The function to generate random IP addresses during ginkgo tests in
the checkpoint test code is moved to common and all tests using
hardcoded IP addresses have been changed to use random IP addresses to
reduce test errors when running the tests in parallel.
Signed-off-by: Adrian Reber <areber@redhat.com>
It seems like our VM images now support systemd CGroups with the
Ubuntu LTS images. No reason to keep testing CGroupfs as such,
systemd is much less racy (and CGroupfs on systemd-enabled
systems can be iffy).
Signed-off-by: Matthew Heon <mheon@redhat.com>
including changing -l to the container id
and separating a case of setting the env that remote can't handle
Signed-off-by: Peter Hunt <pehunt@redhat.com>
This includes:
Implement exec -i and fix some typos in description of -i docs
pass failed runtime status to caller
Add resize handling for a terminal connection
Customize exec systemd-cgroup slice
fix healthcheck
fix top
add --detach-keys
Implement podman-remote exec (jhonce)
* Cleanup some orphaned code (jhonce)
adapt remote exec for conmon exec (pehunt)
Fix healthcheck and exec to match docs
Introduce two new OCIRuntime errors to more comprehensively describe situations in which the runtime can error
Use these different errors in branching for exit code in healthcheck and exec
Set conmon to use new api version
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: Peter Hunt <pehunt@redhat.com>
When removing --all images prune images only attempt to remove read/write images,
ignore read/only images
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Close#3553
This PR makes --dns, --dns-option, --dns-search, and --network not set to host flag mutually exclusive for podman build and create. Returns conflict error if both flags are set.
Signed-off-by: Qi Wang <qiwan@redhat.com>
allow a container to run in a new cgroup namespace.
When running in a new cgroup namespace, the current cgroup appears to
be the root, so that there is no way for the container to access
cgroups outside of its own subtree.
By default it uses --cgroup=host to keep the previous behavior.
To create a new namespace, --cgroup=private must be provided.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
When we first began writing Podman, we ran into a major issue
when implementing Inspect. Libpod deliberately does not tie its
internal data structures to Docker, and stores most information
about containers encoded within the OCI spec. However, Podman
must present a CLI compatible with Docker, which means it must
expose all the information in 'docker inspect' - most of which is
not contained in the OCI spec or libpod's Config struct.
Our solution at the time was the create artifact. We JSON'd the
complete CreateConfig (a parsed form of the CLI arguments to
'podman run') and stored it with the container, restoring it when
we needed to run commands that required the extra info.
Over the past month, I've been looking more at Inspect, and
refactored large portions of it into Libpod - generating them
from what we know about the OCI config and libpod's (now much
expanded, versus previously) container configuration. This path
comes close to completing the process, moving the last part of
inspect into libpod and removing the need for the create
artifact.
This improves libpod's compatability with non-Podman containers.
We no longer require an arbitrarily-formatted JSON blob to be
present to run inspect.
Fixes: #3500
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Before, play kube wasn't properly setting the command. Fix this
Also, begin a dedicated test suite for play kube to catch regressions like this in the future
Signed-off-by: Peter Hunt <pehunt@redhat.com>
Docker CLI calls the healthcheck flags "--health-*", instead of
"--healthcheck-*".
Introduce the former, in order to keep compatibility, and alias
the later, in order to avoid breaking current usage.
Change "--healthcheck-*" to "--health-*" in the docs and tests.
Signed-off-by: Hunor Csomortáni <csomh@redhat.com>
Fix Docker CLI compatibility issue: the "--healthcheck-command" option
value should not be split but instead be passed as single string to
"CMD-SHELL", i.e. "/bin/sh -c <opt>".
On the other hand implement the same extension as is already available
for "--entrypoint", i.e. allow the option value to be a JSON array of
strings. This will make life easier for tools like podman-compose.
Updated "--healthcheck-command" option values in tests accordingly.
Continuation of #3455 & #3507
Signed-off-by: Stefan Becker <chemobejk@gmail.com>
This flag passes the host environment into the container. The basic idea is to
leak all environment variables from the host into the container.
Environment variables from the image, and passed in via --env and --env-file
will override the host environment.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
be sure to load all the existing handlers, so that they can also be
freed in addition to the handlers we treat differently.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This adds three tests for the --ignore-rootfs option to verify that it
works in all combination.
1. Not used at all
2. Only used during restore
3. Only used during checkpoint
Signed-off-by: Adrian Reber <areber@redhat.com>
This tries to reduce CI errors which might happen due to parallel CI
runs which all are using the same IP addresses. Using random addresses
should reduce the possibility of parallel tests using the same IP address.
Signed-off-by: Adrian Reber <areber@redhat.com>
when running integrations tests as rootless, several tests still
unnecessarily pull images which is costly in terms of time.
Signed-off-by: baude <bbaude@redhat.com>
add a simple way to copy ulimit values from the host.
if --ulimit host is used then the current ulimits in place are copied
to the container.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There is no meaning of performing setup/teardown for these tests
when we even can not work with systemd.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
Systemd manager drops non-existent directories from the units search
path during initialization, thus, creation of UNIT_DIR, if it did not
exist before, requres reloading the daemon.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
By default, podman points PIDFile in generated unit file to non-existent
location. As a result, the unit file, generated by podman, is broken:
an attempt to start this unit without prior modification results in a crash,
because systemd can not find the pidfile of service's main process.
Fix the value of "PIDFile" and add a system test for this case.
Signed-off-by: Danila Kiver <danila.kiver@mail.ru>
When we're waiting for a container to come up with healthchecks,
and it's not even running, there's no point to waiting further.
Instead, let's restart the container and continue waiting.
This may fix some flakes we're seeing with 'podman port' tests.
Then again, all the tests there seem to fail, not just a single
test flaking - so I bet there's some other underlying cause.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Podman 1.4.1 had problems with builds with a
RUN command that tried to to a privliged command.
This adds a gating test for that situation.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
