opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-25 03:52:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10829 from cevich/update_images

Browse Source 
Update images
This commit is contained in:
OpenShift Merge Robot
2021-08-18 14:41:15 -04:00
committed by GitHub
parent a3d8b48fd5 9dd088e555
commit 4ec2270790
9 changed files with 44 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.cirrus.yml
View File

@ -30,20 +30,17 @@ env:
PRIOR_UBUNTU_NAME: "ubuntu-2010" PRIOR_UBUNTU_NAME: "ubuntu-2010"
# Google-cloud VM Images # Google-cloud VM Images
# TODO: At the time of this comment, an selinux-policy regression is blocking use of updated IMAGE_SUFFIX: "c6737534580424704"
# Fedora VM images: https://bugzilla.redhat.com/show_bug.cgi?id=1965743
IMAGE_SUFFIX_UBUNTU: "c5521575421149184"
IMAGE_SUFFIX: "c5348179051806720"
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX_UBUNTU}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
PRIOR_UBUNTU_CACHE_IMAGE_NAME: "prior-ubuntu-${IMAGE_SUFFIX_UBUNTU}" PRIOR_UBUNTU_CACHE_IMAGE_NAME: "prior-ubuntu-${IMAGE_SUFFIX}"
# Container FQIN's # Container FQIN's
FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX_UBUNTU}" UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}"
PRIOR_UBUNTU_CONTAINER_FQIN: "quay.io/libpod/prior-ubuntu_podman:${IMAGE_SUFFIX_UBUNTU}" PRIOR_UBUNTU_CONTAINER_FQIN: "quay.io/libpod/prior-ubuntu_podman:${IMAGE_SUFFIX}"
#### ####
#### Control variables that determine what to run and how to run it. #### Control variables that determine what to run and how to run it.
@ -671,18 +668,11 @@ meta_task:
image: quay.io/libpod/imgts:$IMAGE_SUFFIX image: quay.io/libpod/imgts:$IMAGE_SUFFIX
env: env:
# Space-separated list of images used by this repository state # Space-separated list of images used by this repository state
# TODO: Protect commonly tagged ubuntu images from puning in case
# workaround for BZ1965743 remains in use beyond the 30-days.
# Ref sha 404d5edb155
IMGNAMES: >- IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME} ${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME}
${PRIOR_UBUNTU_CACHE_IMAGE_NAME} ${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
fedora-${IMAGE_SUFFIX_UBUNTU}
prior-fedora-${IMAGE_SUFFIX_UBUNTU}
ubuntu-${IMAGE_SUFFIX}
prior-ubuntu-${IMAGE_SUFFIX}
BUILDID: "${CIRRUS_BUILD_ID}" BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_REPO_NAME}" REPOREF: "${CIRRUS_REPO_NAME}"
GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4] GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]

16
contrib/cirrus/setup_environment.sh
View File

@ -77,6 +77,13 @@ case "$CG_FS_TYPE" in
else else
echo "OCI_RUNTIME=runc" >> /etc/ci_environment echo "OCI_RUNTIME=runc" >> /etc/ci_environment
fi fi
# As a general policy CGv1 + runc should coincide with the "older"
# VM Images in CI. Verify this is the case.
if [[ -n "$VM_IMAGE_NAME" ]] && [[ ! "$VM_IMAGE_NAME" =~ prior ]]
then
die "Most recent distro. version should never run with CGv1"
fi
fi fi
;; ;;
cgroup2fs) cgroup2fs)
@ -85,6 +92,13 @@ case "$CG_FS_TYPE" in
# which uses runc as the default. # which uses runc as the default.
warn "Forcing testing with crun instead of runc" warn "Forcing testing with crun instead of runc"
echo "OCI_RUNTIME=crun" >> /etc/ci_environment echo "OCI_RUNTIME=crun" >> /etc/ci_environment
# As a general policy CGv2 + crun should coincide with the "newer"
# VM Images in CI. Verify this is the case.
if [[ -n "$VM_IMAGE_NAME" ]] && [[ "$VM_IMAGE_NAME" =~ prior ]]
then
die "Least recent distro. version should never run with CGv2"
fi
fi fi
;; ;;
*) die_unknown CG_FS_TYPE *) die_unknown CG_FS_TYPE
@ -208,7 +222,7 @@ case "$TEST_FLAVOR" in
unit) ;; unit) ;;
apiv2) ;& # use next item apiv2) ;& # use next item
compose) compose)
dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-docker* rpm -ivh $PACKAGE_DOWNLOAD_DIR/podman-docker*
;& # continue with next item ;& # continue with next item
int) ;& int) ;&
sys) ;& sys) ;&

8
test/buildah-bud/apply-podman-deltas
View File

@ -165,14 +165,6 @@ skip "FIXME FIXME FIXME: this passes on Ed's laptop, fails in CI??" \
skip "buildah runs with --cgroup-manager=cgroupfs, podman with systemd" \ skip "buildah runs with --cgroup-manager=cgroupfs, podman with systemd" \
"bud with --cgroup-parent" "bud with --cgroup-parent"
# see https://github.com/containers/podman/pull/10829
skip "FIXME FIXME FIXME - requires updated CI images (#10829)" \
"bud with --runtime and --runtime-flag"
###############################################################################
# BEGIN tests which are skipped due to actual podman bugs.
############################################################################### ###############################################################################
# BEGIN tests which are skipped because they make no sense under podman-remote # BEGIN tests which are skipped because they make no sense under podman-remote

2
test/compose/mount_and_label/docker-compose.yml
View File

@ -6,5 +6,7 @@ services:
- '5000:5000' - '5000:5000'
volumes: volumes:
- /tmp/data:/data:ro - /tmp/data:/data:ro
security_opt:
- label=disable
labels: labels:
- "io.podman=the_best" - "io.podman=the_best"

6
test/e2e/common_test.go
View File

@ -645,9 +645,13 @@ func isRootless() bool {
return os.Geteuid() != 0 return os.Geteuid() != 0
} }
func isCgroupsV1() bool {
return !CGROUPSV2
}
func SkipIfCgroupV1(reason string) { func SkipIfCgroupV1(reason string) {
checkReason(reason) checkReason(reason)
if !CGROUPSV2 { if isCgroupsV1() {
Skip(reason) Skip(reason)
} }
} }

11
test/e2e/login_logout_test.go
View File

@ -79,9 +79,9 @@ var _ = Describe("Podman login and logout", func() {
session = podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"), session = podmanTest.Podman([]string{"run", "-d", "-p", strings.Join([]string{strconv.Itoa(port), strconv.Itoa(port)}, ":"),
"-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v", "-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v",
strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e", strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd", "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
"-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt", "-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"}) "-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
@ -235,10 +235,13 @@ var _ = Describe("Podman login and logout", func() {
setup.WaitWithDefaultTimeout() setup.WaitWithDefaultTimeout()
defer os.RemoveAll(certDir) defer os.RemoveAll(certDir)
// N/B: This second registry container shares the same auth and cert dirs
// as the registry started from BeforeEach(). Since this one starts
// second, re-labeling the volumes should keep SELinux happy.
session := podmanTest.Podman([]string{"run", "-d", "-p", "9001:9001", "-e", "REGISTRY_HTTP_ADDR=0.0.0.0:9001", "--name", "registry1", "-v", session := podmanTest.Podman([]string{"run", "-d", "-p", "9001:9001", "-e", "REGISTRY_HTTP_ADDR=0.0.0.0:9001", "--name", "registry1", "-v",
strings.Join([]string{authPath, "/auth"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e", strings.Join([]string{authPath, "/auth:z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e",
"REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd", "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd",
"-v", strings.Join([]string{certPath, "/certs"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt", "-v", strings.Join([]string{certPath, "/certs:z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt",
"-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"}) "-e", "REGISTRY_HTTP_TLS_KEY=/certs/domain.key", "registry:2.6"})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))

2
test/e2e/run_test.go
View File

@ -946,7 +946,7 @@ USER mail`, BB)
Expect(err).To(BeNil()) Expect(err).To(BeNil())
mountpoint := "/myvol/" mountpoint := "/myvol/"
session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint, ALPINE, "cat", mountpoint + filename}) session := podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":z", ALPINE, "cat", mountpoint + filename})
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
ctrID := session.OutputToString() ctrID := session.OutputToString()

3
test/e2e/stats_test.go
View File

@ -22,6 +22,9 @@ var _ = Describe("Podman stats", func() {
BeforeEach(func() { BeforeEach(func() {
SkipIfRootlessCgroupsV1("stats not supported on cgroupv1 for rootless users") SkipIfRootlessCgroupsV1("stats not supported on cgroupv1 for rootless users")
if isContainerized() {
SkipIfCgroupV1("stats not supported inside cgroupv1 container environment")
}
var err error var err error
tempdir, err = CreateTempDirInTempDir() tempdir, err = CreateTempDirInTempDir()
if err != nil { if err != nil {

11
test/e2e/systemd_test.go
View File

@ -6,7 +6,6 @@ import (
"strings" "strings"
"time" "time"
"github.com/containers/podman/v3/pkg/rootless"
. "github.com/containers/podman/v3/test/utils" . "github.com/containers/podman/v3/test/utils"
. "github.com/onsi/ginkgo" . "github.com/onsi/ginkgo"
. "github.com/onsi/gomega" . "github.com/onsi/gomega"
@ -118,11 +117,13 @@ WantedBy=multi-user.target
Expect(len(conData)).To(Equal(1)) Expect(len(conData)).To(Equal(1))
Expect(conData[0].Config.SystemdMode).To(BeTrue()) Expect(conData[0].Config.SystemdMode).To(BeTrue())
if CGROUPSV2 || !rootless.IsRootless() { // stats not supported w/ CGv1 rootless or containerized
stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName}) if isCgroupsV1() && (isRootless() || isContainerized()) {
stats.WaitWithDefaultTimeout() return
Expect(stats).Should(Exit(0))
} }
stats := podmanTest.Podman([]string{"stats", "--no-stream", ctrName})
stats.WaitWithDefaultTimeout()
Expect(stats).Should(Exit(0))
}) })
It("podman create container with systemd entrypoint triggers systemd mode", func() { It("podman create container with systemd entrypoint triggers systemd mode", func() {