Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles test/e2e/v*_test.go
Signed-off-by: Ed Santiago <santiago@redhat.com>
Some programs have their configuration files relative to the user's
home. It would be convenient being able to mount these into the container, but
that requires expansion of `~` or `$HOME` in a label. This commit adds support
for that for the `runlabel` command.
Signed-off-by: Dan Čermák <dcermak@suse.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
This commit handles a subset of test/e2e/pod_xxxx_test.go
(I stopped before this grew too huge for review)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
Signed-off-by: Ed Santiago <santiago@redhat.com>
..to match the version in root dir, to get rid of the mismatch
warning on every ginkgo run.
I still don't understand why renovatebot isn't doing this.
(Also, touch a file under e2e, to force tests to run)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Because the test left the image mounted the cleanup failed to remove the
tmpdir as it contained an active mount point. Thus ensure we unmount the
image again to prevent this leak.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Using /tmp means this file will be leaked and no deleted, switch to
using the per test tempdir which is removed after the test.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
TMPDIR is typically /tmp which is typically(*) a tmpfs.
This PR ignores $TMPDIR when $CI is defined, forcing all
e2e tests to set up one central working directory in /var/tmp
instead.
Also, lots of cleanup.
(*) For many years, up to and still including the time of
this PR, /tmp on Fedora CI VMs is actually NOT tmpfs,
it is just / (root). This is nonstandard and undesirable.
Efforts are underway to remove this special case.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It is not clear why rootless was forced to the cgroupfs manager when
systemd is the default. In any case it causes local test failures as
described in the issue[1]. Using systemd manager makes them pass as
expected, I don't know enough aout cgroups to know the difference and
why certain tests have bad asumptions but this fixes it.
[1] https://github.com/containers/podman/issues/22474
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the source dir is already mounted noexec, nodev or nosuid then a
rootless user cannot mount the dir into the container without these
options for obvious reasons.
So in order to run the test we must ensure the dir is mounted with these
options first, if they are simply skip as the test will fail otherwise.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When you run locally with a higher oom_score_adj then the one used in
the test podman will print a warning and not set the oom lower then the
current value. Thus use 999 as value which should only cause problems
for users with oom_score_adj value of 1000 (max value) which seems
unlikely.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Effectively, this is an ability to take an image already pulled
to the system, and automatically mount it into one or more
containers defined in Kubernetes YAML accepted by `podman play`.
Requirements:
- The image must already exist in storage.
- The image must have at least 1 volume directive.
- The path given by the volume directive will be mounted from the
image into the container. For example, an image with a volume
at `/test/test_dir` will have `/test/test_dir` in the image
mounted to `/test/test_dir` in the container.
- Multiple images can be specified. If multiple images have a
volume at a specific path, the last image specified trumps.
- The images are always mounted read-only.
- Images to mount are defined in the annotation
"io.podman.annotations.kube.image.automount/$ctrname" as a
semicolon-separated list. They are mounted into a single
container in the pod, not the whole pod.
As we're using a nonstandard annotation, this is Podman only, any
Kubernetes install will just ignore this.
Underneath, this compiles down to an image volume
(`podman run --mount type=image,...`) with subpaths to specify
what bits we want to mount into the container.
Signed-off-by: Matt Heon <mheon@redhat.com>
Image volumes (the `--mount type=image,...` kind, not the
`podman volume create --driver image ...` kind - it's strange
that we have two) are needed for our automount scheme, but the
request is that we mount only specific subpaths from the image
into the container. To do that, we need image volume subpath
support. Not that difficult code-wise, mostly just plumbing.
Also, add support to the CLI; not strictly necessary, but it
doesn't hurt anything and will make testing easier.
Signed-off-by: Matt Heon <mheon@redhat.com>
Followup to [1]#22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
Just trying to shrink down #22346 to a manageable, reviewable size.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
More low-hanging fruit: small reviewable chunks
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #22270: wherever possible/practical, extend command
error checks to include explicit exit status codes and error strings.
Because #22346 is stalled, these are some trivial easy-to-review
changes that get us closer to the goal.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When the field is set to false we should never log healthcheck events.
Fixes https://issues.redhat.com/browse/RHEL-18987
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The change in healthcheck_run_test.go, depends on the
containers/image change:
commit b6afa8ca7b324aca8fd5a7b5b206fc05c0c04874
Author: Mikhail Sokolov <msokolov@evolution.com>
Date: Fri Mar 15 13:37:44 2024 +0200
Add support for Docker HealthConfig.StartInterval (v25.0.0+)
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This is something Docker does, and we did not do until now. Most
difficult/annoying part was the REST API, where I did not really
want to modify the struct being sent, so I made the new restart
policy parameters query parameters instead.
Testing was also a bit annoying, because testing restart policy
always is.
Signed-off-by: Matt Heon <mheon@redhat.com>
The Docker endpoint here is kind of a nightmare - accepts a full
Resources block, including a large number of scary things like
devices. But it only documents (and seems to use) a small subset
of those. This implements support for that subset. We can always
extend things to implement more later if we have a need.
Signed-off-by: Matt Heon <mheon@redhat.com>
The logic here is more complex than I would like, largely due to
the behavior of `podman inspect` for running containers. When a
container is running, `podman inspect` will source as much as
possible from the OCI spec used to run that container, to grab
up-to-date information on things like devices. We don't want to
change this, it's definitely the right behavior, but it does make
updating a running container inconvenient: we have to rewrite the
OCI spec as part of the update to make sure that `podman inspect`
will read the correct resource limits.
Also, make update emit events. Docker does it, we should as well.
Signed-off-by: Matt Heon <mheon@redhat.com>
nixery registry has been down all day. Disable test.
Someone will need to fix this on the buildah end.
Signed-off-by: Ed Santiago <santiago@redhat.com>
First of all this removes the need for a network connection, second
renovate can update the version as it is tracked in go.mod.
However the real important part is that the binary downloads are
broken[1]. For some reason the swagger created with them does not
include all the type information for the examples. However when building
from source the same thing works fine.
[1] https://github.com/go-swagger/go-swagger/issues/2842
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Two system tests were relying on $SYSTEMD_IMAGE but were not
running _prefetch. This led to baffling flakes that wasted
my time. (Quay flakes, of course. New manifestation.)
Signed-off-by: Ed Santiago <santiago@redhat.com>
openshift-merge-bot[bot]
Ed Santiago
Dan Čermák
Paul Holzinger
renovate[bot]
Matt Heon
Giuseppe Scrivano
Evgeni Golov
Daniel J Walsh