The --rmi flag will delete the container image after its execution
unless that image is already been used by another container(s).
This is useful when one wants to execute a container once and remove
any resources attached to it.
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
Env-variable related code is scattered across several packages making it
hard to maintain and extend. Consolidate the code into a new pkg/env
package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This introduces a new cirrus helper script, logformatter.
Usage is:
[commands...] | logformatter TEST-NAME
It reformats its input into a readable, highlighed, linkable
form. Some features:
- boring stuff (timestamps, standard podman options) is
deemphasized
- important stuff (warnings, errors) is emphasized
- in-page links to the actual failures
- active links to source files
- jumps to bottom of page on load, because that's where
the errors are. (All errors are linked)
Add it to select test commands (integration, system) and
add a new artifacts_html, run in the 'always' block, which
uploads generated *.log.html into Cirrus; from there we
generate a live URL that can be viewed in browser.
Unfortunately, due to security concerns in Cirrus, it is
not currently possible to make the link a live one.
Kludge: add a line of dashes after Restoring images; without this,
the first test ("systemd PID 1") has no dashes before it, so
logformatter doesn't see it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This patch allows users to specify the list of capabilities required
to run their container image.
Setting a image/container label "io.containers.capabilities=setuid,setgid"
tells podman that the contained image should work fine with just these two
capabilties, instead of running with the default capabilities, podman will
launch the container with just these capabilties.
If the user or image specified capabilities that are not in the default set,
the container will print an error message and will continue to run with the
default capabilities.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
API v2 has been quiet for a few days, and the test script is
actually passing. Let's take advantage of this opportunity
to get them running in CI.
Requires adding a check for cgroupsv2
Signed-off-by: Ed Santiago <santiago@redhat.com>
Until now, we've been validating every part of container
configuration through the With... functions that set the options.
This if fine when we are just validating the options to an
individual function, but things get complicated once we need to
validate conflicts between different options. We don't know the
order in which things were passed, so we need the validation on
both of the potential options that can conflict, resulting in
significant code duplication. To solve this, add a validate()
function for containers, and use this to check whether everything
is in a good state.
We can probably move more into this function (there are other
parts of container creation that also do validation of a sort)
but this is a good start to simplifying our options.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
A number of scripts relating to tooling used and the gate container
image were not exiting upon errors as intended. Coupled with
external service unavailability (i.e. downloading golangci-lint)
was observed to cause difficult to debug failures.
This change corrects the scripts inside/out of the gate container as
well as fixes many golang related path consistency problems vs other CI
jobs. After this change, all jobs use consistent path names reducing
the number of special-case overrides needed.
Lastly, I also made a documentation-pass, updating/correcting as needed,
including documenting a likely local validation-failure mode, related to
`$EPOCH_TEST_COMMIT`. This is dependent on the developers git
environment, so documentation is the only possible "fix".
Signed-off-by: Chris Evich <cevich@redhat.com>
Modify the pod inspect bindings to hold current pod status.
Includes test to validate on pod status and added test to check
no or few pods are pruned,if the pods are in exited state.
Signed-off-by: Sujil02 <sushah@redhat.com>
This corrects a regression from Podman 1.4.x where container exec
sessions inherited supplemental groups from the container, iff
the exec session did not specify a user.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Main intended signifant change is forced-removal of crun from F30
and disabling updates-testing (only enabled on F31).
Signed-off-by: Chris Evich <cevich@redhat.com>
Suspect crun might be sneaking in during VM image build via podman RPM
dependency. Add it to the removal list when building, then also force
use of runc at runtime in F30.
Also quote all true/false vars to force them as strings instead of
booleans (which will become capitalized)
Signed-off-by: Chris Evich <cevich@redhat.com>
added the ability to wait on a condition (stopped, running, paused...) for a container. if a condition is not provided, wait will default to the stopped condition which uses the original wait code paths. if the condition is stopped, the container exit code will be returned.
also, correct a mux issue we discovered.
Signed-off-by: Brent Baude <bbaude@redhat.com>
It solves a tight loop with poll as stdin will be initialized to
/dev/null in buildah/imagebuildah/StageExecutor.Run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There are a number of env. vars set during the setup script. Therefore
displaying them at end of the script is more helpful for debugging.
Signed-off-by: Chris Evich <cevich@redhat.com>
when creating a network, podman should add the firewall plugin to the config but not specify a backend. this will allow cni to determine whether it should use an iptables|firewalld backend.
Signed-off-by: Brent Baude <bbaude@redhat.com>
in order for the fall back mechanisms to work in containernetworking-plugins, the firewall plugin must still be called via the cni configuration file. however, no backend will be specified as we will rely on cni to do the right thing.
Signed-off-by: Brent Baude <bbaude@redhat.com>
add binding tests for volumes: inspect(get), create, remove, prune, and list
implement filters ability for volumes
Signed-off-by: Brent Baude <bbaude@redhat.com>
In the package_versions CI step, include Fedora/Ubuntu
version, uname -r, and cgroups version.
Cgroups version is simply the FS type of /sys/fs/cgroup,
which shows 'tmpfs' for v1 and 'cgroup2fs' for v2. I
don't think it's worth the effort to prettify those
into 'v1/v2' - I think our readers are sophisticated
enough to figure it out from context - but am willing
to add that feature if requested.
Signed-off-by: Ed Santiago <santiago@redhat.com>
9f69c4eca (part of the f31 pr, #3091) semi-broke the kill test,
there's now an ugly warning:
setup(): removing stray images quay.io/libpod/fedora-minimal:latest 7bb5a60e8a78
The comments also didn't actually explain the problem
being addressed, and included a misleading reference
to busybox.
Here we switch to using fedora-minimal only with podman-remote,
clean it up (rmi) when finished, and include an explanation in
the comments about why this is needed; making it clear that
this workaround can be removed once we get rid of podman-remote.
We also reformat back to 80 columns.
Signed-off-by: Ed Santiago <santiago@redhat.com>
