For all commands with a --filter option, cross-reference
against man pages, and vice-versa.
I'm sorry. I know this script has gone off the deep end.
[NO NEW TESTS NEEDED] although actually I would like to test some broken completions
Signed-off-by: Ed Santiago <santiago@redhat.com>
First do not lint pkg/domain/infra/abi with the remote tag as this is
only local code.
Then mark the cacheLibImage field as unused, this should be an unused
stub for the remote client so that we do not leak libimage.
The linter sees that with the remote tag so we need to silence that
warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Shortcuts like unix:path and unix:/path do not work everywhere,
so make sure to use unix://path when quoting the url (or address)
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
The performance issue in #19467 drove me to add a benchmark for
system-df to avoid regressing on it in the future.
Comparing current HEAD to v4.6.0 yields
```
/home/vrothberg/containers/podman/bin/podman system df ran
201.47 times faster than /usr/bin/podman system df
```
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Check for duplicate subcommands, flags, and format specifiers.
I assumed this would never be necessary, that code review would
catch dups, but it happened (#19462). Prevent future ones.
Also, make it a fatal error for a --format to be undocumented,
except for 'podman inspect'. So many exceptions ... :(
Signed-off-by: Ed Santiago <santiago@redhat.com>
BATS 1.8.0 introduces tags: metadata that can be applied to
a single test or one entire file, then used for filtering
in a test run.
Issue #19299 introduces the possibility of using OpenQA
for podman reverse dependency testing: continuous CI on
all packages that can affect podman, so we don't go two
months with no bodhi builds then get caught by surprise
when systemd or kernel or crun change in ways that break us.
This PR introduces one bats tag, "distro-integration".
The intention is for OpenQA (or other) tests to install
the podman-tests package and run:
bats --filter-tags distro-integration /usr/share/podman/test/system
Goal is to keep the test list short and sweet: we do not
need to test command-line option parsing. We *DO* need to
test interactions with systemd, kernel, nethack, and other
critical components.
Signed-off-by: Ed Santiago <santiago@redhat.com>
**podman compose** is a thin wrapper around an external compose provider
such as docker-compose or podman-compose. This means that `podman
compose` is executing another tool that implements the compose
functionality but sets up the environment in a way to let the compose
provider communicate transparently with the local Podman socket. The
specified options as well the command and argument are passed directly
to the compose provider.
The default compose providers are `docker-compose` and `podman-compose`.
If installed, `docker-compose` takes precedence since it is the original
implementation of the Compose specification and is widely used on the
supported platforms (i.e., Linux, Mac OS, Windows).
If you want to change the default behavior or have a custom installation
path for your provider of choice, please change the `compose_provider`
field in `containers.conf(5)`. You may also set the
`PODMAN_COMPOSE_PROVIDER` environment variable.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The podman-login tests have accumulated much cruft over the
years, because that's the only place where we run a local
registry, and the process was crufty: we actually start/stopped
the registry as the first & last tests of the file. Meaning,
you couldn't do 'hack/bats 150:just-one-test' because that
would skip the registry start. And just now, a completely
unrelated test has had to be shoved into the login file.
This PR revamps the whole thing, by adding a new registry helper
module that can be used anywhere. And, once the registry is
started, it just stays running until the end of tests. (This
requires BATS 1.7 or greater).
Signed-off-by: Ed Santiago <santiago@redhat.com>
First: fix podman-registry script so it preserves the initial $PODMAN,
so all subsequent invocations of ps, logs, and stop will use the
same binary and arguments. Until now we've handled this by requiring
that our caller manage $PODMAN (and keep it the same), but that's
just wrong.
Next, simplify the golang interface: move the $PODMAN setting into
registry.go, instead of requiring e2e callers to set it. (This
could use some work: the local/remote conditional is icky).
IMPORTANT: To prevent registry.go from using the wrong podman binary,
the Start() call is gone. Only StartWithOptions() is valid now.
And, minor cleanup: comments, and add an actual error-message check
Reason for this PR is a recurring flake, #18355, whose multiple
failure modes I truly can't understand. I don't think this PR
is going to fix it, but this is still necessary work.
Signed-off-by: Ed Santiago <santiago@redhat.com>
hack/podman-registry --help option does not exist.
We need to use -h option when we want to see the usage message.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Work around a go-md2man bug, and add a check script to make sure
this doesn't hit us again.
Background: go-md2man can't deal with a left-hand column > 31 chars.
It produces man pages that look like:
| Something With >31 Character | |
| | ..description |
(should be all on one row). It also has trouble when the vertical
bars are misaligned: it completely removes the right-hand side.
There's almost certainly a better solution: fix go-md2man, or
use a different conversion tool, or maybe even pre/postprocess.
But this is a quick interim solution.
Sorry for the perl. This could be done in bash/sed/awk/grep,
but not with any sort of sane error messages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- treadmill script: run root & rootless in parallel, not
sequentially. It's only four jobs, and it seems dumb
to fix root tests, repush, then discover a rootless failure.
- apply-podman-deltas: implement skip_if_rootless(), and
use it to skip a nasty longstanding flake
- bud-tests-in-podman diffs: ugly code to fix a rootless hang.
background: rootless remote tests hang
cause: stray podman server process
root cause: no idea. No clue at all. I just gave up
workaround: seek out and kill stray server processes
Rootless buildah-bud tests are not run in regular CI,
only in the buildah treadmill.
Signed-off-by: Ed Santiago <santiago@redhat.com>
There are days when I really, really, really hate GNU. Remember
when someone decided that 'head -1' would no longer work, and
that it was OK to break an infinite number of legacy production
scripts? Someone now decided that egrep/fgrep are deprecated,
and our CI logs (especially pr-should-include-tests) are now
filled with hundreds of warning lines, making it difficult
to find actual errors.
I expect that those warnings will be removed quickly after
furious community backlash, just like the 'head -1' fiasco
was quietly reverted, but ITM the warnings are annoying
so I capitulate.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Porting them over to v2 requires a full rewrite.
IT is not clear who actually uses these benchmarks, Valentin who wrote
them originally is in favor of removing them. He recommends to use
script from hack/perf instead.
This commit also drop the CI integration, it is not clear who actually
uses this data. If it is needed for something please speak up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As long as podman uses a fork/exec model this eBPF program is able to trace the performance of each podman command and the resulting child processes from start to finish. This is an improvement to the already existing podmansnoop eBPF program which only looks at sched_process_exit and enter/exit sys_execve tracepoints.
Signed-off-by: Paul Wallrabe <54737071+raballew@users.noreply.github.com>
It flakes once or twice a day:
VERSION=1.51.1 ./hack/install_golangci.sh
Installing golangci-lint v1.51.1 into ./bin/golangci-lint
golangci/golangci-lint info checking GitHub for tag 'v1.51.1'
golangci/golangci-lint crit unable to find 'v1.51.1' - use 'latest'
or see https://github.com/golangci/golangci-lint/releases for details
No visibility into why, and no special reason to believe that
retrying five seconds later will work, but it seems worth a try.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In February we started running rootless bud tests in cron (#17608).
That's nice, but nobody ever looks at cron results. The idea behind
adding a rootless task was to run it in the manual treadmill, too.
This PR enables that, and more clearly documents the how and why.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #17486: stricter checks on --format.
* If a subcommand offers autocompletion for templates,
it must also offer a '--format json' option.
* If a subcommand has a --format option that DOES NOT
offer autocompletion for templates, it must be listed
in a hardcoded grandparented-in table of commands
where that's not applicable. (Mostly commands
like build, commit, save, where "format" is used
in the context of "oci/docker").
Only likely to trigger on PRs which add new subcommands,
and is intended to catch oversights.
Also, test for alphanumeric order in man page tables.
Sort all existing tables.
Signed-off-by: Ed Santiago <santiago@redhat.com>
command tables are chock full of duplication, hence they break.
Look for inconsistencies between the displayed man page name
and the actual man page name:
| foo | [podman-foo(1)](podman-cmd-foo.1.md) | ...
^^^
Inspired by #17474.
We can't actually check the subcommand name (the plain "foo")
because there are many existing subcommands whose name does
not match the man page: rmi vs image-rm, list vs podman-ps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Very belated successor to #14046.
I don't know why this is so important to me. Probably because we're
doing a halfhearted sloppy job of documenting, and new options get
added, and not documented, and that's just wrong.
I've given up on documenting internal structs. This iteration
has a $Format_Exceptions table defined at the top of the xref
script, enumerating a hardcoded defined set of podman commands
and fields that should remain undocumented.
This iteration also forgives completely-undocumented formats.
If podman-foo has a --format, but podman-foo.1.md does not
list *any* valid fields, the script warns but does not fail.
This at least is better than documenting a random mix of fields.
This version of the xref script is much slower: 10s vs 4. I
think we can live with that in a CI-only script.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Create the containers with a custom network. It has an impact on the
speed of container creation.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
One of the tmpfiles was not uniquely named, resulting in
conflicts with parallel 'make docs'. Fix that.
A better solution would be to run only one instance of the
preprocess script, but the Makefile incantation for that
is beyond me. This approach is CPU-wasteful but good enough.
Fixes: #17322
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add a script with reproducers for bugzilla.redhat.com/show_bug.cgi?id=2162111.
The results are not much different compared to the already existing
scripts. Podman is faster despite for container removal.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Updated build scripts and installer build scripts to include gvproxy.exe.
Includes tutorial on setting up a Podman VM with QEMU and gvproxy on Windows.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Add a set of scripts using hyperfine for comparing two container
engines. I am currently using the scripts for comparing Podman
and Docker, and with older versions of Podman.
These scripts are not meant for production usage but to aid in tracking
down performance regressions and bottlenecks.
Run the scripts via `sudo sh $script.sh`.
Use the following environment variables to change the default behavior:
* `ENGINE_A` to set container engine A (default `/usr/bin/podman`)
* `ENGINE_B` to set container engine B (default `/usr/bin/docker`)
* `RUNS` to change the runs/repetitions of each benchmarks (default `100`)
* `NUM_CONTAINERS` to change the number of created containers for some benchmarks (e.g., `ps`) (default `100`)
* `IMAGE` to change the default container image (default `docker.io/library/alpine:latest`)
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Some (?) Python versions assume that text files are encoded as 7-bit ASCII and abort when encountering other encoding. Some of podman's markdown documentation files are encoded as UTF-8, and this needs to be specified explicitly when opening files.
Closes https://github.com/containers/podman/issues/16996.
[NO NEW TESTS NEEDED]
Signed-off-by: Erik Schnetter <schnetter@gmail.com>
Even though we still rely on the user to start the podman
system service, enable the option anyway. It's much, much
friendlier than requiring 'env PODMAN=etc-etc'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The ROOT{,LESS}_ONLY logic is confusing and unmaintainable.
Change it to an easier-to-read positive check.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The man-page cross-reference script checks the SEE ALSO section
to confirm that all references are to existing man pages (#12258).
However, it's a little too forgiving: it allows aliases, the
short '.so' files under the 'links/' subdirectory. That means
we could link to non-default command names, and were doing so.
As of this PR, we no longer allow that. Any podman command
referenced in SEE ALSO must be the canonical command name
(and man page). Fix existing non-canonical names, and
remove the exception so we don't allow this again.
See #16848 for discussion of context.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This adds basic container and volume system tests for quadlet. These
install and run actual systemd units and ensure they work.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Go benchmark results include an Average, represented as
<mean> ± <standard deviation>
This is suboptimal for many reasons:
* Some web server somewhere in our CI pipeline (Cirrus?
Google? Gitlab? I have no idea) sends the wrong mime-type
header, rendering the CSV weird-looking in a browser.
Not that it's intended for a browser, but we have to
debug/verify manually once in a while.
* The spaces and +/- makes it less machine-readable.
Solution: split the "Average" field into two: Average, and
Standard Deviation. And, as a courtesy to human readers,
add a new column with SD as a percentage.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Update the snoop script to also include the arguments to make the output
more useful.
```
$ sudo hack/podmansnoop
PCOMM PID PPID AGE(ms) ARGV
conmon 14964 14952 1.01 /usr/bin/conmon --version
podman 14952 14139 26.07 /usr/bin/podman ps
```
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- move the ginkgo deps into test/tools which is more consitent with the
other tools there, listing in dependencies always causes errors with
linters
- do not install it globally on the system, instead we use it in a
subdir of this project
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Long-term followup to #14917. This adds a new one-off script,
to be run periodically, which runs our man-page crossref
against docker, highlighting commands and options that docker
lists in its --help but we don't list in our man pages.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Conceptually equivalent to networking by means of slirp4netns(1),
with a few practical differences:
- pasta(1) forks to background once networking is configured in the
namespace and quits on its own once the namespace is deleted:
file descriptor synchronisation and PID tracking are not needed
- port forwarding is configured via command line options at start-up,
instead of an API socket: this is taken care of right away as we're
about to start pasta
- there's no need for further selection of port forwarding modes:
pasta behaves similarly to containers-rootlessport for local binds
(splice() instead of read()/write() pairs, without L2-L4
translation), and keeps the original source address for non-local
connections like slirp4netns does
- IPv6 is not an experimental feature, and enabled by default. IPv6
port forwarding is supported
- by default, addresses and routes are copied from the host, that is,
container users will see the same IP address and routes as if they
were in the init namespace context. The interface name is also
sourced from the host upstream interface with the first default
route in the routing table. This is also configurable as documented
- sandboxing and seccomp(2) policies cannot be disabled
- only rootless mode is supported.
See https://passt.top for more details about pasta.
Also add a link to the maintained build of pasta(1) manual as valid
in the man page cross-reference checks: that's where the man page
for the latest build actually is -- it's not on Github and it doesn't
match any existing pattern, so add it explicitly.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Add a script to measure the execution times of podman, crun, run and
conmon. It's a trimmed down version of the exitsnoop tool and intended
to guide us in future performance optimizations.
The below output was generated when running
`podman run --net=host docker.io/library/alpine:latest true`
```
podman (snoop) $ sudo ./hack/podmansnoop
PCOMM PID PPID TID AGE(ms)
conmon 51580 51569 51580 1.67
conmon 51583 51569 51583 3.53
crun 51591 51590 51591 18.28
crun 51593 51569 51593 2.48
conmon 51606 51594 51606 0.85
crun 51608 51594 51608 2.50
podman 51594 51590 51594 176.27
conmon 51590 1950 51590 214.78
podman 51569 40964 51569 431.36
```
In the future, it would be helpful to add the arguments of the commands.
`execsnoop` can reveal them quite nicely but I did not manage to merge
the two scripts due to time constraints.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.
This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.
I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Support swagger testing and optional runtime updates similar to
the current golangci-lint tool. This allows developers to update the
version of swagger at runtime if needed. Otherwise new CI VM images
will pick up the prescribed version at image build-time via
`make install.tools`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Print the diff at the end of the report to help better understand what's
going on.
```
tree is dirty, please run "make vendor" and commit all changes.
M go.mod
M go.sum
M hack/tree_status.sh
M vendor/github.com/containers/storage/store.go
M vendor/modules.txt
---------------------- Diff below ----------------------
diff --git a/go.mod b/go.mod
index e36d3fb95c57..167d769c378f 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
github.com/containers/image/v5 v5.23.0
github.com/containers/ocicrypt v1.1.6
github.com/containers/psgo v1.7.3
- github.com/containers/storage v1.43.1-0.20221013143630-714f4fc6e80e
+ github.com/containers/storage v1.43.1-0.20221014072257-a144fee6f51c
github.com/coreos/go-systemd/v22 v22.4.0
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cyphar/filepath-securejoin v0.2.3
```
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
