Enable the --configmap flag for the remote case of podman
kube play. Users can pass in the paths to the configmap files
for kube play to use when creating the pods and containers from
a kube yaml file. The configmap file is read and the contents are
appended to the contents of the main yaml file before passed to the
remote client.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Accept a tag in the compat api endpoint. For the fromImage param we
already parse it but for fromSrc we did not.
Fixes#18597
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
'make docs' has been spitting out these warnings:
WARNING: go-md2man does not handle node type HTMLSpan
Warnings suck, they cost us important time and attention.
This warning is always caused by left-angle-brackets in markdown
but they are very hard to find. I've found them and fixed them.
Warnings are now gone.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Init containers are currently not properly supported in
generate-systemd and there are no plans to do so since
all focus lies on Quadlet going forward.
Hence, generate systemd should through an error.
Closes: #18585
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rather than supporting a special-mode *just* for netavark/aardvark
testing [in podman CI], support testing with all the latest
`podman-next` COPR packages.
The idea here is very similar to the netavark/aardvark special mode it
replaces. Most podman-dependencies do not have the level of
comprehensive CI as exist here. This new CI-mode allows testing
upstream updates to podman-dependencies without needing to roll out
a whole new package/release for them.
Also update documentation for this new mode.
Signed-off-by: Chris Evich <cevich@redhat.com>
This magic string isn't often used and may cause confusion with future
magic-string additions. Remove it.
Signed-off-by: Chris Evich <cevich@redhat.com>
In run_podman(), display a nanosecond-level timestamp next to
each command and its output.
Because this clutters the results, teach logformatter to grok
these new timestamps, strip them, and display a more human-readable
time delta in the left-hand timestamp column. logformatter started off
as a mess and is now, well, 🤮. I'm sorry. I just hope its results
make it worthwhile.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When running ginkgo tests locally we often only want to test a small
subset. I think most people just add the `FIt` block but then you need
to remember to undo that before pushing the changes.
With this change you can just run:
```
make localintegration FOCUS="test name here"
make localintegration FOCUS_FILE="some_test.go"
```
I updated the test Readme to use this new syntax.
The options just map to the ginkgo options, see the upstream docs
linked in the readme for more information about syntax.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Followup to #18578: move Serial to Describe(), in case new
tests get added to this module. And, explain the reasoning.
Signed-off-by: Ed Santiago <santiago@redhat.com>
gvproxy listens on 127.0.0.1, using localhost as hostname can result in
the client trying to connect to the ipv6 localhost (`::1`). This will
fail as shown in the issue. This switches the hostname in the system
connection to 127.0.0.1 to fix this problem.
I switched the qemu, hyperV and WSL backend. I haven't touched the
applehv code because it uses two different ips and I am not sure what is
the correct thing there. I leave this to Brent to figure out.
[NO NEW TESTS NEEDED]
[1] https://github.com/containers/gvisor-tap-vsock/blob/main/cmd/gvproxy/main.go#L197-L199Fixes#16470
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Reason: gpg tests all run with a different GNUPGHOME, and gpg-agent
does not like that, and there's no longer any way to run gpg
without the agent. So, do not run these tests in parallel, and
clean up agent after each test.
Fixes: #17966 (I hope)
May also fix#18358 but it will take some time to be sure.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When no name arg is given to Podman machine commands, Podman assumes the machine name is podman-machine-default. Document this behavior.
Signed-off-by: Ashley Cui <acui@redhat.com>
...in three kube tests. And, missing error-message checks.
And, reverse the sense of a confusing Expect(), plus add
a description to the test failure. And, set never-restart,
otherwise our "podman wait" will spin for an indeterminate
time.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The `--network-cmd-path` CLI option only affects rootless networks using `slirp4netns(1)`, not `pasta(1)`. Following #18568 Podman should rather use the more generic `r.config.FindHelperBinary()` method (and therefore honour the `helper_binaries_dir` config) to find the path to the `slirp4netns` binary and deprecate the misleading `--network-cmd-path` CLI option. However, since this wasn't implemented yet we can't deprecate `--network-cmd-path` as of now. Adding a note anyway.
Fixes#18560
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
RHEL release-branches potentially need to be maintained for a very long
time. Improve reliability and CI-speed by skipping tasks which are not
needed for RHEL. For example, there will (likely) never be RHEL
releases of the MacOS or Windows versions of podman-remote. Also,
relocate the `win_installer_task` in the config. to better reflect it's
sequence among CI tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
There is no reason to define the same code every time in each file, just
use global nodes. This diff should speak for itself.
CleanupSecrets()/Volume() no longer call Cleanup() directly, as the
global AfterEach node will always call Cleanup() this is no longer
necessary. If one AfterEach() node fails it will still run the others.
Also always unset the CONTAINERS_CONF env vars. This prevents people
from forgetting to unset it. And fix the special CONTAINERS_CONF logic
in the system connection tests, we do not want to preserve
CONTAINERS_CONF anyway so just remove this logic.
Ginkgo orders the BeforeEach and AfterEach nodes. They will be executed
from the outer-most defined to inner-most. This means our global
BeforeEach is always first. Only then the inner one (in the Describe()
function in each file). For AfterEach it is inverted, from the inner to
the outer.
Also see https://onsi.github.io/ginkgo/#organizing-specs-with-container-nodes
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure that the directory formats are not just substituted with their
archive counterparts but actually tar'ed up directories. Also make sure
that the clients don't get chown errors by setting rootless user and
group ID instead of O when running in the user namespace.
Fixes: #15897
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
These annotations can have security implications - crun, for
example, allows rootless containers to preserve the user's groups
through an annotation. We absolutely should not include
annotations from an untrusted image off the internet by default.
We may consider whitelisting some annotations (e.g. the legacy
WASM annotations), but given that there is now a more explicit
way of specifying an image uses the WASM runtime in the OCI image
spec, I'm just tearing this out entirely for now.
Signed-off-by: Matt Heon <mheon@redhat.com>
Read the entire YAML file in case of a multi-doc file
Adjust the unit test
Add a system test
Add comment in the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Several tweaks to see if we can track down #17216, the unlinkat-ebusy
flake:
- teardown(): if a cleanup command fails, display it and its
output to the debug channel. This should never happen, but
it can and does (see #18180, dependent containers). We
need to know about it.
- selinux tests: use unique pod names. This should help when
scanning journal logs.
- many tests: add "-f -t0" to "pod rm"
And, several unrelated changes caught by accident:
- images-commit-with-comment test: was leaving a stray image
behind. Clean it up, and make a few more readability tweaks
- podman-remote-group-add test: add an explicit skip()
when not remote. (Otherwise, test passes cleanly on
podman local, which is misleading)
- lots of container cleanup and/or adding "--rm" to run commands,
to avoid leaving stray containers
Signed-off-by: Ed Santiago <santiago@redhat.com>
