- run test: preserve --runtime test: use a random executable
path. And, clean up better.
- run test: "look up correct image name" test: use random
strings; test both without and with a :tag
- events test: use random label strings, add more filter tests
Signed-off-by: Ed Santiago <santiago@redhat.com>
adding the ability to filter evens by the container labels. this requires that container labels be added to the events data being recorded and subsequently read.
Signed-off-by: baude <bbaude@redhat.com>
Add a check step in podman run --log-driver test. Prefer to add
it here as it already has a loop to cover all different drivers
in this test.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
Detached containers and detach keys are only created with the podman run, i
exec, and start commands. We do not store the detach key sequence or the
detach flags in the database, nor does Docker. The current code was ignoreing
these fields but documenting that they can be used.
Fix podman create man page and --help output to no longer indicate that
--detach and --detach-keys works.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Record the correct image name when creating a container by using the
resolved image name if present. Otherwise, default to using the first
available name or an empty string in which case the image must have been
referenced by ID.
Fixes: #8082
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Want to have man pages match commands, since we have lots of printed
man pages with using Options, we will change the command line to use
Options in --help.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
- apiv2 - the 'ten /info requests' test is flaking often,
taking ~8 seconds (our limit is 7, up from 5 a few weeks
ago). Brent suggested that the first /info call might be
expensive, because it needs to access storage. So, let's
prime it by running one /info outside the timing loop.
And, because even that continues to fail, bump it up
to 10 seconds and file #8076 to track the slowdown.
- toolbox test - WaitForReady() has timed out, even on one
occasion causing a run failure because it failed 3 times.
Solution: bump up timeout from 2s to 5s. Not really great,
but CI systems are underpowered, and it's not unreasonable
that 2s might be too low.
- sdnotify test - add a 'podman wait' between stop & rm.
This may prevent a "cannot rm container as it is running"
race condition.
While working on this, Brent and I noticed a few ways that
test-apiv2 logging can be improved:
- test name: when request is POST, display the jsonified
parameters, not the original input ones. This should
make it much easier to reproduce failures.
- use curl's "--write-out" option to capture http code,
content type, and request time. We were getting the
first two via grep from logged headers; this is cleaner.
And there was no other way to get timing. We now include
the timing as X-Response-Time in the log file.
- abort on *any* curl error, not just 7 (cannot connect).
Any error at all from curl is bad news.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The BATS 'run' directive is really quite obnoxious; for the
most part we really don't want to use it. Remove some uses
that snuck in last week, and remove one test (exists) that
can more naturally be piggybacked into an rm test.
While we're at it: in setup(), look for and delete stray
external (buildah) containers. This will be important if
any of the external-container tests fails; this way we
don't leave behind a state that causes subsequent tests
to fail.
Signed-off-by: Ed Santiago <santiago@redhat.com>
External containers are containers created outside of Podman.
For example Buildah and CRI-O Containers.
$ buildah from alpine
alpine-working-container
$ buildah run alpine-working-container touch /test
$ podman container exists --external alpine-working-container
$ podman container diff alpine-working-container
C /etc
A /test
Added --external flag to refer to external containers, rather then --storage.
Added --external for podman container exists and modified podman ps to use
--external rather then --storage. It was felt that --storage would confuse
the user into thinking about changing the storage driver or options.
--storage is still supported through the use of aliases.
Finally podman contianer diff, does not require the --external flag, since it
there is little change of users making the mistake, and would just be a pain
for the user to remember the flag.
podman container exists --external is required because it could fool scripts
that rely on the existance of a Podman container, and there is a potential
for a partial deletion of a container, which could mess up existing users.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Current these commands only check if a container exists in libpod. With
this fix, the commands will also check if they are in containers/storage.
This allows users to look at differences within a buildah or CRI-O container.
Currently buildah diff does not exists, so this helps out in that situation
as well as in CRI-O since the cri does not implement a diff command.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
- run --userns=keep-id: confirm that $HOME gets set (#8013)
- inspect: confirm that JSON output is a sane number of
lines (10 or more), not an unreadable one-liner (#8011
and #8021). Do so with image, pod, network, volume
because the code paths might be different.
- cgroups: confirm that 'run' preserves cgroup manager (#7970)
- sdnotify: reenable tests, and hope CI doesn't hang. This
test was disabled on August 18 because CI jobs were hanging
and timing out. My suspicion was that it was #7316, which
in turn seems to have hinged on conmon #182. The latter
was merged on Sep 16, so let's cross our fingers and see
what happens.
Also: remove inaccurate warning from a networking test.
And, wow, fix is_cgroupsv2(), it has never actually worked.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Currenly if a user specifies the name or ID of an external storage
container, we report an error to them.
buildah from scratch
working-container-2
podman rm working-container-2
Error: no container with name or ID working-container-2 found: no such container
Since the user specified the correct name and the container is in storage we
force them to specify --storage to remove it. This is a bad experience for the
user.
This change will just remove the container from storage. If the container
is known by libpod, it will remove the container from libpod as well.
The podman rm --storage option has been deprecated, and removed from docs.
Also cleaned documented options that are not available to podman-remote.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
- images test: add test for 'table' and '\t' formatting
- image mount test: check output from 'umount', test
repeat umount (NOP), and test invalid-umount
- kill test: remove kludgy workaround for crun signal bug
ref: #5004 -- code is no longer needed (fingers crossed),
and the workaround involved pulling an expensive image.
- selinux test: add new tests for shared context in:
* pods , w/ and w/o infra container (ref: #7902)
* containers with namespace sharing: --ipc, --pid, --net
- selinux test: new test for --pid=host (disabled pending
propagation of container-selinux-2.146, ref: #7939)
Signed-off-by: Ed Santiago <santiago@redhat.com>
A podman could not read logs written to journald properly, due to a tail config bug.
Added a system test to check this - since e2e tests don't like journald
Signed-off-by: Ashley Cui <acui@redhat.com>
At the top of each generated page, add a Synopsis table with:
PR number/name, and link to github
Author name(s)
Test name (fedora/ubuntu, rootless, etc)
Cirrus build ID (usually uninteresting)
Cirrus task ID (usu. important), with link to Cirrus
The value of $SPECIALMODE
This is all we can get from the Cirrus environment in
which logformatter runs; we can't get things like
cgroup manager or username that the test runs under.
Note that the table is at the top, which is usually
unseen because we autoscroll to the bottom on
page load. I tentatively think that top is a more
natural place for this info than bottom, but am
willing to listen to arguments against.
Also, one minor tweak: highlight podman commands in
the BATS output. The idea is to make it easier for the eye
to spot those, then copy/paste them to find a reproducer.
And, sigh, disable the new 'podman network create'
system test. It is flaking much too much.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Extend the system tests to test `podman untag $image` without further
arguments to force removing all tags from the image.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
change capabilities handling to reflect what docker does.
Bounding: set to caplist
Inheritable: set to caplist
Effective: if uid != 0 then clear; else set to caplist
Permitted: if uid != 0 then clear; else set to caplist
Ambient: clear
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
In podman containers rm and podman images rm, the commands
exit with error code 1 if the object does not exists.
This PR implements similar functionality to volumes, networks, and Pods.
Similarly if volumes or Networks are in use by other containers, and return
exit code 2.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
New tests for podman run --tz=EXPLICIT and =local. Requires
updating our testimage by adding a fixed reference timestamp
to a known file path.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Obscure corner case in which 'podman run --pull=never alpine'
will actually pass *with no alpine image* if there's an
image named "myalpine". (i.e. a substring match, not full
string match). Fixed in #7770 but the tests that were added
there do not actually test that.
This adds a double-duty test for that as well as making
sure that 'run --pull=never SHORTNAME' (implicit :latest)
does not match our existing :YYYYMMDD image; then one
more quick test to make sure that if we tag as :latest,
the same --pull=never succeeds.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- pause test: enable when rootless + cgroups v2
(was previously disabled for all rootless)
- run --pull: now works with podman-remote
(in #7647, thank you @jwhonce)
- various other run/volumes tests: try reenabling
It looks like #7195 was fixed (by #7451? I'm not
sure if I'm reading the conversation correctly).
Anyway, remove all the skip()s on 7195. Only time
will tell if it's really fixed)
Also:
- new test for podman image tree --whatrequires
(because TIL). Doesn't work with podman-remote.
Signed-off-by: Ed Santiago <santiago@redhat.com>
The parse_table() helper has until now dumbly split lines
on every single '|' character. This prevents us from running
simple tests such as 'cgroupManager: (systemd|cgroupfs)'.
We now use an ugly but robust sed expression to split
on '|' but *only* when surrounded by spaces and/or beginning
or end of line. This is safe because, for readability, all
tables already keep the '|' symbols well separated from
table content.
Add tests. And, the whole reason behind this, add
an actual real test for cgroupManager and cgroupVersion.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Tests all (current) values for --log-driver=X, and one test
for invalid value. For those drivers that write a local
file (json-file, k8s-file), test that the file exists and
contains results of the expected form (timestamp, stdout,
'F' for 'F'ull line, and the expected string output.
For json-file, confirm that podman issues a "Choosing k8s-file"
warning (only on local. On podman-remote, the warning goes only
to the server's stderr).
Written in response to #7754 in which driver=json-file was
falling through to 'none' instead of 'k8s-file'.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is very useful for debugging cgroups v2, especially on
rootless - we need to ensure people are correctly using systemd
cgroups in these cases.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Fix a bug when saving multi-image archives where the progress bars from
copying images was accidentally written to the archive and hence
corrupted it.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
- podman network create: new test
- podman pull by-sha + podman images -a (#7651)
- podman image mount: new test
- podman pod: --infra-image and --infra-command (#7167)
For convenience and robustness, build a new testimage
containing a custom file /home/podman/testimage-id
with contents YYYYMMDD (same as image tag). The
image-mount test checks that this file exists and
has the desired content. New testimage also includes
a dummy 'pause' executable, for testing pod infra.
Updates from testimage:20200902 to :20200917
Signed-off-by: Ed Santiago <santiago@redhat.com>
Record the user-specified "raw" image name in the SpecGenerator, so we
can pass it along to the config when creating a container. We need a
separate field as the image name in the generator may be set to the
ID of the previously pulled image - ultimately the cause of #7404.
Reverting the image name from the ID to the user input would not work
since "alpine" for pulling iterates over the search registries in the
registries.conf but looking up "alpine" normalizes to
"localhost/alpine".
Recording the raw-image name directly in the generator was the best of
the options I considered as no hidden magic from search registries or
normalizations (that may or may not change in the future) can interfere.
The auto-update backend enforces that the raw-image name is a
fully-qualified reference, so we need to worry about that in the front
end.
Fixes: #7407
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
