Secret-verify-leak is causing flakes, when running in parallel tests.
This is because remote secrets are copied into the context directory to
send to the API server, and secret-verify-leak is doing a COPY * and
then checking if the temporary secret file ends up in the container or
not. Since all the temporary files are prefixed with
"podman-build-secret", this test checks if podman-build-secret is in the
image. However, when run in parallel with other tests, other temporary
podman-build-secrets might be in the context dir. Moving
secret-verify-leak into its own directory makes sure that the context
dir is used only by this one test.
Also renamed Dockerfile -> Containerfile and cleaned up unused
Containerfiles.
Signed-off-by: Ashley Cui <acui@redhat.com>
Error out if the kube yaml passed to play kube has more
than one container or init container with the same name.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh
Signed-off-by: Jhon Honce <jhonce@redhat.com>
The current PR process for release bump has the HEAD commit which bumps
version/version.go to the form `release+1-dev`. This makes Cirrus
publish release artifacts with `release+1-dev` and not `release`.
For example, the msi generated at https://cirrus-ci.com/task/5403901196238848
says podman-v4.0.3-dev.msi .
Building locally by checking out the released tag would generate the
correct artifacts and would also be faster and more convenient.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
do not attempt to use cgroups with pods if the cgroups are disabled.
A similar check is already in place for containers.
Closes: https://github.com/containers/podman/issues/13411
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
While resolving `workdir` we mostly create a `workdir` when `stat`
fails with `ENOENT` or `ErrNotExist` however following cases are not
true when user explicitly specifies a `workdir` while `running` using
`--workdir` which tells `podman` to only use workdir if its exists on
the container. Following configuration is implicity set with other
`run` mechanism like `podman play kube`
Problem with explicit `--workdir` or similar implicit config in `podman play
kube` is that currently podman ignores the fact that workdir can also be
a `symlink` and actual `link` could be valid.
Hence following commit ensures that in such scenarios when a `workdir`
is not found and we cannot create a `workdir` podman must perform a
check to ensure that if `workdir` is a `symlink` and `link` is resolved
successfully and resolved link is present on the container then we
return as it is.
Docker performs a similar behviour.
Signed-off-by: Aditya R <arajan@redhat.com>
overlayfs -- the kernel's version, not fuse-overlayfs -- recently learned
(as of linux 5.16.0, I believe) how to support rootless users. Previously,
rootless users had to use these storage.conf(5) settings:
* storage.driver=vfs (aka STORAGE_DRIVER=vfs), or
* storage.driver=overlay (aka STORAGE_DRIVER=overlay),
storage.options.overlay.mount_program=/usr/bin/fuse-overlayfs
(aka STORAGE_OPTS=/usr/bin/fuse-overlayfs)
Now that a third backend is available, setting only:
* storage.driver=overlay (aka STORAGE_DRIVER=overlay)
https://github.com/containers/podman/issues/13123 reported EXDEV errors
during the normal operation of their container. Tracing it out, the
problem turned out to be that their container was being mounted without
'userxattr'; I don't fully understand why, but mount(8) mentions this is
needed for rootless users:
> userxattr
>
> Use the "user.overlay." xattr namespace instead of "trusted.overlay.".
> This is useful for unprivileged mounting of overlayfs.
https://github.com/containers/storage/pull/1156 found and fixed the issue
in podman, and this just pulls in that via
go get github.com/containers/storage@ebc90ab
go mod vendor
make vendor
Closes https://github.com/containers/podman/issues/13123
Signed-off-by: Nick Guenther <nick.guenther@polymtl.ca>
* Add which python client is being used to run tests, see "python
client" below.
* Remove redundate code from test classes
* Update/Add comments to modules and classes
======================================================= test session starts ========================================================
platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1
python client -- DockerClient
rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman
plugins: requests-mock-1.8.0
collected 33 items
test/python/docker/compat/test_containers.py ...s.............. [ 54%]
test/python/docker/compat/test_images.py ............ [ 90%]
test/python/docker/compat/test_system.py ... [100%]
Note: Follow-up PRs will verify the test results and expand the tests.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Packagers for other distributions and package managers may put their helper binaries in other location prefixes.
Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman.
HELPER_BINARIES_DIR will be set at link-time.
Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix
Signed-off-by: Ashley Cui <acui@redhat.com>
Previously just showing name of the package, followed by
the path repeated again (already stated on the line above)
[NO NEW TESTS NEEDED]
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
If you run `podman play kube` on a yaml file that only contains
configMaps, podman will fail with the error:
Error: YAML document does not contain any supported kube kind
This is not strictly true; configMaps are a supported kube kind. The
problem is that configMaps aren't a standalone entity. They have to be
used in a container somewhere, otherwise they don't do anything.
This change adds a new message in the case when there only configMaps
resources. It would be helpful if podman reported which configMaps are
unused on every invocation of kube play. However, even if that feedback
were added, this new error messages still helpfully explains the reason
that podman is not creating any resources.
[NO NEW TESTS NEEDED]
Signed-off-by: Jordan Christiansen <xordspar0@gmail.com>
Generating unit files for a pod requires the pod to be created with an
infra container (see `--infra=true`). An infra container runs across
the entire lifespan of a pod and is hence required for systemd to manage
the life cycle of the pod's main unit.
This issue came up on the mailing list.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes#12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to commit containers into a single layer.
Usage
```bash
podman container commit --squash <name>
```
Signed-off-by: Aditya R <arajan@redhat.com>
