A conditional in `version-check` bypasses the test for PRs. However,
it appears it was intended to execute during the daily cirrus-cron runs.
However, the cron-job it references (`nightly`) doesn't exist. This is
causing the test to run for every merge into `main`, and never run for
`main` branch cirrus-cron job. Fix the name so the test **ONLY**
runs for the `main` branch cron-job.
Also, since the test is currently failing, update the docs as per the
output instructions.
Signed-off-by: Chris Evich <cevich@redhat.com>
An ongoing issue with uploading artifacts is hindering development
progress. Temporarily disable all aflicted tasks until the problem is
resolved. Typical error message:
```
Uploading 1 artifacts for
Failed to upload artifacts: Put
...cut...
tls: server selected unsupported protocol version 303
Re-trying to artifacts upload...
```
Signed-off-by: Chris Evich <cevich@redhat.com>
* Utils must support higher level API to create Tar with chrooted into
directory
* Volume export: use TarwithChroot instead of Tar so we can make sure no
symlink can be exported by tar if it exists outside of the source
directory.
* container export: use chroot and Tar instead of Tar so we can make sure no
symlink can be exported by tar if it exists outside of the mointPoint.
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Race needs combination of external/in-container mechanism which is hard to repro in CI.
Closes: BZ:#2168256
CVE: https://access.redhat.com/security/cve/CVE-2023-0778
Signed-off-by: Aditya R <arajan@redhat.com>
Tests constantly fail with zero indication of why. Fix that.
- add correct default for $QUADLET path
- add check to make sure it exists
- log quadlet commands and their output
Signed-off-by: Ed Santiago <santiago@redhat.com>
we were previously using an experimental feature in crun, but we lost
this capability once we moved to using the OCI runtime spec to specify
the volume mappings in fdcc2257df0fb0cb72d3fbe1b5aa8625955e1219.
Add the same feature to libpod, so that we can support relative
positions for the idmaps.
Closes: https://github.com/containers/podman/issues/17517
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
I can't find instances of the "lookup cdn03.quay.io" flake
in RHEL gating tests. RHEL does not use systemd-resolved.
Maybe pure coincidence. Maybe not.
Let's try disabling systemd-resolved and see how things go.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Replace existing tab indentations with spaces, and add
a test to CI to prevent new ones from sneaking in.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Podman machine os apply takes a takes a OCI image with container native ostree functionality and rebases the machine os on that image.
Currently, this requires the guest os inside the vm to use rpm-ostree.
When specifying an image, any container transport may be specified. If a
container transport is not specified, OS apply will attempt to search
the local containers-storage for the image, and if it is not found, it
will then attempt to use the Docker transport to pull from a remote
registry.
The architecture of OS apply is as follows:
podman machine os apply ssh's into the machine and calls podman machine os
apply. on the secondary call to podman machine os apply, apply
recognizes that it is inside the machine and does image operations, and
finally calls rpm-ostree rebase.
Tests are written but commented out, due to the chicken-and-egg problem.
Signed-off-by: Ashley Cui <acui@redhat.com>
When generating a kube yaml with kube generate, do not
set the hostPort in the pod spec if the service flag is
set and we are generating a service kind too.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Followup to #17486: stricter checks on --format.
* If a subcommand offers autocompletion for templates,
it must also offer a '--format json' option.
* If a subcommand has a --format option that DOES NOT
offer autocompletion for templates, it must be listed
in a hardcoded grandparented-in table of commands
where that's not applicable. (Mostly commands
like build, commit, save, where "format" is used
in the context of "oci/docker").
Only likely to trigger on PRs which add new subcommands,
and is intended to catch oversights.
Also, test for alphanumeric order in man page tables.
Sort all existing tables.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* add tests
* add documentation for --shm-size-systemd
* add support for both pod and standalone run
Signed-off-by: danishprakash <danish.prakash@suse.com>
Add a podman ulimit annotation to kube generate and play.
If a container has a container with ulimits set, kube gen
will add those as an annotation to the generated yaml.
If kube play encounters the ulimit annotation, it will set
ulimits for the container being played.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
command tables are chock full of duplication, hence they break.
Look for inconsistencies between the displayed man page name
and the actual man page name:
| foo | [podman-foo(1)](podman-cmd-foo.1.md) | ...
^^^
Inspired by #17474.
We can't actually check the subcommand name (the plain "foo")
because there are many existing subcommands whose name does
not match the man page: rmi vs image-rm, list vs podman-ps.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Remove the container in ExecStop to make sure that Quadlet's adheres to
Podman's customizable stop signal/timeout. Certain programs ignore
SIGTERM which renders the services generated by Quadlet less user
friendly compared to the ones from podman-generate-systemd.
Previously, `systemctl stop` would just hang until systemd's stop
timeout is hit. Since `podman rm` also removes the CID file, the
additional `rm` can be removed. Note that `podman rm` will return
immediately if the specified CID file isn't present.
I am working on a short tutorial on Quadlet and hit the issue with a
simple container running `sleep`. `sleep` ignores SIGTERM and stopping
the service would take forever even with `PodmanArgs=--stop-timeout=0`.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Install the signal proxy before attaching to/starting the container to
make sure there's no race-condition as revealed in the failing start/run
tests in #16901. The tests had the valid expectation that signal
forwarding works once the container is running.
Further update the tests to account for the attach test where the
expectation is that signal forwarding works once Podman has attached to
container (or even before).
Fixes: #16901
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Signed-off-by: Ed Santiago <santiago@redhat.com>
