From 7b9d6a3552739cc725e63b695506a7a017b0beac Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 30 Sep 2020 12:01:39 -0400 Subject: [PATCH 1/4] tests: ignore empty cgroup My latest Vagrant box contains an empty cgroup name that isn't used for isolation: ``` $ cat /proc/self/cgroup | grep :: 0::/user.slice/user-1000.slice/session-17.scope ``` --- drivers/exec/driver_test.go | 2 +- drivers/shared/executor/executor_linux_test.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/exec/driver_test.go b/drivers/exec/driver_test.go index 685e63e6667..e32861f1c59 100644 --- a/drivers/exec/driver_test.go +++ b/drivers/exec/driver_test.go @@ -570,7 +570,7 @@ func TestExecDriver_HandlerExec(t *testing.T) { } // Skip rdma subsystem; rdma was added in most recent kernels and libcontainer/docker // don't isolate it by default. - if strings.Contains(line, ":rdma:") { + if strings.Contains(line, ":rdma:") || strings.Contains(line, "::") { continue } if !strings.Contains(line, ":/nomad/") { diff --git a/drivers/shared/executor/executor_linux_test.go b/drivers/shared/executor/executor_linux_test.go index 93be7a20025..11e038825af 100644 --- a/drivers/shared/executor/executor_linux_test.go +++ b/drivers/shared/executor/executor_linux_test.go @@ -206,7 +206,9 @@ func TestExecutor_CgroupPaths(t *testing.T) { // Skip rdma subsystem; rdma was added in most recent kernels and libcontainer/docker // don't isolate it by default. - if strings.Contains(line, ":rdma:") { + // :: filters out odd empty cgroup found in latest Ubuntu lines, e.g. 0::/user.slice/user-1000.slice/session-17.scope + // that is also not used for isolation + if strings.Contains(line, ":rdma:") || strings.Contains(line, "::") { continue } @@ -260,7 +262,7 @@ func TestExecutor_CgroupPathsAreDestroyed(t *testing.T) { // Skip rdma subsystem; rdma was added in most recent kernels and libcontainer/docker // don't isolate it by default. - if strings.Contains(line, ":rdma:") { + if strings.Contains(line, ":rdma:") || strings.Contains(line, "::") { continue } From 0f2af169ad3003e8e6dbf8d1a740590f3c2f369a Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 30 Sep 2020 12:02:36 -0400 Subject: [PATCH 2/4] tests: copy permissions when copying files On the failover path, copy the permission bits (a.k.a. file mode), specially the execution bit. --- drivers/shared/executor/executor_test.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/shared/executor/executor_test.go b/drivers/shared/executor/executor_test.go index 200fb323e55..cd15321b65b 100644 --- a/drivers/shared/executor/executor_test.go +++ b/drivers/shared/executor/executor_test.go @@ -495,7 +495,10 @@ func copyFile(t *testing.T, src, dst string) { require.NoErrorf(t, err, "copying %v -> %v", src, dst) defer in.Close() - out, err := os.Create(dst) + ins, err := in.Stat() + require.NoErrorf(t, err, "copying %v -> %v", src, dst) + + out, err := os.OpenFile(dst, os.O_RDWR|os.O_CREATE, ins.Mode()) require.NoErrorf(t, err, "copying %v -> %v", src, dst) defer func() { if err := out.Close(); err != nil { @@ -633,6 +636,8 @@ func TestExecutor_Start_NonExecutableBinaries(pt *testing.T) { } return true, nil }, func(err error) { + stderr := strings.TrimSpace(string(testExecCmd.stderr.String())) + t.Logf("stderr: %v", stderr) require.NoError(err) }) }) From a181ff3f792d4d79cc5c1daea76b4bab5bebc7d0 Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Wed, 30 Sep 2020 13:25:01 -0400 Subject: [PATCH 3/4] Compare to the correct host network setting In systemd-resolved hosts with no DNS customizations, the docker driver DNS setting should be compared to /run/systemd/resolve/resolv.conf while exec/java drivers should be compared to /etc/resolv.conf. When system-resolved is enabled, /etc/resolv.conf is a stub that points to 127.0.0.53. Docker avoids this stub because this address isn't accessible from the container. The exec/java drivers that don't create network isolations use the stub though in the default configuration. --- plugins/drivers/testutils/dns_testing.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/plugins/drivers/testutils/dns_testing.go b/plugins/drivers/testutils/dns_testing.go index f27a8fead6c..ccd0f0e2905 100644 --- a/plugins/drivers/testutils/dns_testing.go +++ b/plugins/drivers/testutils/dns_testing.go @@ -16,7 +16,11 @@ func TestTaskDNSConfig(t *testing.T, driver *DriverHarness, taskID string, dns * caps, err := driver.Capabilities() require.NoError(t, err) - isolated := (caps.FSIsolation != drivers.FSIsolationNone) + // FS isolation is used here as a proxy for network isolation. + // This is true for the current built-in drivers but it is not necessarily so. + isolated := caps.FSIsolation != drivers.FSIsolationNone + usesHostNetwork := caps.FSIsolation != drivers.FSIsolationImage + if !isolated { t.Skip("dns config not supported on non isolated drivers") } @@ -39,7 +43,12 @@ func TestTaskDNSConfig(t *testing.T, driver *DriverHarness, taskID string, dns * require.ElementsMatch(t, dns.Options, dresolvconf.GetOptions(resolvConf)) } } else { - system, err := dresolvconf.Get() + systemPath := "/etc/resolv.conf" + if !usesHostNetwork { + systemPath = dresolvconf.Path() + } + + system, err := dresolvconf.GetSpecific(systemPath) require.NoError(t, err) require.ElementsMatch(t, dresolvconf.GetNameservers(system.Content, dtypes.IP), dresolvconf.GetNameservers(resolvConf, dtypes.IP)) require.ElementsMatch(t, dresolvconf.GetSearchDomains(system.Content), dresolvconf.GetSearchDomains(resolvConf)) From fe501c94eb0d11118e432e24f86ec9bede5e74bd Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Thu, 1 Oct 2020 09:58:39 -0400 Subject: [PATCH 4/4] tests: use system path On host with systemd-resolved, we copy /run/systemd/resolve/resolv.conf actually. --- drivers/shared/resolvconf/mount_unix_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/shared/resolvconf/mount_unix_test.go b/drivers/shared/resolvconf/mount_unix_test.go index 76154f5909b..271eb6c0274 100644 --- a/drivers/shared/resolvconf/mount_unix_test.go +++ b/drivers/shared/resolvconf/mount_unix_test.go @@ -8,12 +8,13 @@ import ( "path/filepath" "testing" + dresolvconf "github.com/docker/libnetwork/resolvconf" "github.com/stretchr/testify/require" ) func Test_copySystemDNS(t *testing.T) { require := require.New(t) - data, err := ioutil.ReadFile("/etc/resolv.conf") + data, err := ioutil.ReadFile(dresolvconf.Path()) require.NoError(err) tmp, err := ioutil.TempDir("", "copySystemDNS_Test")