e2e: Allow ImageCacheDir to be changed with an environment variable

[sstosh]

• We can change the ImageCacheDir with TMPDIR.

• Reduce dependency on /tmp for e2e tests.

• When a rootless user, the cache directory is failed to
  remove due to a permission. Therefore, we use
  podman unshare rm to remove the cache.

Signed-off-by: Toshiki Sonoda [email protected]

Does this PR introduce a user-facing change?

None

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: sstosh
Once this PR has been reviewed and has the lgtm label, please assign flouthoc for approval by writing /assign @flouthoc in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[vrothberg]

Thanks! Changes LGTM with one question.

@edsantiago PTAL

[vrothberg]

Should that also be under cachedir?

[sstosh]

We need to fix the keyPath value from /tmp/key.gpg to cachePath("key.gpg") in e2e/sign/policy.json.

podman/test/e2e/sign/policy.json

Line 13 in a702d44

"keyPath": "/tmp/key.gpg"

I haven't come up with a best way, so I remove the key.gpg by defer.

[edsantiago]

I kind of maybe see what problem this is trying to solve, but I think this might not be the best way to do it. Blocking because of two concerns.

[edsantiago]

I'm failing to see how this will use $PODMAN_TEST_IMAGE_CACHE_DIR. Should it?

[sstosh]

I'm bit a confused.
ImageCacheDir is hard corded (/tmp/podman/imagecachedir).

podman/test/e2e/config.go

Line 16 in a702d44

ImageCacheDir = "/tmp/podman/imagecachedir"

On the other hand, $PODMAN_TEST_IMAGE_CACHE_DIR also exists and used.

podman/test/e2e/common_test.go

Lines 344 to 357 in a702d44

	func imageTarPath(image string) string {
	cacheDir := os.Getenv("PODMAN_TEST_IMAGE_CACHE_DIR")
	if cacheDir == "" {
	cacheDir = os.Getenv("TMPDIR")
	if cacheDir == "" {
	cacheDir = "/tmp"
	}
	}
	// e.g., registry.com/fubar:latest -> registry.com-fubar-latest.tar
	imageCacheName := strings.ReplaceAll(strings.ReplaceAll(image, ":", "-"), "/", "-") + ".tar"
	return filepath.Join(cacheDir, imageCacheName)
	}

I don't know if it is necessary to separate ImageCacheDir and $PODMAN_TEST_IMAGE_CACHE_DIR.
If unnecessary, I think that $PODMAN_TEST_IMAGE_CACHE_DIR can be removed.

[edsantiago]

Sorry for taking so long to respond. I think you've hit on the main issue: $PODMAN_TEST_IMAGE_CACHE_DIR has nothing whatsoever to do with ImageCacheDir. It's a confusing similarity. I would suggest leaving the existing $PODMAN_TEST_IMAGE_CACHE_DIR code untouched. The reason that exists is that ginkgo tests pull enormous images, and that takes half an hour on my slow network. I need to cache those locally.

The rest of your PR, though, still needs touchup. Here's what I suggest:

• leave imageTarPath() untouched
• Remove lines 845-849, so cachePath() always returns $TMPDIR/arg (defaulting to /tmp) (as you do now)
  • Bonus points if you can get rid of "" requirement, so callers can do cachePath() instead of cachePath(""). The former is more readable.
• in removeCache(), always remove cachePath("imagedir"). Right now you don't remove it if $TMPDIR is set, and that seems like a logic bug.
  • bonus points if you find a way to remove using podman unshare or some magic namespace code, because that code always always always fails rootless.

Thanks again for your patience and for your contribution.

[sstosh]

I checked that the cache directory is failed to remove due to a permission.
When a rootless user, remove the cache with podman unshare rm -rf <cacheDir>.

podman/test/e2e/common_test.go

Lines 564 to 574 in 63c6a1a

	// Nuke tempdir
	if isRootless() {
	cmd := exec.Command(p.PodmanBinary, "unshare", "rm", "-rf", p.TempDir)
	if err := cmd.Run(); err != nil {
	fmt.Fprintf(os.Stderr, "%v\n", err)
	}
	} else {
	if err := os.RemoveAll(p.TempDir); err != nil {
	fmt.Printf("%q\n", err)
	}
	}

podman/test/e2e/common_test.go

Lines 873 to 884 in 63c6a1a

	// Remove cache dirs
	imageDir := cachePath("imagedir")
	if isRootless() {
	cmd := exec.Command(p.PodmanBinary, "unshare", "rm", "-rf", imageDir)
	if err := cmd.Run(); err != nil {
	fmt.Fprintf(os.Stderr, "%v\n", err)
	}
	} else {
	if err := os.RemoveAll(imageDir); err != nil {
	fmt.Printf("%q\n", err)
	}
	}

[edsantiago]

I'm not too happy with the possibility of someone (inadvertently or not) setting PODMAN_TEST_IMAGE_CACHE_DIR=/tmp (or /etc or even /) and having that be wiped

[sstosh]

I changed a condition for remove a cache directory.

[edsantiago]

I think this, and the other /tmp/nonexistent changes, are overkill.

[sstosh]

I reverted cachePath("noexistent") to /tmp/noexistent.

[edsantiago]

I'm really sorry, but I can't review this. I've tried three times, Friday and today, and it's too convoluted. This is not your fault -- our test setup overloads too many things in and too many names (image, cache, tmp) -- but the result is, I can't understand this, can't confirm that it has no unintended consequences, and can't approve it.

May I request that you break this down into smaller PRs? Something like:

1) temp/scratch (not cache) files

Add a new function, tempFilePath() or scratchFilePath() or anything that does not say "cache":

func tempFilePath(path string) string {
	return filepath.Join(os.TempDir(), path)
        // even better would be creating a one-time `os.MkdirTemp("", "podman-e2e-tests.*")
        // but that would again lead to a too-complicated PR. Once the code is cleaned up,
        // we can look into that as a future improvement.
}

...and use that new function in checkpoint_test.go and push_test.go. I find it really important to get rid of the word "cache" in these contexts.

(In case someone suggests os.CreateTemp(): no go. That creates the file; we want a path to an uncreated file. The randomization/security/race aspects of CreateTemp() are not important in this test context).

2) image cache

Leave ImageCacheDir as a global, but make it start as nil, and initialize it at runtime to filepath.join(os.TempDir(), "imagecachedir"), Then, in mount_rootless_test.go, do the substring check against ImageCacheDir.

That leaves the delete code, which still scares the heck out of me, but I think with these two changes the delete code will be easier to understand.

Alternatively, perhaps someone else in @containers/podman-maintainers can understand and review and approve this PR as it is. But again, I'm sorry, I cannot.

[sstosh]

Thank you for your review and suggestions.
I'll open the other three PRs later such as below:

• e2e: Add tempFilePath() for refactoring

• e2e: Refactoring ImageCacheDir

• e2e: Remove the cache with "podman unshare rm" when a rootless user

This PR become longer, so I'll close it once.