Prior, a pod would have to be started immediately when created, leading to confusion about what a pod state should be immediately after creation. The problem was podman run --pod ... would error out if the infra container wasn't started (as it is a dependency). Fix this by allowing for recursive start, where each of the container's dependencies are started prior to the new container. This is only applied to the case where a new container is attached to a pod.
Also rework container_api Start, StartAndAttach, and Init functions, as there was some duplicated code, which made addressing the problem easier to fix.
Signed-off-by: Peter Hunt <pehunt@redhat.com>
allow users to remotely prune volumes.
this is the last volume command for remote enablement. as such,
the volume commands are being folded back into main because they
are supported for both local and remote clients.
also, enable all volume tests that do not use containers
as containers are not enabled for the remote client yet.
Signed-off-by: baude <bbaude@redhat.com>
We have a consistent CI failure with the notify_socket test that
I can't reproduce locally. There's no reason for the test to have
--rm, so try removing it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Previously, 'podman create --rm' did not work - it wouldn't error
but it did nothing.
It is now fixed, but unfortunately the unit tests used it a lot,
in ways that just do not work when it actually functions.
Begin the process of fixing now-failing tests.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Go templates were not being processed or printed correctly for podman
pod stats. Added the ability to do templates as well as honor the
table identifier.
Fixes#2258
Signed-off-by: baude <bbaude@redhat.com>
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Add --all-tags for the `podman pull` command so all tags
of an image will be pulled, not just ':latest'. Emulates
the change in Buildah https://github.com/containers/buildah/pull/1263
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
This registry responds differently depending on the the platform
accessing it. It also occasionally goes down or returns 404s. Improve
the reliability of the e2e tests by using the registry/image used
for gating pull-requests.
This way, if there's a registry/networking problem, the gating test
will fail and prevent anything else from running. This is a better
failure to have early, rather than wait and need to re-run all the
e2e tests again later.
Signed-off-by: Chris Evich <cevich@redhat.com>
The sig-proxy test creates a FIFO, runs podman with actions
that write to it, then tries reading from the FIFO.
Opening a FIFO for read or write blocks until the other end is
opened for the corresponding write/read. If our podman process
fails for any reason, the test's FIFO open will hang forever.
Solution: open with O_NONBLOCK.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We are missing the equivalence of the docker system commands
This patch set adds `podman system prune`
and `podman system info`
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
addition of import and export for the podman-remote client. This includes
the ability to send and receive files between the remote-client and the
"podman" host using an upgraded varlink connection.
Signed-off-by: baude <bbaude@redhat.com>
For whatever reason, this specific test frequently fails on Ubuntu with
an error similar to:
```
Timed out after 1.000s.
Expected process to exit. It did not.
/var/tmp/go/src/github.com/containers/libpod/test/e2e/info_test.go:38
```
Ths changes alters the test behavior to use the `defaultWaitTimeout`
value (so 90 vs former 60 seconds) only for this test.
Signed-off-by: Chris Evich <cevich@redhat.com>
The toolbox project would benefit from a few changes to more closely
resembe the original atomic cli project. Changes made are:
* only pull image for container runlabel if the label exists in the image
* if a container image does not have the desired label, exit with non-zero
Signed-off-by: baude <bbaude@redhat.com>
we now, by default, only prune dangling images. if --all is passed, we
prune dangling images AND images that do not have an associated containers.
also went ahead and enabled the podman-remote image prune side of things.
Fixes: #2192
Signed-off-by: baude <bbaude@redhat.com>
initial enablement of podman-remote version. includes add a APIVersion const
that will allow us to check compatibility between host/client when connections
are made.
also added client related information to podman info.
Signed-off-by: baude <bbaude@redhat.com>
Masking main level, image, and container commands that are not yet
implemented for the remote client. As each command is completed, be
sure to unmask it.
Also, masking podman command line switches that are not applicable
to the remote client.
Signed-off-by: baude <bbaude@redhat.com>
When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Add the ability to run the integration (ginkgo) suite using
the remote client.
Only the images_test.go file is run right now; all the rest are
isolated with a // +build !remotelinux. As more content is
developed for the remote client, we can unblock the files and
just block single tests as needed.
Signed-off-by: baude <bbaude@redhat.com>
Restoring a container from a checkpoint should give the container the
same IP as before checkpointing. This adds a test to make sure the IP
stays the same.
Signed-off-by: Adrian Reber <areber@redhat.com>
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonitFixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Now that the correct distribution CRIU packages are installed the
checkpoint/restore tests should no longer fail. This re-enables the
disabled tests on Fedora.
Signed-off-by: Adrian Reber <areber@redhat.com>
We had two problems with /dev/shm, first, you mount the
container read/only then /dev/shm was mounted read/only.
This is a bug a tmpfs directory should be read/write within
a read-only container.
The second problem is we were ignoring users mounted /dev/shm
from the host.
If user specified
podman run -d -v /dev/shm:/dev/shm ...
We were dropping this mount and still using the internal mount.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
when testing rootless containers, it is more reliable to stop
a container with a zero timeout than kill a container. We made
this change in non-rootless tests as well. When IO or CPU are
taxed, it avoids a situation where the kill signal is sent but the
container has not been able to update its status when a subsequent
action occurs.
Signed-off-by: baude <bbaude@redhat.com>
Display the trust policy of the host system. The trust policy is stored in the /etc/containers/policy.json file and defines a scope of registries or repositories.
Signed-off-by: Qi Wang <qiwan@redhat.com>
Since the most recent TWO versions of Fedora are officially supported
upstream, both need to be tested. Implement the concept of a 'prior'
Fedora release in both base-image and cache-image production. Utilize
the produced cache-image to test libpod. Remove F28 testing from PAPR.
Much thanks to @baude @giuseppe for help with this.
Signed-off-by: Chris Evich <cevich@redhat.com>