Change the install data format to keep a list of containers for each
image installed, so that multiple containers for the same image can be
installed and uninstalled.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1559935
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1214
Approved by: baude
it is not used anymore as we completely moved the pull logic to Skopeo.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1215
Approved by: baude
Add 3 cases to verify skopeo pulling from docker to ostree works.
The 3 cases include the following:
1: pull dockertar into ostree (custom name)
2: pull dockertar into ostree (default name)
3: pull docker image into ostree(e.g: docker:image:latest)
Also added a small change to ensure checkout are existant if
no installation of containers happens prior.
Closes: #1180
Approved by: giuseppe
Before, we used the ostree copy, and the size difference between the
docker image and ostree image is minimal. However, the skopeo way
has a different way of handling image size, making the ostree image has
noticeable size difference compared to the docker image.
Therefore, to make the test pass, we will have a relaxed threshold for
virtual size difference. Since we only have the test check against one
image, we first leave the percent difference to be 4%.
Closes: #1180
Approved by: giuseppe
atomic containers update --rebase=$TO $CONTAINER attempts to pull the
image if it is missing in the repository.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1198
Approved by: rhatdan
it allows to select a different OCI runtime to use with atomic run.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1196
Approved by: rhatdan
if we try "atomic run IMAGE" then the command creates a "oneshot"
container, modifies the args for the config.json file and it runs the
specified command.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1186
Approved by: baude
The files inside the container are labelled by Skopeo when the image is
pulled to the OSTree storage.
Instead the root directory is created by atomic and by default it gets
the label "unconfined_u:object_r:container_share_t:s0".
Make sure we label the rootfs with the same label of '/'.
We have changed the way files are labelled by Skopeo but we forgot to
change the label for the rootfs created by atomic. This patch ensures
the SELinux label for the rootfs is set.
Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1544175
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1185
Approved by: cgwalters
Add a unit test to verify that it is not possible for
an image to be hex after encoding, and a tag "latest" will
be appended if the image does not have a valid tag.
Closes: #1181
Approved by: giuseppe
We skipped file names just based on their ending without checking if
it is a symlink. This prevented container with a name ending in .0 or
.1 to be uninstalled.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1166
Approved by: peterbaouoft
A unit test for rm_add_files_to_host is added. The basic/expected
functionality of that function is tested by the new test
Other functions in rpm_host_install are mostly covered
by the integration test already, and thus not tested here
Closes: #1155
Approved by: giuseppe
A 'high-level' unit test is added that covers basic functionality
check for refactored function '_handle_system_package_files'.
Closes: #1155
Approved by: giuseppe
This commit refactors the writing info part from 'do_checkout'
into a function.
Also, because of the above action, two of the local variables
'installed_files_template' and 'rename_files' are also removed
Other than those, an extra error case was added to the except list.
A unit test is added for future regression
Closes: #1155
Approved by: giuseppe
This commit refactors the "rename file value substitution" code
section in '_do_checkout' function
There should not be any functional impact with this commit
A unit test is added for future regression
Closes: #1155
Approved by: giuseppe
This commit contains small refactoring of getting manifest
attributes and refactoring of the "tempfile cleaning during
upgrade" code section in '_do_checkout'
Also, 'has_container_service' local variable is genereated in the
function instead of being passed in as a parameter. This is done
because in the future refactoring we might want to elminate the
usage of local variables related to manifest completly.
A unit test is added to verify getting manifest attribute works
as expected
Closes: #1155
Approved by: giuseppe
This commit contains refactoring for write config in '_do_checkout' function,
this refactoring also removes the duplication of writing config in 'run_once'
There should not be functional impact with this commit.
A unit test is added for future regression
Closes: #1160
Approved by: giuseppe
In _do_checkout, we refactor the part for getting rootfs location
into a function.
A todo comment( refactoring 'missing image layer check') is also added
in this commit based on discussions on irc
A unit test is added for future regression
Closes: #1154
Approved by: giuseppe
This is regression from https://github.com/projectatomic/atomic/pull/1152.
It appears that 'self' is no longer used when '_resolve_remote_path' is moved into
'_get_remote_location'. Thus, '_get_remote_location' is made to be static
Closes: #1154
Approved by: giuseppe
Made a new class to track all the refactored functions' unit tests
(for future usage)
Added a unit test to test the functionality of the factored out
_get_remote_location function.
Closes: #1152
Approved by: giuseppe
Since we allow to customize the runtime to use, there is no hard
requirement for bwrap-oci anymore.
Also add the same check for system containers, let's error immediately
if the specified runtime is not present.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1141
Approved by: baude
Store the checksum of files copied to the host, so that on an update or
an uninstall we can skip the files that have a mismatch in the
checksum.
This reflects in the --system-package=no case what the rpm backend
already does.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1131
Approved by: ashcrow
it can be used by privileged containers to add all the capabilities
known to the host. It prevents hard coding the list in the
config.json.template file so that the same image can be used on
different kernel versions where there can be different capabilities
supported.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1119
Approved by: ashcrow
Split the pipeline in two so that we check that there's something to
unmount before doing it. This is needed now because the new CI
infrastructure provisions a true uninitialized block device that doesn't
need to be unmounted, so the `grep` would fail (because of the
`pipefail` option). Previously, `/dev/vdb` was actually itself a
pre-formatted ext4 partition and thus was automounted.
This should now catch both the old CI style (in case local developers
were mirroring that setup), as well as more conventional partitioning
schemes.
I dropped the `-r` since we *know* at that point that there is at least
one entry to unmount.
Closes: #1106
Approved by: rhatdan
Fix test failures after updating papr to test with f26 atomic/cloud
images instead of f25, with the following changes:
1. Remove dependency on docker hub tester image. Instead, mimic
what ostree/rpm-ostree does and use a recursive .papr.sh script
to install the necessary packages to the base f26 image in the
fedora registry. This fixes tests on the atomic host since python3.6
is being used, and prevents future tests from testing the wrong
version. (Note this is slightly slower due to having to install
packages during the test rather than using a pre-built image).
2. Fix some pylint errors, and mask others for now
3. Fix failing integration tests due to inter-test interference
4. Remove unnecessary deepcopy in container filter
5. Add compatibility for both c-s-s and d-s-s in storage
6. Update expected sha256 values for dockertar test
Remaining issues:
1. test_storage should possibly be reworked. The current test
setup is conflicting with the new default of overlay as a driver.
For now, the test for generated d-s-s is disabled.
2. some storage commands are still using "docker-storage-setup"
instead of "container-storage-setup". There is a backward
compatible check in place that should be reworked in the future
3. some masked pylint errors should be further investigated
4. keep the dockerfile for the project atomic tester image for now
(bump to 26), since its a little easier and faster to set up with
Signed-off-by: Yu Qi Zhang <jerzhang@redhat.com>
Closes: #1076
Approved by: baude
move the filter inside the Python script since the
"images -f" can include other results and make the comparison fail only
if the difference between the two sizes is > 1%.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1047
Approved by: TomasTomecek
Issue #1021 requested we add the NAME field to the containers list command,
so that debugging container failures would be easier.
Closes: #1024
Approved by: baude
The atomic.conf file is now tested to validate it is valid YAML. The two
cases checked are:
- The file contents in it's shipped state
- The file contents with examples uncommented
An example has no space between the hash and the start of the example:
#example: value
While a comment is expected to have a space:
# I am a comment
Closes: #1009
Approved by: giuseppe
A bug was reported in issue #1022 where if the atomic install data failed,
the installation data was still written allowing the user to proceed
with an atomic run.
Disabling test_install.sh until i can follow up with Thomas.
Closes: #1025
Approved by: baude
When image is being referenced by a container,
_mark_used function should mark image as being
used if the image id is found inside the information of
containers.
In this case, the image id for containers should be
referenced as container.image instead of container.id
Some tests are added for future regression.
Closes: #1030
Approved by: baude
