Do not rely on an arbitrary delay in order to ensure the port was bound
in the container. Instead this approach checks if the port is bound in
the netns and only then starts the client. This speeds up the entire
test file by 50% but more importantly in parallel testing it solves
hangs as the timeout there was unreliable.
Fixes#23471
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
c/image now throws a warning when using encryption and zstd:chunked as
they do not work together[1]. As CI uses default configs from fedora it
means rawhide now defaults to zstd:chunked which trigger the warning
there. To work around that force zstd compression.
[1] https://github.com/containers/image/issues/2485
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If we try to stop a contianer that is not running or paused we get an
ErrCtrStateInvalid or ErrCtrStopped error. As podman stop is idempotent
this is not a user visable error at all so we should also never log it
in the container state.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We cannot unlock then lock again without syncing the state as this will
then save a potentially old state causing very bad things, such as
double netns cleanup issues.
The fix here is simple move the saveContainerError() under the same
lock. The comment about the re-lock is just wrong. Not doing this under
the same lock would cause us to update the error after something else
changed the container alreayd.
Most likely this was caused by a misunderstanding on how go defer's work.
Given they run Last In - First Out (LIFO) it is safe as long as out
defer function is after the defer unlock() call.
I think this issue is very bad and might have caused a variety of other
weird flakes. As fact I am confident that this fixes the double cleanup
errors.
Fixes#21569
Also fixes the netns removal ENOENT issues seen in #19721.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Rootless units placed in `users` would be loaded for root when
`/etc/containers/systemd` is a symlink. In this case, since
`UnitDirAdmin` is hardcoded, `userLevelFilter` always returns `true`.
If `/etc/containers/systemd/users` is a symlink, any user would load
other users' units.
Fix the above two problems.
Fixes: #23483
Signed-off-by: Uzinn Kagurazaka <uzinn.kagurazaka@11555511.xyz>
Previously there were two CI tasks that ended up both testing docker-py
compatibility. Remove the duplicate from the `localapiv2-python` make
target, and symlink the identical requirements file.
Signed-off-by: Chris Evich <cevich@redhat.com>
Return the error not just log as the caller can then decide to log this
and exit > 0. I also removed the c.valid check as I do not see what the
purpose of this would be. c.valid is only false when the ctr was removed
but then we should never get there as Cleanup() will not work on a
container in removing state.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Previously these tests pulled some test images from quay, opening them up
to networking-flake induced failures. As has already been done for
other tests, update to utilize the locally running registry server.
Also: Add `test/python/**` into the apiv2 task conditions as referenced
by the `Makefile` `localapiv2-python` target.
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously, if anyone touched these files no extra testing would
trigger. However, basically all testing depends on them. Update the
condition and test that verifies it.
Signed-off-by: Chris Evich <cevich@redhat.com>
Basically commit ada4e1a8c1 for e2e tests. The timeout does not kill the
process so if it is stucked it hangs forever. So make sure we kill it
via SIGABRT.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add generate helper function.
Also, add a troubleshooting try/catch block in case we get more flakes
during Set-LocalUser step in Windows powershell.
Resolves: https://github.com/containers/podman/issues/23468
Signed-off-by: Nicola Sella <nsella@redhat.com>
The podman container cleanup command is not really intended for human
use. Instead each conmon will spawn this command after the container
exit to make sure we can cleanup resources asynchronously. However this
command will always race against other foreground process such as podman
rm -fa. Therefore it is possible that the ctr was already removed and we
should not log errors in this case.
While these errors are normally not seen as the command is int he
background you can see it if you enable syslog logging and then they
just spam the log with useless errors so just ignore them.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add support for the ServiceName key for all unit types
Extend the PodInfo struct into UnitInfo to consolidate all prepopulated data into a single map
Use the NodesInfo map instead of the resourceName
Update the UnitInfo in the convert function instead of returning it
No need to replace extension anymore just remove it
All e2e tests with dependencies on other Quadlet files moved to a separate section
Add the capability of overriding the service name in the test
Add e2e tests for the new functionality
Adjust integration tests
Update the MAN page
Signed-off-by: Ygal Blum <ygal.blum@gmail.com>
Two tests, both check port 80 on host, one wants it live,
the other wants it blocked. Prevent them from running
concurrently.
Fixes: #23470
Signed-off-by: Ed Santiago <santiago@redhat.com>
Use safename for containers, volumes, images.
Build a temporary scratch image for podman image mount, so
we can safely mount/umount it (instead of $IMAGE) without
risk of other parallel tests umounting it.
Fixed some oopsies ("$vol1" is empty string, so, NOP test)
And... an experiment. I'm leaving in my 'ci:parallel' tags
and notes, so I don't have to carry them in #23275. This
is harmless, basically just noisy comments. The drawback
is, if for some reason #23275 does not pan out, I'll have
to go back and remove those tags. Right now I'm feeling
pretty comfortable about this parallelization approach tho.
Signed-off-by: Ed Santiago <santiago@redhat.com>
When removing the gvproxy pid file, under CI conditions we could hit a
case where the PID file being removed seemed to have an open handle on
it still. I could not find anything in podman that left an open handle
and gvproxy would have quit before this, so we think it is likely
another process holding it. I could not find root cause with CI because
I could not trip the flake.
this new code allows windows (specifically hyperv bc WSL does not use
GVProxy) to ignore an ERROR_SHARING_VIOLATION.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Use safename instead of hardcoded "test"
Start registry once, in setup_file(), instead of requiring
individual tests to do so.
Add explicit --authfile arg to a bunch of places that now need it
Minor cleanup and improvements in test descriptions. I may have
gotten a little carried away here, but if this test ever fails
these additions will make someone's life much easier.
Signed-off-by: Ed Santiago <santiago@redhat.com>
