Remnant from the very early days of this test file. There's
a boilerplate $testYaml string used in many tests; each
use requires three clunky lines of prep. Most of those
were not needed; we can (and now do) use _write_test_yaml()
instead.
There are still two instances that could not be fixed in
this commit. I will do those next. This commit is kept
relatively simple for ease of review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Many system tests use hardcoded names for containers, images,
and everything. This has worked because system tests run
serially. It will not work if we ever run in parallel.
Create a new safename() helper, and use it as follows:
myctr=c_$(safename)
myvol1=v1_$(safename)
...
Find current instances of hardcoded names, and replace
with safe ones.
Whether or not we ever end up parallelizing system tests,
this is simply good practice.
There are far too many instances to fix in one (reviewable) PR.
This is commit 1 of N.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The unmount for the driver home dir is done automatically by the store
on Shutdown. Do not do the unmount from the tests cleanup.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
send a SIGTERM to the server process instead of killing it so it has
time to do a proper cleanup and don't leak the home mount.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
shutdown the containers store so that the home directory mount is not
leaked when "podman system service" exits.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Adds a `NetworkAlias=` key to both .container and .pod quadlet files,
which translates to the `--network-alias` option to `podman run` and
`podman pod create` respectively. Can be repeated multiple times.
Signed-off-by: Félix Saparelli <felix@passcod.name>
The current code did something like this:
lock()
getState()
unlock()
if state != running
lock()
getState() == running -> error
unlock()
This of course is wrong because between the first unlock() and second
lock() call another process could have modified the state. This meant
that sometimes you would get a weird error on start because the internal
setup errored as the container was already running.
In general any state check without holding the lock is incorrect and
will result in race conditions. As such refactor the code to combine
both StartAndAttach and Attach() into one function that can handle both.
With that we can move the running check into the locked code.
Also use typed error for this specific error case then the callers can
check and ignore the specific error when needed. This also allows us to
fix races in the compat API that did a similar racy state check.
This commit changes slightly how we output the result, previously a
start on already running container would never print the id/name of the
container which is confusing and sort of breaks idempotence. Now it will
include the output except when --all is used. Then it only reports the
ids that were actually started.
Fixes#23246
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The new docker types have conflicting swagger:model names, there is both
network.CreateResponse and container.CreateResponse. However both have
a different fields (Warning and Warnings) and both are marked as
required. The swagger generate sees both and somehow merges them but
then only shows fields from one type but at the same time list all
fields as required. This causes the swagger validation to fail:
- "Warning" is present in required but not defined as property in definition "CreateResponse"
To work around that we exlcude the netwok types from the swagger
generation which makes it work again. Looking at the final type info in
the browser it still shows the type onfo on the compat network endpints
so it doesn't even loose any valuable information AFAICS.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixes compile issues with new docker changes, then fix all the new
depreciation warnings.
Also there seem to be larger pre-existing problems with the
/containers/json API output as the HostConfig field seems to be missing
but I don't have time to deal with that currently.
Note this does not include changes for the new docker API 1.46.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Change the warning message at runtime to refer to the man page of podman-compose instead of "the documentation"
Add instructions in the man page on how to disable the warning emitted by podman-compose when using an external compose provider
Signed-off-by: marinmo <bugzilla@marinmo.org>
When the path does not exist, filepath.EvalSymlinks returns an
empty string - so we can't just ignore ENOENT, we have to discard
the result if an ENOENT is returned.
Should fix Jira issue RHEL-37948
Signed-off-by: Matt Heon <mheon@redhat.com>
Old netavark version only supported iptables, however a new version on
th ehost might use nftables. This breaks the networking tests here as
they are not compatible and you would need to reboot to fix that.
Because this is not possible for our tests make sure we force the
iptables driver always to keep the test working.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
netavark can use iptables or nftables as firewall driver, thus if we try
to flush rules make sure we try both to keep the test working when we
switch the default to nftables.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Stop using iptables to check anything, it does not work rootless and
will no longer work with nftables which will be used in the future.
Also fix up the test that say podman run to actually use podman run and
then just check via inspect that the ports are set correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
New tool, get-local-registry-script, intended for developers
to get a local registry running in their environment. This is
not necessary for any tests, but may be desirable for performance
reasons and/or to recreate the CI environment.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This commit gets tests working under the new local-registry system:
* amend a few image names, mostly just sticking to a consistent
list of those images in our registry cache. Mostly minor
tag updates.
* trickier: pull_test: change some error messages, and remove
a test that's now a NOP. Basically, with a local (unprotected)
registry we always get "404 manifest unknown"; with a real
registry we'll get "403 I can't tell you".
* trickiest: seccomp_test: build our own images at run time,
with our desired labels. Until now we've been pulling
prebuilt images, but those will not copy to the local
cache registry. Something about v1? Anyhow, I gave up
trying to cache them, and the workaround is straightforward.
Also took the liberty of strengthening a few error-message checks
Signed-off-by: Ed Santiago <santiago@redhat.com>
Ed Santiago
renovate[bot]
benniekiss
openshift-merge-bot[bot]
Daniel J Walsh
Anders F Björklund
Arthur Sengileyev
Giuseppe Scrivano
Félix Saparelli
Paul Holzinger
marinmo
Matt Heon