From 1646da834c06d55e7bf56b272f2666659117e6fa Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Wed, 14 Oct 2020 06:24:17 -0600 Subject: [PATCH] System test additions - run --userns=keep-id: confirm that $HOME gets set (#8013) - inspect: confirm that JSON output is a sane number of lines (10 or more), not an unreadable one-liner (#8011 and #8021). Do so with image, pod, network, volume because the code paths might be different. - cgroups: confirm that 'run' preserves cgroup manager (#7970) - sdnotify: reenable tests, and hope CI doesn't hang. This test was disabled on August 18 because CI jobs were hanging and timing out. My suspicion was that it was #7316, which in turn seems to have hinged on conmon #182. The latter was merged on Sep 16, so let's cross our fingers and see what happens. Also: remove inaccurate warning from a networking test. And, wow, fix is_cgroupsv2(), it has never actually worked. Signed-off-by: Ed Santiago --- test/system/030-run.bats | 30 ++++++++++++++++++++++++++++- test/system/070-build.bats | 6 ++++++ test/system/160-volumes.bats | 6 ++++++ test/system/200-pod.bats | 6 ++++++ test/system/260-sdnotify.bats | 2 -- test/system/420-cgroups.bats | 34 +++++++++++++++++++++++++++++++++ test/system/500-networking.bats | 7 ++++++- test/system/helpers.bash | 2 +- 8 files changed, 88 insertions(+), 5 deletions(-) create mode 100644 test/system/420-cgroups.bats diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 766948eccc..28dc7c7a7f 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -303,8 +303,36 @@ echo $rand | 0 | $rand # This would always work on root, but is new behavior on rootless: #6829 # adds a user entry to /etc/passwd + whoami=$(id -un) run_podman run --rm --userns=keep-id $IMAGE id -un - is "$output" "$(id -un)" "username on container with keep-id" + is "$output" "$whoami" "username on container with keep-id" + + # Setting user should also set $HOME (#8013). + # Test setup below runs three cases: one with an existing home dir + # and two without (one without any volume mounts, one with a misspelled + # username). In every case, initial cwd should be /home/podman because + # that's the container-defined WORKDIR. In the case of an existing + # home dir, $HOME and ~ (passwd entry) will be /home/user; otherwise + # they should be /home/podman. + if is_rootless; then + tests=" + | /home/podman /home/podman /home/podman | no vol mount +/home/x$whoami | /home/podman /home/podman /home/podman | bad vol mount +/home/$whoami | /home/podman /home/$whoami /home/$whoami | vol mount +" + while read vol expect name; do + opts= + if [[ "$vol" != "''" ]]; then + opts="-v $vol" + fi + run_podman run --rm $opts --userns=keep-id \ + $IMAGE sh -c 'echo $(pwd;printenv HOME;echo ~)' + is "$output" "$expect" "run with --userns=keep-id and $name sets \$HOME" + done < <(parse_table "$tests") + + # Clean up volumes + run_podman volume rm -a + fi # --privileged should make no difference run_podman run --rm --privileged --userns=keep-id $IMAGE id -un diff --git a/test/system/070-build.bats b/test/system/070-build.bats index 287323bbfa..0741357ed0 100644 --- a/test/system/070-build.bats +++ b/test/system/070-build.bats @@ -224,6 +224,12 @@ EOF # Confirm that 'podman inspect' shows the expected values # FIXME: can we rely on .Env[0] being PATH, and the rest being in order?? run_podman image inspect build_test + + # (Assert that output is formatted, not a one-line blob: #8011) + if [[ "${#lines[*]}" -lt 10 ]]; then + die "Output from 'image inspect' is only ${#lines[*]} lines; see #8011" + fi + tests=" Env[1] | MYENV1=$s_env1 Env[2] | MYENV2=this-should-be-overridden-by-env-host diff --git a/test/system/160-volumes.bats b/test/system/160-volumes.bats index 1c1e0f4ae7..9f4bb76a2e 100644 --- a/test/system/160-volumes.bats +++ b/test/system/160-volumes.bats @@ -213,6 +213,12 @@ EOF run_podman volume create $vol done + # (Assert that output is formatted, not a one-line blob: #8011) + run_podman volume inspect ${v[1]} + if [[ "${#lines[*]}" -lt 10 ]]; then + die "Output from 'volume inspect' is only ${#lines[*]} lines; see #8011" + fi + # Run two containers: one mounting v1, one mounting v2 & v3 run_podman run --name c1 --volume ${v[1]}:/vol1 $IMAGE date run_podman run --name c2 --volume ${v[2]}:/vol2 -v ${v[3]}:/vol3 \ diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 2ae038dfe3..1d17c8cad3 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -66,6 +66,12 @@ function teardown() { run_podman pod exists $podname run_podman pod exists $podid + # (Assert that output is formatted, not a one-line blob: #8021) + run_podman pod inspect $podname + if [[ "${#lines[*]}" -lt 10 ]]; then + die "Output from 'pod inspect' is only ${#lines[*]} lines; see #8011" + fi + # Randomly-assigned port in the 5xxx range for port in $(shuf -i 5000-5999);do if ! { exec 3<> /dev/tcp/127.0.0.1/$port; } &>/dev/null; then diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 06aa3bba79..2ddeda96a0 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -12,8 +12,6 @@ _SOCAT_LOG= function setup() { skip_if_remote "systemd tests are meaningless over remote" - skip "FIXME FIXME FIXME, is this what's causing the CI hang???" - # Skip if systemd is not running systemctl list-units &>/dev/null || skip "systemd not available" diff --git a/test/system/420-cgroups.bats b/test/system/420-cgroups.bats new file mode 100644 index 0000000000..615e43e6c9 --- /dev/null +++ b/test/system/420-cgroups.bats @@ -0,0 +1,34 @@ +#!/usr/bin/env bats -*- bats -*- +# +# cgroups-related tests +# + +load helpers + +@test "podman run, preserves initial --cgroup-manager" { + skip_if_remote "podman-remote does not support --cgroup-manager" + + if is_rootless && is_cgroupsv1; then + skip "not supported as rootless under cgroups v1" + fi + + # Find out our default cgroup manager, and from that, get the non-default + run_podman info --format '{{.Host.CgroupManager}}' + case "$output" in + systemd) other="cgroupfs" ;; + cgroupfs) other="systemd" ;; + *) die "Unknown CgroupManager '$output'" ;; + esac + + run_podman --cgroup-manager=$other run --name myc $IMAGE true + run_podman container inspect --format '{{.HostConfig.CgroupManager}}' myc + is "$output" "$other" "podman preserved .HostConfig.CgroupManager" + + # Restart the container, without --cgroup-manager option (ie use default) + # Prior to #7970, this would fail with an OCI runtime error + run_podman start myc + + run_podman rm myc +} + +# vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index a923402ac4..44cc731cfe 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -90,7 +90,12 @@ load helpers run_podman network create --subnet "${mysubnet}.0/24" $mynetname is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'" - # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky + # (Assert that output is formatted, not a one-line blob: #8011) + run_podman network inspect $mynetname + if [[ "${#lines[*]}" -lt 5 ]]; then + die "Output from 'pod inspect' is only ${#lines[*]} lines; see #8011" + fi + run_podman run --rm --network $mynetname $IMAGE ip a is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ "sdfsdf" diff --git a/test/system/helpers.bash b/test/system/helpers.bash index c6c2c12df3..4591c90150 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -247,7 +247,7 @@ function is_cgroupsv1() { function is_cgroupsv2() { cgroup_type=$(stat -f -c %T /sys/fs/cgroup) - test "$cgroup_type" = "cgroupfs" + test "$cgroup_type" = "cgroup2fs" } ###########################