From bd3c66fc8151350ad6562959054eddb5508cf028 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Wed, 16 Sep 2020 10:06:33 -0600 Subject: [PATCH] system tests: new tests - podman network create: new test - podman pull by-sha + podman images -a (#7651) - podman image mount: new test - podman pod: --infra-image and --infra-command (#7167) For convenience and robustness, build a new testimage containing a custom file /home/podman/testimage-id with contents YYYYMMDD (same as image tag). The image-mount test checks that this file exists and has the desired content. New testimage also includes a dummy 'pause' executable, for testing pod infra. Updates from testimage:20200902 to :20200917 Signed-off-by: Ed Santiago --- test/system/010-images.bats | 47 +++++++++++++++++++++++++++++++++ test/system/060-mount.bats | 30 +++++++++++++++++++++ test/system/200-pod.bats | 31 +++++++++++++++++++++- test/system/500-networking.bats | 29 ++++++++++++++++++++ test/system/build-testimage | 44 ++++++++++++++++++++++++------ test/system/helpers.bash | 31 +++++++++++++++++++++- 6 files changed, 202 insertions(+), 10 deletions(-) diff --git a/test/system/010-images.bats b/test/system/010-images.bats index c0a8936e3a..ac65e54d9a 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -112,4 +112,51 @@ Labels.created_at | 20[0-9-]\\\+T[0-9:]\\\+Z run_podman rm mytinycontainer } +# Regression test for https://github.com/containers/podman/issues/7651 +# in which "podman pull image-with-sha" causes "images -a" to crash +@test "podman images -a, after pulling by sha " { + # Get a baseline for 'images -a' + run_podman images -a + local images_baseline="$output" + + # Get the digest of our local test image. We need to do this in two steps + # because 'podman inspect' only works reliably on *IMAGE ID*, not name. + # See https://github.com/containers/podman/issues/3761 + run_podman inspect --format '{{.Id}}' $IMAGE + local iid="$output" + run_podman inspect --format '{{.Digest}}' $iid + local sha="$output" + + local imgbase="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/${PODMAN_TEST_IMAGE_NAME}" + local fqin="${imgbase}@$sha" + + # This will always pull, because even though it's the same image we + # already have, podman doesn't actually know that. + run_podman pull $fqin + is "$output" "Trying to pull ${fqin}\.\.\..*" "output of podman pull" + + # Prior to #7654, this would crash and burn. Now podman recognizes it + # as the same image and, even though it internally tags it with the + # sha, still only shows us one image (which should be our baseline) + # + # WARNING! If this test fails, we're going to see a lot of failures + # in subsequent tests due to 'podman ps' showing the '@sha' tag! + # I choose not to add a complicated teardown() (with 'rmi @sha') + # because the failure window here is small, and if it fails it + # needs attention anyway. So if you see lots of failures, but + # start here because this is the first one, fix this problem. + # You can (probably) ignore any subsequent failures showing '@sha' + # in the error output. + run_podman images -a + is "$output" "$images_baseline" "images -a, after pull: same as before" + + # Clean up: this should simply untag, not remove + run_podman rmi $fqin + is "$output" "Untagged: $fqin" "podman rmi untags, does not remove" + + # ...and now we should still have our same image. + run_podman images -a + is "$output" "$images_baseline" "after podman rmi @sha, still the same" +} + # vim: filetype=sh diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index d98a3eeb12..75c88e4ad4 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -35,4 +35,34 @@ load helpers fi } + +@test "podman image mount" { + skip_if_remote "mounting remote is meaningless" + skip_if_rootless "too hard to test rootless" + + # Start with clean slate + run_podman image umount -a + + run_podman image mount $IMAGE + mount_path="$output" + + test -d $mount_path + + # Image is custom-built and has a file containing the YMD tag. Check it. + testimage_file="/home/podman/testimage-id" + test -e "$mount_path$testimage_file" + is $(< "$mount_path$testimage_file") "$PODMAN_TEST_IMAGE_TAG" \ + "Contents of $testimage_file in image" + + # 'image mount', no args, tells us what's mounted + run_podman image mount + is "$output" "$IMAGE $mount_path" "podman image mount with no args" + + # Clean up + run_podman image umount $IMAGE + + run_podman image mount + is "$output" "" "podman image mount, no args, after umount" +} + # vim: filetype=sh diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 7189d7e4bc..2ae038dfe3 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -173,6 +173,19 @@ function random_ip() { # FIXME: --ip=$ip fails: # Error adding network: failed to allocate all requested IPs local mac_option="--mac-address=$mac" + + # Create a custom image so we can test --infra-image and -command. + # It will have a randomly generated infra command, using the + # existing 'pause' script in our testimage. We assign a bogus + # entrypoint to confirm that --infra-command will override. + local infra_image="infra_$(random_string 10 | tr A-Z a-z)" + local infra_command="/pause_$(random_string 10)" + run_podman build -t $infra_image - << EOF +FROM $IMAGE +RUN ln /home/podman/pause $infra_command +ENTRYPOINT ["/original-entrypoint-should-be-overridden"] +EOF + if is_rootless; then mac_option= fi @@ -185,12 +198,21 @@ function random_ip() { --dns-search "$dns_search" \ --dns-opt "$dns_opt" \ --publish "$port_out:$port_in" \ - --label "${labelname}=${labelvalue}" + --label "${labelname}=${labelvalue}" \ + --infra-image "$infra_image" \ + --infra-command "$infra_command" pod_id="$output" # Check --pod-id-file is "$(<$pod_id_file)" "$pod_id" "contents of pod-id-file" + # Get ID of infra container + run_podman pod inspect --format '{{(index .Containers 0).ID}}' mypod + local infra_cid="$output" + # confirm that entrypoint is what we set + run_podman container inspect --format '{{.Config.Entrypoint}}' $infra_cid + is "$output" "$infra_command" "infra-command took effect" + # Check each of the options if [ -n "$mac_option" ]; then run_podman run --rm --pod mypod $IMAGE ip link show @@ -249,9 +271,16 @@ function random_ip() { run_podman logs $cid is "$output" "$teststring" "test string received on container" + # Finally, confirm the infra-container and -command. We run this late, + # not at pod creation, to give the infra container time to start & log. + run_podman logs $infra_cid + is "$output" "Confirmed: testimage pause invoked as $infra_command" \ + "pod ran with our desired infra container + command" + # Clean up run_podman rm $cid run_podman pod rm -f mypod + run_podman rmi $infra_image } # vim: filetype=sh diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 39de8ad549..d2454fbf4a 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -80,4 +80,33 @@ load helpers run_podman rm $cid } +# "network create" now works rootless, with the help of a special container +@test "podman network create" { + local mynetname=testnet-$(random_string 10) + local mysubnet=$(random_rfc1918_subnet) + + run_podman network create --subnet "${mysubnet}.0/24" $mynetname + is "$output" ".*/cni/net.d/$mynetname.conflist" "output of 'network create'" + + # WARNING: this pulls a ~100MB image from quay.io, hence is slow/flaky + run_podman run --rm --network $mynetname $IMAGE ip a + is "$output" ".* inet ${mysubnet}\.2/24 brd ${mysubnet}\.255 " \ + "sdfsdf" + + # Cannot create network with the same name + run_podman 125 network create $mynetname + is "$output" "Error: the network name $mynetname is already used" \ + "Trying to create an already-existing network" + + run_podman network rm $mynetname + run_podman 125 network rm $mynetname + + # rootless CNI leaves behind an image pulled by SHA, hence with no tag. + # Remove it if present; we can only remove it by ID. + run_podman images --format '{{.Id}}' rootless-cni-infra + if [ -n "$output" ]; then + run_podman rmi $output + fi +} + # vim: filetype=sh diff --git a/test/system/build-testimage b/test/system/build-testimage index 64aa46337b..ef14d3afd8 100755 --- a/test/system/build-testimage +++ b/test/system/build-testimage @@ -26,23 +26,51 @@ create_time_z=$(env TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ') set -ex +# We'll need to create a Containerfile plus various other files to add in +# # Please document the reason for all flags, apk's, and anything non-obvious +tmpdir=$(mktemp -t -d $(basename $0).tmp.XXXXXXX) +cd $tmpdir + +# 'image mount' test will confirm that this file exists and has our YMD tag +echo $YMD >testimage-id + +# 'pod' test will use this for --infra-command +cat >pause < /dev/null || true -podman build --squash-all -t testimage - <Containerfile < /dev/null || true +podman build --squash-all -t testimage . + +# Clean up +cd /tmp +rm -rf $tmpdir + # Tag and push to quay. -podman tag testimage quay.io/edsantiago/testimage:$YMD -podman push quay.io/edsantiago/testimage:$YMD +podman tag testimage quay.io/libpod/testimage:$YMD +podman push quay.io/libpod/testimage:$YMD # Side note: there should always be a testimage tagged ':00000000' # (eight zeroes) in the same location; this is used by tests which @@ -54,6 +82,6 @@ podman push quay.io/edsantiago/testimage:$YMD # # podman pull docker.io/library/busybox:1.32.0 # podman tag docker.io/library/busybox:1.32.0 \ -# quay.io/edsantiago/testimage:00000000 -# podman push quay.io/edsantiago/testimage:00000000 +# quay.io/libpod/testimage:00000000 +# podman push quay.io/libpod/testimage:00000000 # diff --git a/test/system/helpers.bash b/test/system/helpers.bash index 514ba249e3..c361e23ff1 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -7,7 +7,7 @@ PODMAN=${PODMAN:-podman} PODMAN_TEST_IMAGE_REGISTRY=${PODMAN_TEST_IMAGE_REGISTRY:-"quay.io"} PODMAN_TEST_IMAGE_USER=${PODMAN_TEST_IMAGE_USER:-"libpod"} PODMAN_TEST_IMAGE_NAME=${PODMAN_TEST_IMAGE_NAME:-"testimage"} -PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200902"} +PODMAN_TEST_IMAGE_TAG=${PODMAN_TEST_IMAGE_TAG:-"20200917"} PODMAN_TEST_IMAGE_FQN="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/$PODMAN_TEST_IMAGE_NAME:$PODMAN_TEST_IMAGE_TAG" # Because who wants to spell that out each time? @@ -397,6 +397,35 @@ function random_string() { } +########################### +# random_rfc1918_subnet # +########################### +# +# Use the class B set, because much of our CI environment (Google, RH) +# already uses up much of the class A, and it's really hard to test +# if a block is in use. +# +# This returns THREE OCTETS! It is up to our caller to append .0/24, .255, &c. +# +function random_rfc1918_subnet() { + local retries=1024 + + while [ "$retries" -gt 0 ];do + local cidr=172.$(( 16 + $RANDOM % 16 )).$(( $RANDOM & 255 )) + + in_use=$(ip route list | fgrep $cidr) + if [ -z "$in_use" ]; then + echo "$cidr" + return + fi + + retries=$(( retries - 1 )) + done + + die "Could not find a random not-in-use rfc1918 subnet" +} + + ######################### # find_exec_pid_files # Returns nothing or exec_pid hash files #########################