutine,
waiting for the container to exit/die and signaling that event happened
in another goroutine.
The nature of having two goroutines running simultaneously is pretty
much the core of the race condition. When the streaming goroutines
received the signal that the container has exitted, the routine may not
have read and written all of the container's logs.
Fix this race by reading both, the logs and the events, of the container
and stop streaming when the died/exited event has been read. The died
event is guaranteed to be after all logs in the journal which guarantees
not only consistencty but also a deterministic behavior.
Note that the journald log driver now requires the journald event
backend to be set.
Fixes: #10323
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
All of the tests has an assumption that RunLsContainer and RunLsContainerInPod completes
the container before returning. But since the container is running
in back ground mode, the container could be still running before tools
attempt to remove it. Removing the "-d" from the command fixes the
container to match the assumption.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Creating a macvlan network with the subnet or ipRange option should set
the ipam plugin type to `host-local`. We also have to insert the default
route.
Fixes#10283
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Chris Evich
Brent Baude
openshift-ci[bot]
Jakub Guzik
Daniel J Walsh
flouthoc
Matthew Heon
Thomas Weber
cdoern
Sascha Grunert
OpenShift Merge Robot
Giuseppe Scrivano
cdoern
Adrian Reber
Paul Holzinger
Valentin Rothberg
dependabot[bot]
Ed Santiago
Vikas Goel
Raul Sevilla
Hironori Shiina
Mehul Arora
Jhon Honce
Tino Rusch
Matthew Heon
Sebastian Jug
Paul Holzinger