Add a debug line to the wait to test to see which container
is being left behind after the cleaup where the race is happening.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
When a userns is set we setup the network after the bind mounts, at the
point where resolv.conf is generated we do not yet know the subnet.
Just like the other dns servers for bridge networks we need to add the
ip later in completeNetworkSetup()
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2182052
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some key are available only for user scope while there are no keys that
are supported only for system. So, better to run in user scope
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
If a path (Yaml, ConfigMap, EnvFile) starts with a systemd path
specifier, treat the path as absolute
Add tests - unit, e2e and bats
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
...not CONTAINERS_CONF. At least for most tests.
Nearly every system test currently using CONTAINERS_CONF=tmpfile
should be using CONTAINERS_CONF_OVERRIDE.
Simple reason: runtime (crun/runc), database_backend (bolt/sqlite),
logger, and other important settings from /etc/c.conf are not
usually written into the tmpfile. Those tests, therefore, are
not running podman as configured on the system.
Much more discussion: #15413
This PR is a prerequisite for enabling sqlite system tests. For
the sake of simplicity and sanity, I choose to submit the sqlite
switch as a separate PR once this passes and merges.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Race introduced in #16709, which changed 'top' to 'true', so
there was only a narrow window in which '.State.ConmonPod'
would be valid. Remove the race.
Fixes: #17882
Signed-off-by: Ed Santiago <santiago@redhat.com>
If a container with an ID starting with "db1" exists, and a
container named "db1" also exists, and they are different
containers - if I run `podman inspect db1` the container named
"db1" should be inspected, and there should not be an error that
multiple containers matched the name or id "db1". This was
already handled by BoltDB, and now is properly managed by SQLite.
Fixes#17905
Signed-off-by: Matt Heon <mheon@redhat.com>
Add yet another environment variable for loading containers.conf.
When CONTAINERS_CONF_OVERRIDE is set, the specified config file
will be loaded last - even when CONTAINERS_CONF is set.
This mechanism is needed to preserve system settings and other
environment variables. Setting CONTAINERS_CONF will load only
the specified config file and ignore all system and user paths.
That makes testing hard as many Podman tests use CONTAINERS_CONF
for testing.
The intended use of CONTAINERS_CONF_OVERRIDE is to set it during tests
and point it to a specific configuration of Podman (e.g., netavark with
sqlite backend).
Similar needs have popped up talking to users in the automotive and
high-performance computing space. In a way, such a setting allows for
specifying a specific "flavor" of Podman while preserving all existing
settings on the system.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
We use the same endpoint for libpod and docker compat API. However as
reported docker returns "id" lowercase. Because we cannot break the
libpod API right now keep the output for the libpod endpoint and only
change the docker one.
To do so simply use two types that we can cast with different JSON tags.
Fixes#17869
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
skip in setup() if journald unavailable.
To be pedantic, this is overkill: some quadlet tests pass
because they don't run journald. Too bad.
Also skip a play-kube test that requires journal
Signed-off-by: Ed Santiago <santiago@redhat.com>
...and add a comment explaining why. The minimum, determined via
binary search, is actually 27! Anything under that will barf:
$ bin/podman run --ulimit nofile=26:26 --rm quay.io/libpod/testimage:20221018 true
Error: OCI runtime error: crun: openat2 `proc/sysrq-trigger`: Too many open files
Play it safe, go with 30.
(Does this seem alarming to anyone else, or am I the only one??)
Fixes: #17860
Signed-off-by: Ed Santiago <santiago@redhat.com>
If the volume source starts with . resolve the path relative to the
location of the unit file
Update the test code to allow verification of regex for the value in key
value arguments
Add the usage of relative paths to the volume and mount test cases
Update the man page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Since we can't guarantee when the worker queue will come
and clean up the service container in the remote case when
podman kube play --wait is called, cleanup the service container
at the end of PlayKubeDown() to ensure that it is removed right
after all the containers, pods, volumes, etc are removed.
[NO NEW TESTS NEEDED]
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
As described in #17777, the `restart` on-failure action did not behave
correctly when the health check is being run by a transient systemd
unit. It ran just fine when being executed outside such a unit, for
instance, manually or, as done in the system tests, in a scripted
fashion.
There were two issue causing the `restart` on-failure action to
misbehave:
1) The transient systemd units used the default `KillMode=cgroup` which
will nuke all processes in the specific cgroup including the recently
restarted container/conmon once the main `podman healthcheck run`
process exits.
2) Podman attempted to remove the transient systemd unit and timer
during restart. That is perfectly fine when manually restarting the
container but not when the restart itself is being executed inside
such a transient unit. Ultimately, Podman tried to shoot itself in
the foot.
Fix both issues by moving the restart logic in the cleanup process.
Instead of restarting the container, the `healthcheck run` will just
stop the container and the cleanup process will restart the container
once it has turned unhealthy.
Fixes: #17777
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Just like we do with RUNTIME and NETWORK. Skipped for now in
system tests because there's no way yet to actually set the
database backend.
Also, in system test oneliner (first test), include DB
Signed-off-by: Ed Santiago <santiago@redhat.com>
Add debug logs from systemctl and journalctl in hope to get more data on
the Debian flakes tracked in #17796.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This reverts commit 1c08f2edac: the
original failure reported in #17287 persists:
[+1306s] not ok 453 podman networking with pasta(1) - TCP translated port range forwarding, IPv4, loopback
...
[+1306s] # 2023/03/15 14:33:33 socat[119870] E connect(8, AF=2 127.0.0.1:5127, 16): Interrupted system call
[+1306s] # xx
[+1306s] # #/vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
[+1306s] # #| FAIL: Mismatch between data sent and received
[+1306s] # #| expected: = xxx
[+1306s] # #| actual: xx
[+1306s] # #\^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
so keep two connections instead of three as long as I'm too dumb to
figure this out.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Transient mode means the DB should not persist, so instead of
using the GraphRoot we should use the RunRoot instead.
Signed-off-by: Matt Heon <mheon@redhat.com>
Two main changes:
- The transient state tests relied on BoltDB paths, change to
make them agnostic
- The volume code in SQLite wasn't retrieving and setting the
volume plugin for volumes that used one.
Signed-off-by: Matt Heon <mheon@redhat.com>
When streaming events, prevent returning duplicates after a log rotation
by marking a beginning and an end for rotated events. Before starting to
stream, get a timestamp while holding the event lock. The timestamp
allows for detecting whether a rotation event happened while reading the
log file and to skip all events between the begin and end rotation
event.
In an ideal scenario, we could detect rotated events by enforcing a
chronological order when reading and skip those detected to not be more
recent than the last read event. However, events are not always
_written_ in chronological order. While this can be changed, existing
event files could not be read correctly anymore.
Fixes: #17665
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
When we searching any image at a container registry,
--cert-dir and --creds could be required
as well as push, pull, etc.
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
