with the new mount API is available, the OCI runtime doesn't require
that each parent directory for a bind mount must be accessible.
Instead it is opened in the initial user namespace and passed down to
the container init process.
This requires that the kernel supports the new mount API and that the
OCI runtime uses it.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When a user specifies a invalid connection in CONTAINER_CONNECTION then
podman should return a proper error saying so. Currently it ignored the
error and in rootFlags() just exited early with defining any flags. This
caused a panic then when trying to use the flags later.
In order to address this first store the connection error in the
PodmanConfig struct and not abort right away during flag setup. This is
important as the user might have specified a flag with a valid remote
connection. As such we check all flags and only when none were given we
return the connection error.
Also while at it I noticed that the default connection reported via
podman --help was wrong as it only used the old containers.conf field
for it and did not consider the podman-connections.json default.
New regression tests have been added to make sure it behaves correctly.
This fixes the problem reported in the PR #22997.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a test to verify that restoring a container in a Pod works when
the `container restore --pod` option is used with Pod *name* (this
functionality was previously limited to support only full Pod ID).
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
PR #22821 (CI speedup) was overly aggressive in one kube test.
It's flaking. Bump up timeout from 3s to 4.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Now that we have source based skips there might be a case where we have
to run all tests. One option is to simply change a line in one of the
danger files but having something that can be set as title might be
easier for users.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We do not have to test everything for each PR, we can know based on the
source if we changed (i.e. machine code) and only run the tests then.
This implements it as skip conditions, due to the nature of yaml files
we unfortunately cannot deduplicate everything, i.e. the is PR check and
danger files apply to everything but as skip is only a single yaml
string we cannot deduplicate parts of that string. If anyone knows a way
to achieve this I like to hear it.
For now I implemented this for int, system, bud and machine tests. Once
we are more comfortable with this I plan on adding it to other tests as
well.
This will replace the current _bail_if_test_can_be_skipped logic as it
covers more, marks tasks actually skipped in the github UI and works
even for the windows/macos machine tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Built in: https://github.com/containers/automation_images/pull/361
Main changes:
- lots of package bumps, see link above. Most important
is debian systemd, which should fix the XDG bug in 256-rc3
- workaround for rawhide IMA (signed rpms) issue
- rawhide now includes composefs
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currently, when Podman restores a container into a Pod, it always fails
with the following error:
Error: cannot add container f96670b26e53e70f7f451191ea39a093c940c6c48b47218aeeef1396cb860042 to pod h2-pod: no such pod
This error occurs because r.state.Pod() is called in setupContainer()
with the Pod name instead of ID. This patch fixes this problem by
setting ctrConfig.Pod to pod.ID().
Reported-by: Stanislav Kosorin <stanokosorin4@gmail.com>
Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
The leak check is slower (over 5mins) so we do not wnat them on PR runs
to speed system tests up. However that opens the door for someone to add
a test which forgets to do the correct cleanup themselves. This might
not cause a fatal error right away and only later when new tests would
be added. To prevent this happening the nighlty run will check leaks so
that we can fix them quickly and not notice them months/years later when
a new test is added that might trip over it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
At the end of all tests always check for leaks. That should make us more
robust against adding tests at the end that would leak stuff otherwise.
TODO: something seems wrong with bats when returning an error in
teardown_suite(), it prints a warning:
bats warning: Executed <NUM+1> instead of expected <NUM> tests
And also the output is formatted weirdly in this case where the podman
args are split over multiple lines.
But the test fails as expected so I don't think it is a problem.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
While these are not really slow they still take about 100-250ms if I
time this locally. Given they are run for every test this adds up
quickly. Looking at CI logs I can see the timings for skipped
tests are all in 600ms range. So I think it is safe to assume that these
functions need to get faster.
We have over 670 test cases currently so we talk about over 400s spend
in these functions in CI. This allows for big gains.
Now overall this is a tricky trade of, while all tests should cleanup
after themselves there is no guarantee for that as such errors can be
leaked into other tests making debugging much harder. To work at least a
bit against this teardown checks if the test was successful and only
skips the podman commands bases on that. Without it a single flake could
cause all following tets to fail.
As such this commit does the proper setup once one suite start then only
after a test failed.
In order for this to work at all we have to fix all leaks first, see
previous commits. And then for the future keep a very strong eye on
this during reviews.
Also add a PODMAN_BATS_LEAK_CHECK option
By default test must cleanup themselves and to speed up CI we no longer
do any cleanup in teardown by default. However there is still many cases
where we might have to debug a leak so add a new PODMAN_BATS_LEAK_CHECK
env option that can be set and should cause teardown to fail if the test
did not cleanup properly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Remove leaking containers and remove unessesary push/pull args. For push
it tries to push an image as argument which makes no sense and for pull
we try to pull argument as image which is also wrong.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We do a soft stop via systemd to allow graceful shutdown behavior.
Hoewever for unknown reason we are hitting such a case in CI right now.
Regardless of the CI issue we should always to the hard terminate in
such case so only log the timeout as warning.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
First of some commands ignored cmd.Wait() error which means it was
impossible to notice any command errors. And others only returned
the wait error as it which when a command fails is just
`exit status <code>` which is not helpful at all.
This commit should add proper error wrapping with stderr to get useful
strings back hopefully.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
No idea why we need them, it passes without them so I just remove them.
Currently CI is broken as this install is failing on rawhide for some
reason. I don't know what changed there but this is working and unblocks
CI so I like to get this in.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Assist humans by indicating clearly whe a release announcement is
pertaining to a candidate. Otherwise, it's possible someone may
overlook the `-rcX` version suffix.
Also fix a quoting problem missed in testing.
Signed-off-by: Chris Evich <cevich@redhat.com>
Rather than manually crafting what ends up being nearly identical
release e-mails, do it automatically whenever a release is created.
Note: At the time of this commit, there is a possible race condition
with the `mac-pkg.yml` workflow, since it runs in parallel. It could
fail, or fail to complete prior to the e-mail content being generated.
This should be unlikely, if `release-artifacts.yml` goes through and
compiles every artifact, but it's not guaranteed.
Signed-off-by: Chris Evich <cevich@redhat.com>
There's a reasonable chance this workflow will be triggered by a human
(via `workflow_dispatch``), and a non-zero chance with an invalid
version number for which a release should not be created. Detect this
and provide a way for the operator to debug the source of the error.
Also fix some whitespace inconsistencies.
Signed-off-by: Chris Evich <cevich@redhat.com>
