Currently if user specifies podman kube play --replace, the
pod is removed on the client side, not the server side. If
the API is called with replace=true, the pod was not being removed
and this called the API to fail. This PR removes the pod if it
exists and the caller specifies replace=true.
Fixes: https://github.com/containers/podman/discussions/20705
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We were ignoreing relabel requests on certain unsupported
file systems and not on others, this changes to consistently
logrus.Debug ENOTSUP file systems.
Fixes: https://github.com/containers/podman/discussions/20745
Still needs some work on the Buildah side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This expands support for the (previously) boolean `Notify` directive, in
support of healthcheck determined SD-NOTIFY event emission, as
supported by Podman with the `--sdnotify=healthy` option.
Closes: #18189
Signed-off-by: Alex Palaistras <alex@deuill.org>
Add a new `no-dereference` mount option supported by crun 1.11+ to
re-create/copy a symlink if it's the source of a mount. By default the
kernel will resolve the symlink on the host and mount the target.
As reported in #20098, there are use cases where the symlink structure
must be preserved by all means.
Fixes: #20098
Fixes: issues.redhat.com/browse/RUN-1935
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This mostly just inherits the c/common/pkg/auth implementation,
except that AuthFilePath and DockerCompatAuthFilePath can not be set
simultaneously, so don't unnecessarily explicitly set AuthFilePath.
c/common already handles that.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We're only testing vfs in CI. That's bad. #18822 tried to
remedy that but that only worked on system tests, not e2e.
Here we introduce CI_DESIRED_STORAGE, to be set in .cirrus.yml
in the same vein as all the other CI_DESIRED_X. Since it's 2023
we default to overlay, testing vfs only in priorfedora.
Fixes required:
- e2e tests:
- in cleanup, umount ROOT/overlay to avoid leaking mounts
- system tests:
- fix a few badly-written tests that assumed/hardcoded overlay
- buildx test: add weird exception to device-number test
- mount tests: add special case code for vfs
- unprivileged test: disable one section that is N/A on vfs
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support UIDMap, GIDMap, SubUIDMap and SubGIDMap
If any of them are set disregard the deprecated Remap keys
Add tests and man
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
...while Ed was napping:
- create/run based on remote image: was not actually testing anything
- create/run --tls-verify: ditto
- run --decryption-key: sort of testing but not really
- Fail(), not Skip(), if we can't start registry.
- never Skip() halfway through a test: emit a message, and return
The Skip-in-the-middle thing deserves to be shouted from the rooftops.
Let's please never do that again. Skip() says "this entire test was
skipped", which can be misleading to a spelunker trying to track
down a problem related to those tests.
Also, more minor:
- reduce use of port 5000
- rename a confusingly-named test
Ref: #11205, #12009
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is something I've long wanted in logs: an indicator of
which bats file the test lives in. As of v1.7.0 there is
now a way to do that, BATS_TEST_NAME_PREFIX. Use it. Logs
now look like:
ok 14 [001] podman - shutdown engines
ok 15 [005] podman info - basic test
...
not ok 195 [065] podman cp - dot notation ....
(As a bonus, we can remove the super-long "test blah blah pasta"
duplication from 505.bats).
Also, removed no-longer-necessary (fingers crossed) debug code
for the recently fixed containers-storage umount/EINVAL flake.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This will only fail if someone ever adds a system test that
runs podman with "--db-backend boltdb", which nobody should
ever do, but this is a cheap way to make sure it never happens.
See #20563
Signed-off-by: Ed Santiago <santiago@redhat.com>
When using the local client, we should display the compression
algorithm.
If the compression level is set, then show this also.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
It seems certain test infrastructure prevents cloning repo which
contains symlink outside of the repo itself, generate symlink for such
test by the testsuite itself just before running test and remove it when
test is completed.
Signed-off-by: Aditya R <arajan@redhat.com>
Followup to #20318: now that sqlite is the podman default,
enforce that in CI as well. Test boltdb only in Prior Fedora.
In the process, discovered & cleaned up some duplication
and unused YAML anchors.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Docker allows the passing of -1 to indicate the maximum limit
allowed for the current process.
Fixes: https://github.com/containers/podman/issues/19319
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when --uts=host is provided, the expectation is to use the hostname
from the host not the container name.
Closes: https://github.com/containers/podman/issues/20448
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Under some circumstances BATS tests hang, causing a CI timeout.
One prominent reason is pasta test failures: BATS will not
exit until all child processes are finished, and in some
environments the socat client can stay forever.
Workaround: run socat with a timeout, and with limited retries.
Tested on an f38 system with broken IPv6: without this fix,
bats hangs until I ^C. With this fix, bats exits as it should.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Podman build --remote is translating https://path as if it was a file
path. This change will leave it as a URL so it can be parsed on the
server side.
Fixed: https://github.com/containers/podman/issues/20475
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
All `[]string`s in containers.conf have now been migrated to attributed
string slices which require some adjustments in Buildah and Podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Followup from #20050. Lots of tiny problems in tests, all of
them adding up to significant maintainability problems.
These tests are currently impossible to run in a dev environment,
and super-painful to set up in 1mt, so I've just done a few hours
of cleanup and am giving up for the week.
This is ready for merge, in the sense that it's much better than
what exists now, but it still needs boatloads more work.
Signed-off-by: Ed Santiago <santiago@redhat.com>
I don't really like this solution because it can't be undone by
`--security-opt unmask=all` but I don't see another way to make
this retroactive. We can potentially change things up to do this
the right way with 5.0 (actually have it in the list of masked
paths, as opposed to adding at spec finalization as now).
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Our aarch64 CI system uses 172.31.0.0/20. Because I was (and am)
lazy, my random_rfc1918_subnet() helper was only checking /24.
This causes flakes.
Solution is to actually do it right: binary arithmetic, prefix
matching. This is effectively impossible in bash, so, use a
hairy perl helper and add copious tests.
Fixes: #18693
Signed-off-by: Ed Santiago <santiago@redhat.com>
Problem: frequent CI flakes of the form:
Error: cannot listen on the TCP port: listen tcp4 :5355: bind: address already in use
Always 5355.
Cause: systemd-resolve listens on 5355, but not on 127.0.0.1. So
when GetPort() tries its is-it-in-use check by binding localhost,
it succeeds; but then podman binds * and fails.
Solution: GetPort(): test by binding 0.0.0.0.
Also, improve the failure message.
Signed-off-by: Ed Santiago <santiago@redhat.com>
There's a whole slew of networking-related flakes whose common
element seems to be improper use of curl. Fix those by:
* add --retry --retry-connrefused; and/or
* add -S ("show errors". Plain -s silences everything!); and/or
* test exit status from curl; and/or
* add wait_for_port after "podman run -d", to avoid races
* log commands, to make debugging easier
Important note: wait_for_port() was not working with rootless
podman ports. Trivial proof:
$ podman run -d --name foo -p 8192:80 \
quay.io/libpod/testimage:20221018 \
/bin/busybox-extras httpd -f -p 80
$ grep :2000 /proc/net/tcp
[no results]
Solution: use ss tool; it seems to handle this just fine.
There may be a better solution.
Oh, also, add -t1 to a podman restart, to shave 18s from test run.
Fixes: #20335 and, I think, a handful of others
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add Quadlet key and disconnect relationship withr read-only
Update and add tests
Update man with new key
Remove the reference to VolatileTmpfs in the man page to reduce its
usage, since the same functionality can be achieved using the Tmpfs key
while keeping its support to maintain backward compatibility
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Docker deals with the --all flag on the client side while Podman does it
on the server side. Hence, make sure to not set the dangling filter
with two different values in the backend.
Fixes: #20469
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This change is the first step of integrating appendable string arrays
into containers.conf and starts with enabling the `Env`, `Mounts`, and
`Volumes` fields in the `[Containers]` table.
Both, Buildah and Podman, read (and sometimes write) the fields of the
`Config` struct at various places, so I decided to migrate the fields
step-by-step. The ones in this change are most critical ones for
customers. Once all string slices/arrays are migrated, the docs of
containers.conf will be updated. The current changes are entirely
transparent to users.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We only care about the version so just import the define package for it,
the main buildah package causes big transitive imports which fail to
build with the remote tag (i.e. libimage)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Tag now does a prepend internally instead of append with the names. Thus
the order changed which needs some test changes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
commit 7ade972102 introduced the change
that caused an issue in crun since it forces the root user session
instead of the system one when DBUS_SESSION_BUS_ADDRESS is set.
I am addressing it in crun, but for the time being, let's also not
pass the variable down to conmon since the assumption is that when
running as root the containers must be created on the system bus.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When the hostNetwork option is set to true in the k8s yaml,
set the pod's hostname to the name of the machine/node as is
done in k8s. Also set the utsns to host.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Followup to #20394. For years (since BATS 1.5) we've been
seeing and ignoring nasty red warnings at the end of every
system test run. Thanks for fixing it, @giuseppe! But it
broke down in the '?' case when $expected_rc is empty:
test/system/helpers.bash: line 345: [: -eq: unary operator expected
Simple fix.
Signed-off-by: Ed Santiago <santiago@redhat.com>
always cleanup the exec session when the command specified to the
"exec" is not found.
Closes: https://github.com/containers/podman/issues/20392
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Daniel J Walsh
openshift-merge-bot[bot]
Alex Palaistras
Valentin Rothberg
Ashley Cui
renovate[bot]
Miloslav Trmač
Ed Santiago
Ygal Blum
Brent Baude
openshift-ci[bot]
Aditya R
Giuseppe Scrivano
Matthew Heon
Urvashi Mohnani
Paul Holzinger
Toshiki Sonoda