The usual bug that we always seem to forget about: "kube play"
needs "podman wait" before we can "podman logs". (And, reminder,
"kube play --wait" is worthless because it destroys containers).
Reference: #18074, the original PR that fixed a bunch of these flakes.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that `kube down` and `kube play --replace` do not error out
when an object does not exist (or has already been removed). Such kind
of teardown should not be treated as an ordinary `rm` but as an
`rm --ignore`. It's purpose it to make sure that all objects in a YAML
are removed; even if they existed only partially.
Fixes: #19711
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Value of `--force-compression` should be already `true` is
`--compression-format` is selected otherwise let users decide.
Signed-off-by: Aditya R <arajan@redhat.com>
when the "kill" command fails, print the stderr from the OCI runtime
only after we check the container state.
It also simplifies the code since we don't have to hard code the error
messages we want to ignore.
Closes: https://github.com/containers/podman/issues/18452
[NO NEW TESTS NEEDED] it fixes a flake.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Added support for security.Context.sysctls.name and security.Context.sysctls.value fields in v4.6, documentation updated accordingly
See also: #16711, #17464
Commit: f9af496 "[FEAT] Support sysctl configurations from Pod Spec"
Signed-off-by: Wesley H. Gimenes <wehagy+github@gmail.com>
These are relevant when validating upstream or selinux-policy changes,
but not podman ones. This makes the revdeps tests more robust against
random (non-fatal) SELinux denials or messages from other system
components.
[NO NEW TESTS NEEDED] - This is test configuration.
Signed-off-by: Martin Pitt <mpitt@redhat.com>
The cockpit team only ever supports two parallel Fedora releases, and
will soon discontinue updating Fedora 37. So, instead of risking testing
against an obsolete Fedora, test against the most recent stable and
all development series. These are often fewer than we support, but
that's totally sufficient for this purpose.
[NO NEW TESTS NEEDED] - This is test configuration.
Signed-off-by: Martin Pitt <mpitt@redhat.com>
As promised in #19596, this pr deduplicates and refactors image
acquisition. All virt providers that use FCOS as its default now use
the same code.
[NO NEW TESTS NEEDED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
Registers a rootless and rootful socket underneath /mnt/wsl/podman-sockets/[machine name]/
This allows podman remote clients on other Linux distributions to access podman.
This also registers the podman root socket under the wheel group, to allow for rootful
linking against /var/run/docker.sock, a use case expected by some clients and APIs.
While this is not recommended practice on a Linux host, a WSL guest is user-isolated
and already enables escalation trivially.
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Unexplained infrequent flakes in sdnotify system tests,
waiting for READY=1.
Hypothesis: race condition between the container sending
the READY string and that string making it through conmon
and socat into the log file.
Solution: don't just check once; keep trying in a loop.
Write a reusable wait_for_file_content() helper function,
and clean up a bunch more tests as long as we're at it.
Fixes: #19724
Signed-off-by: Ed Santiago <santiago@redhat.com>
The `contrib/hello` directory is needed for some CI tests here and in
buildah. Further, the build job that produces images from this
directory are currently broken. Disable the build job, and updte
the README.md to point people at the replacement repo. for this content.
Ref: https://github.com/containers/podman/pull/19730
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes: https://github.com/containers/podman/issues/19139
Service containers are defaulting to 0 seconds for Timeout rather then
the settings in containers.conf.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Currently containers created via DOCKER API without specifying
StopTimeout are defaulting to 0 seconds. This change should
default them to setting in containers.conf normally 10 seconds.
Fixes: https://github.com/containers/podman/issues/19139
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add io.podman.annotations.infra.name annotation to kube play so
users can set the name of the infra container created.
When a pod is created with --infra-name set, the generated
kube yaml will have an infraName annotation set that will
be used when playing the generated yaml with podman.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
Do not close a notifyproxy more than once. Also polish the backend a
bit to reflect ealier changes from commit 4fa307f.
Fixes: #19715
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Unset the NOTIFY_SOCKET environment variable after sending the MAIN_PID
and READY message. This avoids any unintentional side-effects of other
code paths using the socket assuming they'd run in a non-server
short-lived Podman process.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
The attach API used to always return the Content-Type
`vnd.docker.raw-stream`, however docker api v1.42 added the
`vnd.docker.multiplexed-stream` type when no tty was used.
Follow suit and return the same header for docker api v1.42 and libpod
v4.7.0. This technically allows clients to make a small optimization as
they no longer need to inspect the container to see if they get a raw or
multiplexed stream.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
