The new Ubuntu 20.04 VMs seem very slow and fail reproducibly in a build
test (i.e, "wordir, cmd, env, label"). Bumping up the time out to 120
seconds will help get the CI green.
See github.com/containers/podman/pull/8747.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Implement `podman-remote cp` and break out the logic from the previously
added `pkg/copy` into it's basic building blocks and move them up into
the `ContainerEngine` interface and `cmd/podman`.
The `--pause` and `--extract` flags are now deprecated and turned into
nops.
Note that this commit is vendoring a non-release version of Buildah to
pull in updates to the copier package.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
`podman network create` should always add a gateway to the cni config.
If no gateway is given use the first ip in the subnet. CNI does not require
the gateway field but we need it because of network inspect.
This worked with previous version but was dropped in Commit(e7a72d72fd).
Fixes#8748
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Tracking down a CI failure earlier today, I was slightly
delayed by the absence of context information in a test
failure. This PR adds full command context to each
subtest, making it much easier for the developer to
narrow down the cause of a failure.
Signed-off-by: Ed Santiago <santiago@redhat.com>
These tests simply will not work under these conditions.
Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04
(prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and
Ubuntu 20.10 were updated to always use CGroupsV2 with crun.
Signed-off-by: Chris Evich <cevich@redhat.com>
When running as rootless, on a CgroupV1 host these tests all report:
`Error: pod stats is not supported in rootless mode without cgroups v2`
Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04
(prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and
Ubuntu 20.10 were updated to always use CGroupsV2 with crun.
Signed-off-by: Chris Evich <cevich@redhat.com>
This should be addressed by PR
https://github.com/containers/podman/pull/8685
Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04
(prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and
Ubuntu 20.10 were updated to always use CGroupsV2 with crun.
Signed-off-by: Chris Evich <cevich@redhat.com>
Nearly/all of the 'podman stats' tests fail on Fedora when
executing testing inside a container, and CGroupsV1 is used on the
host. The typical failure message is of the form `Error: unable to
load cgroup at /machine.slice/.../: cgroup deleted`.
Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04
(prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and
Ubuntu 20.10 were updated to always use CGroupsV2 with crun.
Signed-off-by: Chris Evich <cevich@redhat.com>
These tests fail with `Error: opening file `io.bfq.weight` for writing:
Permission denied: OCI permission denied`. Upon examination of the
VMs, it was found the kernel and OS lacks support for the `BFQ`
scheduler (which supplies the `weight` option). The only available
schedulers are `none` and `mq-deadline`.
Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04
(prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and
Ubuntu 20.10 were updated to always use CGroupsV2 with crun.
Signed-off-by: Chris Evich <cevich@redhat.com>
- run test: minor cleanup to .containerenv test. Basically,
make it do only two podman-runs (they're expensive) and
tighten up the results checks
- ps test: add ps -a --storage. Requires small tweak to
run_podman helper, so we can have "timeout" be an expected
result
- sdnotify test: workaround for #8718 (seeing MAINPID=xxx as
last output line instead of READY=1). As found by the
newly-added debugging echos, what we are seeing is:
MAINPID=103530
READY=1
MAINPID=103530
It's not supposed to be that way; it's supposed to be just
the first two. But when faced with reality, we must bend
to accommodate it, so let's accept READY=1 anywhere in
the output stream, not just as the last line.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #8284, due to my not having noticed #8096.
RHEL gating tests are failing again due to rhbz#1895105, the
one where we can't run journalctl rootless on RHEL. #8284 fixed
this for some RHEL builds of older podman, but I missed #8096
which added yet another logs test.
This brings us to three journalctl exceptions, which means
it gets complicated because I have to refactor it all.
**THIS IS NOT SUSTAINABLE**. We need some way to have a similar
setup in CI, with a permission-less rootless login, so we don't
add yet another logs test some day and discover, months later,
that it doesn't work on RHEL and then have to go into crisis
mode.
Signed-off-by: Ed Santiago <santiago@redhat.com>
This change adds support for the `--filter` / `?filters` arguments on
the `podman volume prune` subcommand.
* Adds ParseFilterArgumentsIntoFilters helper for consistent
Filter string slice handling
* Adds `--filter` support to podman volume prune cli
* Adds `?filters...` support to podman volume prune api
* Updates apiv2 / e2e tests
Closes#8672
Signed-off-by: Baron Lenardson <lenardson.baron@gmail.com>
The podman events aren't read until the given timestamp if the
timestamp is in the future. It just reads all events until now
and exits afterwards.
This does not make sense and does not match docker. The correct
behavior is to read all events until the given time is reached.
This fixes a bug where the wrong event log file path was used
when running first time with a new storage location.
Fixes#8694
This also fixes the events api endpoint which only exited when
an error occurred. Otherwise it just hung after reading all events.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
podman image sign handles muti-arch images.
--all option to create signature for each manifest from the image manifest list.
Signed-off-by: Qi Wang <qiwan@redhat.com>
git-fetch a set of docker-compose examples
Add a mechanism for 'curl'ing to verify that service is up.
For each docker-compose directory:
1) test that it comes up
2) use 'curl' to confirm that the service is up
3) bring it back down
Signed-off-by: Ed Santiago <santiago@redhat.com>
Network create could panic when used with a json body like this:
`{"Name":"net","IPAM":{"Config":[]}}`
The network scope for list and inspect should not be empty. It can
be swarm, global or local. We only support local networks so
hardcode this field to local.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Make the ContainerLogsOptions support two io.Writers,
one for stdout and the other for stderr. The logline already
includes the information to which Writer it has to be written.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
The libpod images exists endpoint panics when called with
a non existing image and therefore returns 500 as status
code instead of the expected 404.
A test is added to ensure it is working.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Handle the ALL Flag when running with an account as a user.
Currently we throw an error when the user specifies
podman run --user bin --cap-add all fedora echo hello
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
we must honor systempaths=unconfined also for read-only paths, as
Docker does:
proc /proc proc rw,nosuid,nodev,noexec,relatime 0 0
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
There exists a unit test to ensure that shell completion functions are
defined. However there was no check about the quality of the provided
shell completions. Lets change that.
The idea is to create a general test that makes sure we are suggesting
containers,pods,images... for the correct commands. This works by
reading the command use line and checking for each arg if we provide
the correct suggestions for this arg.
It includes the following tests:
- flag suggestions if [options] is set
- container, pod, image, network, volume, registry completion
- path completion for the appropriate arg KEYWORDS (`PATH`,`CONTEXT`,etc.)
- no completion if there are no args
- completion for more than one arg if it ends with `...]`
The test does not cover completion values for flags and not every arg KEYWORD
is supported. This is still a huge improvement and covers most use cases.
This test spotted several inconsistencies between the completion and the
command use line. All of them have been adjusted to make the test pass.
The biggest advantage is that the completions always match the latest
command changes. So if someone changes the arguments for a command this
ensures that the completions must be adjusted.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Currently the --layers flag set by the user is ignored, and only the BUILDAH_LAYERS
environment variable being set is observed.
Fixes: https://github.com/containers/podman/issues/8643
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The existing logic (Range > 0) always triggered, because range is
guaranteed to be at least 1 (a single port has a range of 1, a
two port range (e.g. 80-81) has a range of 2, and so on). As such
this could cause ports that had a host port assigned to them by
the user to randomly assign one instead.
Fixes#8650Fixes#8651
Signed-off-by: Matthew Heon <mheon@redhat.com>
Just checking for `rootless.IsRootless()` does not catch all the
cases where slirp4netns is in use - we actually allow it to be
used as root as well. Fortify the conditional here so we don't
fail in the root + slirp case.
Fixes#7883
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add the systempaths=unconfined option to --security-opt
to match the docker options for unmasking all the paths
that are masked by default.
Add the mask and unmask options to the podman create doc.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
