Add support for adding podman level arguments before subcommand
Add specific key for Containers Conf Modules
Global arguments are added for both start and stop commands
Adjust testing environment
Add tests
Add to man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
As requested in containers/podman/issues/20000, add a `privileged` field
to the containers table in containers.conf. I was hesitant to add such
a field at first (for security reasons) but I understand that such a
field can come in handy when using modules - certain workloads require a
privileged container.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman server logs are mostly full of healthcheck output, making them hard to navigate. Hence, made healthcheck service to run with LogLevelMax=notice, this would remove the normal output, inclusive the started/stopped messages from systemd itself.
Fixes#17856
Signed-off-by: Chetan Giradkar <cgiradka@redhat.com>
Add support for DefaultMode for configMaps and secrets.
This allows users to set the file permissions for files
created with their volume mounts. Adheres to k8s defaults.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
The id, digest, and intermediate filters were broken
for podman images. Fix to match on substrings instead of
the whole string for id and digest. Add the intermediate value
correctly when set.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
...from f38 + f37.
Requires one minor e2e test change, to handle an error logging
change in conmon 2.1.8.
Also, this is important, requires crun-1.9.1 because of a kernel
symlink change; see https://github.com/containers/crun/pull/1309
The VM images here were carefully built to include that. By the
time the next VM images get built, it should be default.
Since we've bumped crun, remove two obsolete skips
And, skip a flaky pasta test, #20170
Signed-off-by: Ed Santiago <santiago@redhat.com>
Commit 2 of 2: individual special-case handling of tests
which did not pass under ExitCleanly(), one or more of:
- add "-q" to commit & push commands
- add ErrorToString() checks
- remove unnecessary ErrorToString() checks
Signed-off-by: Ed Santiago <santiago@redhat.com>
Final push on RUN-1907. Commit 1 of 2.
This is the final set of test/e2e/*_test.go files to be
converted from Exit(0) to ExitCleanly().
This commit is a mix of automated string-replace with
manual revert-back: tests that did not pass with ExitCleanly()
are reverted back to Exit(0), so they will not show up as
diffs in this commit. When possible, I address those in
my next commit.
My goal was to make this commit a don't-bother-reviewing one
that will also pass tests (so as not to break git-bisect).
The next commit is the important one to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Some keys, e.g. ro do not have values.
The current implementation crashed looking for the = sign
Externalize findMountType in a new package
Parse mount command using FindMountType
Rebuild parameter string using csv
Add test case and adjust the test framework
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
When you run e2e tests locally they use CNI unless the NETWORK_BACKEND
env was set to netavark. Because our main focus is on netavark we should
test it by default.
For local tests this should help to prevent CNI/netavark conflicts as I
assume most systems where people run tests on are on netavark by now.
For CI testing we hardcode NETWORK_BACKEND there to test both netavark
(on current fedora) and CNI (prior fedora). MAke sure to switch the
logic in the CI setup to reflect that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Pass the _entire_ environment to conmon instead of selectively enabling
only specific variables. The main reasoning is to make sure that conmon
and the podman-cleanup callback process operate in the exact same
environment than the initial podman process. Some configuration files
may be passed via environment variables. Podman not passing those down
to conmon has led to subtle and hard to debug issues in the past, so
passing all down will avoid such kinds of issues in the future.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Commit 2 of 2: fixes to get tests passing
Mostly reverting back to Exit(0) on tests that produce stderr,
adding stderr checks when those are missing.
One pretty big exception: "run check dns" test was completely
broken in many respects. It should never have worked under CNI,
but was passing because nslookup in that alpine image was
checking /etc/hosts. This has been fixed in subsequent alpine
images, which we're now using in this test (CITEST_IMAGE).
Signed-off-by: Ed Santiago <santiago@redhat.com>
PR #20082 bumped fedora-minimal, from f34 to f39. This worked
fine for a few days, then all of a sudden CI started breaking
because the f39 minimal image got rebuilt and repushed without
adduser. #20127 was an emergency fix; this is a stabler fix.
We keep using not-under-our-control container images, and we
keep getting burned when those get updated in nasty ways. Here
we switch to using a tagged & versioned fedora-minimal image
that is under our control.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The processing and setting of the static and volume directories was
scattered across the code base (including c/common) leading to subtle
errors that surfaced in #19938.
There were multiple issues that I try to summarize below:
- c/common loaded the graphroot from c/storage to set the defaults for
static and volume dir. That ignored Podman's --root flag and
surfaced in #19938 and other bugs. c/common does not set the
defaults anymore which gives Podman the ability to detect when the
user/admin configured a custom directory (not empty value).
- When parsing the CLI, Podman (ab)uses containers.conf structures to
set the defaults but also to override them in case the user specified
a flag. The --root flag overrode the static dir which is wrong and
broke a couple of use cases. Now there is a dedicated field for in
the "PodmanConfig" which also includes a containers.conf struct.
- The defaults for static and volume dir and now being set correctly
and adhere to --root.
- The CONTAINERS_CONF_OVERRIDE env variable has not been passed to the
cleanup process. I believe that _all_ env variables should be passed
to conmon to avoid such subtle bugs.
Overall I find that the code and logic is scattered and hard to
understand and follow. I refrained from larger refactorings as I really
just want to get #19938 fixed and then go back to other priorities.
https://github.com/containers/common/pull/1659 broke three pkg/machine
tests. Those have been commented out until getting fixed.
Fixes: #19938
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The fedora minimal 39 image has been updated on the fedora registry and
removed the `useradd` binary. Since we were pulling by tag and not by
digest, updates to images outside of our control always entail a certain
risk - and now it bit us.
To fix it, try to move as many users of `useradd` to _our_ CITEST_IMAGE
and migrate the code where necessary to this Alpine-based tooling.
However, the Alpine-based `adduser` binary (not useradd!) doesn't work
well when being executed as a non-root user and will just error out.
Hence, move the fedora minimal image back to version 34 which is still
including the `useradd` binary.
Ultimately, all images on public registries should be pulled via digest
to make sure we pin them down. I refrain from doing this now to make
sure we can cherry-pick this PR to older branches and get things back
into a working state ASAP.
Fixes: #20119
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Container ports defined with containerPort were exposed by default
even though kubernetes interprets them as mostly informative.
Closes#17028
Signed-off-by: Peter Werner <wpw.peter@gmail.com>
Fix farm update to verify a connection exists before
removing or adding it.
Also verify that the farm we want to update exists.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This is not really an error, if the anonymous volume is still used then
this likely means it was transferred to another container with
--volumes-from. This is what the user wants and it is not like the user
can act on the logged error anyway. Once the last user of the volume is
removed it will be removed correctly.
see https://github.com/containers/podman/pull/19637
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Commit 2 of 2: steps to make tests work under ExitCleanly()
Mostly adding "-q" to push/pull, but also:
- revert ExitCleanly(), and add error-message checks
if absent;
- fix a test that was completely nonfunctional from
Day One: test was getting skipped because registry
couldn't start, because of missing ":z"s in mount option.
Fixed, and removed the bypass;
- use built-in skopeo, not pulled-container skopeo. Skopeo
is already a requirement for system tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
