Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Nasty test flake, "bad address nc-server.dns.podman"
Cause: "There is absolutely no guarantee that aardvark-dns
is ready before the container is started." (source: Paul).
Workaround (not a real solution): wait before doing a host lookup.
Also: remove a 99%-duplicate test.
Closes: #16272 (I hope)
Signed-off-by: Ed Santiago <santiago@redhat.com>
The problem right now is that --ns contianer: syntax causes use to add
the namespace path to the spec which means the runtime will try to call
setns on that. This works fine for private namespaces but when the host
namspace is used by the container a rootless user is not allowed to
join that namespace so the setns call will return with permission
denied.
The fix is to effectively switch the container to the `host` mode
instead of `container:` when the mention container used the host ns. I
tried to fix this deep into the libpod call when we assign these
namespaces but the problem is that this does not work correctly because
these namespace require much more setup. Mainly different kind of mount
points to work correctly.
We already have similar work-arounds in place for pods because they also
need this.
For some reason this does not work with the user namespace, I don't know
why and I don't think it is really needed so I left this out just to get
at least the rest working. The original issue only reported this for the
network namespace.
Fixes#18027
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Our friend #7096 is still not fixed: it continues to flake,
singletons only, and only in the "create" test (not "run").
My guess: maybe there's a race somewhere in IP assignment,
such that container1 can have an IP, but not yet be running,
and a container2 can sneak in and start with that IP, and
container1 is the one that fails?
Solution: tighten the logic so we wait for container1 to
truly be running before we start container2. And, when we
start container2, do so with -a so we get to see stdout.
(Am not expecting it to be helpful, but who knows).
Also very minor cleanup
Signed-off-by: Ed Santiago <santiago@redhat.com>
Having a container spin-wait on a /stop file, then exit, is
unsafe: 'podman exec $ctr touch /stop' can get sucked into
container cleanup before the exec terminates, resulting in
the podman-exec failing and hence the test failing.
Most existing instances of this pattern are unnecessary.
Replace those with just 'podman rm -f'.
When necessary, use a variety of safer alternatives.
Re-Closes: #10825 (already closed; this addresses remaining cases)
Signed-off-by: Ed Santiago <santiago@redhat.com>
We should return the raw state string without any extra formatting in
this case.
`{{.Status}}` returns the nicely formatted string used in the default ps
output, e.g. `Up 2 seconds ago`, while `{{.State}}` returns the state as
string, e.g. `running`.
This matches the docker output and allows better use in scripts.
Fixes#18244
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The `exec` session somestimes exits with 137 as the exec session races
with the cleanup process of the exiting container. Fix the flake by
running a detached exec session.
Fixes: #10825
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When running the remote integration test I have over 1000 zombies
because each test creates a single service process. Only after ginkgo
exists they get finally reaped by the init process. This only effected
the rootless runs.
For some reason the test use different logic between root and rootless.
This doesn't make much sense. I also see no reason to manually kill
child processes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is a rather big deal. All system services shared the same tmpdir
which causes big issues for the rootless netns setup.
Also use --events-backend file like the local ones. This is important
otherwise reading events and takes ages as the jounal is shared for all
tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Creating a new diretory results in the test leaking it when it is not
removed via a defer call. All tests have already access to
`podmanTest.TempDir` which will be automatically removed in the
`AfterEach()` block.
While some test were fine other forgot the defer call. To keep the test
consitent and prevent other from making the same mistake convert all
users to `podmanTest.TempDir`. `CreateTempDirInTempDir()` is only used
for the `podmanTest.Setup()` call.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some network test use the same subnet as others, because the network
config direcory is shared we must ensure subnets do not conflict as
tests are run in parallel. I see this locally when running with 12
threads.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If a unit is not active the exit code from systemctl is 3. Thus this
test always failed because it checked the error.
Fix this by checking the exit code and remove the unnecessary output
parsing.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Running these locally always created a popup to ask me for my password
as I am in the wheel group.
I would also argue that such a test should not be run on any local
system ever even as root. First docker could be a symlink to podman so
the check if the image is there would fail. Second starting the docker
deamon in a podman test suite just feels very unexpected.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Because the test mounts the current dir it does not need to create a new
file in it. Just check if the current test file is there should fulfill
the same purpose.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Adds two custom config dirs to tests that were missed in
commit dc9a65e348.
Fixes#17946 (hopefully finally)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If user specifies commit --format, we were not setting it before
commit, this caused warning messages that made no sense to be
printed that made no sense.
Fixes: https://github.com/containers/podman/issues/17773
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
A cgroup could have been deleted by the time WalkDir is trying to
access it. Ignore the error and continue.
Closes: https://github.com/containers/podman/issues/17989
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
PR #15093 implemented support for NoPrune in the ImageRemoveOptions,
this PR simply brings that also to the compat API along with
regression tests.
Signed-off-by: Andreas Kohn <andreas.kohn@gmail.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
uber/jaeger-client-go library is deprecated. Remove it.
Only place it's used is in one e2e test, a test that is flaking
in a way that suggests that the HostIP() weighting heuristic from
that module was not actually getting the best outgoing IP address.
So, switch to using what seems to be the current best practice.
No need to make it reusable, since it's only used in one place.
Oh, also remove undesired "-dt" from two "podman run"s. In one
it's harmless, in the other it would cause a test failure under
some circumstances.
Closes: #18269 (optimistic, aren't I?)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Following @edsantiago guidance,
* Additional explanations for each step of the test
* Timezone for tests normalized to UTC
* Smarter choice of separator and use of shell substring extraction
Signed-off-by: rbagd <mail@rbagd.eu>
Adapts to pass the test even if
podman binary path is not `/usr/local/bin/podman`.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
Closes#17767Closes#17768
System test for image list and history dates
* Changed field separator in the test to `;` for easier parsing
* Converted date output from image history and image list to be comparable
Signed-off-by: rbagd <mail@rbagd.eu>
Fix a number of bugs wrt. filtering remote containers and how to
process specified names or IDs. I _really_ do not like the duplication
between remote and local Podman but want to focus on fixing #18153
for now.
What I desire in the future is to consolidate all functionality of
looking up containers (all, latest, filters, specified names/IDs, etc.)
and for remote clients to just call containers/list etc.
Fixes: #18153
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
