If we do not unset CONTAINERS_CONF before tests that create a invlid
config will cause the Cleanup to fail.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Only check exit codes last, othwerwise in case of errors it will return
early and miss other commands.
Also explicitly stop before rm, rm is not working in all cases (#18180).
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test will leak processes because the rm -fa in the cleanup failed.
This happens because podman tried to remove the contianers in the wrong
order and thus ppodman failed with:
`contianer XXX has dependent containers which must be removed before it`
For now I patch the test but it should be much better if we can fix it
in podman to remove in the correct order. `--all` should mean all I do
not care if there is a dependent container, just get rid of it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We blindy trust these commands to work but as it turns out they do not
under certain circumstances.
The "podman run ipcns ipcmk container test" can be used to fail this
reliably, if a container has dependencies the order of rm --all may
cause it to fail because the contianers are deleted in the wrong order.
This is th eonly one I found so far, adding this will uncover many more
of such problems without proper cleanup we leak processes and ginkgo v2
will block because of them.
Of course this cannot be merged without fixing these issues.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is not clear why but without the wait is seems like the podman
process just hangs forever which now causes ginkgo to block until it
exits.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Set REGISTRY_AUTH_FILE to unique path for each subtest. This
should eliminate collisions where one test runs "podman logout"
just after another does "podman login".
Also, add a test to confirm that the authfile gets written
as expected.
Also, add actual tests for expected error messages, instead
of just ExitWithError()
Fixes: #18397
Signed-off-by: Ed Santiago <santiago@redhat.com>
Podman's container-name generation depends on the global RNG state being
properly initialized (seeded). Should this not happen for some reason
(or it's seeded with a static value), podman will generate the exact
same repeating sequence of container names (assuming no clashes with
existing containers). Add a test to confirm this is always the case.
Signed-off-by: Chris Evich <cevich@redhat.com>
Ref: https://pkg.go.dev/math/rand@go1.20#Seed
Note: For `runtime_test.go`, this test-case was never actually doing
what appears as it's intent . Fixing it to work as intended would be
require incredibly libpod-invasive changes. Do the least-worse thing and
simply confirm that consecutive generated names are different.
Signed-off-by: Chris Evich <cevich@redhat.com>
Systemd supports unit files with a prefix '-' which
tells the system to check if the content exists before
using it. This would allow the QM project to specify
AddDevice=-/dev/kvm, which would add the /dev/kvm device
to the container iff it exists on the host.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add actual tests (for expected errors, not just exit-status) to
the "push to local registry with authorization" test. As it is
now, if the registry is unreachable, the test passes a number
of steps and only fails later, with a misleading diagnostic.
Followup to, but does not fix, #18286
Signed-off-by: Ed Santiago <santiago@redhat.com>
...at least as many as possible. "run/exec -it" make no sense
in a CI environment; I believe the vast majority of these are
the result of fingers typing on autopilot, then copy/pasting
cascades from those. This PR gets rid of as many -it/-ti as
possible. Some are still needed for testing purposes.
Y'all have no idea how much I hate #10927 (the "no logs from conmon"
flake). This does not fix the underlying problem, nor does it even
eliminate the flake (The "exec terminal doesn't hang" test needs
to keep the -ti flag, and that's one of the most popular flakers).
But this at least reduces the scope of the problem. It also removes
a ton of nasty orange "input device is not a TTY" warnings from logs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Nasty test flake, "bad address nc-server.dns.podman"
Cause: "There is absolutely no guarantee that aardvark-dns
is ready before the container is started." (source: Paul).
Workaround (not a real solution): wait before doing a host lookup.
Also: remove a 99%-duplicate test.
Closes: #16272 (I hope)
Signed-off-by: Ed Santiago <santiago@redhat.com>
The problem right now is that --ns contianer: syntax causes use to add
the namespace path to the spec which means the runtime will try to call
setns on that. This works fine for private namespaces but when the host
namspace is used by the container a rootless user is not allowed to
join that namespace so the setns call will return with permission
denied.
The fix is to effectively switch the container to the `host` mode
instead of `container:` when the mention container used the host ns. I
tried to fix this deep into the libpod call when we assign these
namespaces but the problem is that this does not work correctly because
these namespace require much more setup. Mainly different kind of mount
points to work correctly.
We already have similar work-arounds in place for pods because they also
need this.
For some reason this does not work with the user namespace, I don't know
why and I don't think it is really needed so I left this out just to get
at least the rest working. The original issue only reported this for the
network namespace.
Fixes#18027
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Our friend #7096 is still not fixed: it continues to flake,
singletons only, and only in the "create" test (not "run").
My guess: maybe there's a race somewhere in IP assignment,
such that container1 can have an IP, but not yet be running,
and a container2 can sneak in and start with that IP, and
container1 is the one that fails?
Solution: tighten the logic so we wait for container1 to
truly be running before we start container2. And, when we
start container2, do so with -a so we get to see stdout.
(Am not expecting it to be helpful, but who knows).
Also very minor cleanup
Signed-off-by: Ed Santiago <santiago@redhat.com>
Having a container spin-wait on a /stop file, then exit, is
unsafe: 'podman exec $ctr touch /stop' can get sucked into
container cleanup before the exec terminates, resulting in
the podman-exec failing and hence the test failing.
Most existing instances of this pattern are unnecessary.
Replace those with just 'podman rm -f'.
When necessary, use a variety of safer alternatives.
Re-Closes: #10825 (already closed; this addresses remaining cases)
Signed-off-by: Ed Santiago <santiago@redhat.com>
We should return the raw state string without any extra formatting in
this case.
`{{.Status}}` returns the nicely formatted string used in the default ps
output, e.g. `Up 2 seconds ago`, while `{{.State}}` returns the state as
string, e.g. `running`.
This matches the docker output and allows better use in scripts.
Fixes#18244
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The `exec` session somestimes exits with 137 as the exec session races
with the cleanup process of the exiting container. Fix the flake by
running a detached exec session.
Fixes: #10825
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Wire in support for writing the digest of the pushed image to a
user-specified file. Requires some massaging of _internal_ APIs
and the extension of the push endpoint to integrate the raw manifest
(i.e., in bytes) in the stream.
Closes: #18216
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When running the remote integration test I have over 1000 zombies
because each test creates a single service process. Only after ginkgo
exists they get finally reaped by the init process. This only effected
the rootless runs.
For some reason the test use different logic between root and rootless.
This doesn't make much sense. I also see no reason to manually kill
child processes.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This is a rather big deal. All system services shared the same tmpdir
which causes big issues for the rootless netns setup.
Also use --events-backend file like the local ones. This is important
otherwise reading events and takes ages as the jounal is shared for all
tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Creating a new diretory results in the test leaking it when it is not
removed via a defer call. All tests have already access to
`podmanTest.TempDir` which will be automatically removed in the
`AfterEach()` block.
While some test were fine other forgot the defer call. To keep the test
consitent and prevent other from making the same mistake convert all
users to `podmanTest.TempDir`. `CreateTempDirInTempDir()` is only used
for the `podmanTest.Setup()` call.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
