RHEL gating tests: more journald exceptions

Followup to containers#8284, due to my not having noticed containers#8096. RHEL gating tests are failing again due to rhbz#1895105, the one where we can't run journalctl rootless on RHEL. containers#8284 fixed this for some RHEL builds of older podman, but I missed containers#8096 which added yet another logs test. This brings us to three journalctl exceptions, which means it gets complicated because I have to refactor it all. **THIS IS NOT SUSTAINABLE**. We need some way to have a similar setup in CI, with a permission-less rootless login, so we don't add yet another logs test some day and discover, months later, that it doesn't work on RHEL and then have to go into crisis mode. Signed-off-by: Ed Santiago <[email protected]>
pmoogi-redhat · Dec 15, 2020 · 8a57df9 · 8a57df9
1 parent 0fd31e2
commit 8a57df9
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 19 deletions.
diff --git a/test/system/030-run.bats b/test/system/030-run.bats
@@ -415,13 +415,18 @@ json-file | f
         fi
 
         if [[ $driver != 'none' ]]; then
-            run_podman logs myctr
-            is "$output" "$msg" "check that podman logs works as expected"
+            if [[ $driver = 'journald' ]] && journald_unavailable; then
+                # Cannot perform check
+                :
+            else
+                run_podman logs myctr
+                is "$output" "$msg" "podman logs, with driver '$driver'"
+            fi
         else
             run_podman 125 logs myctr
             if ! is_remote; then
                 is "$output" ".*this container is using the 'none' log driver, cannot read logs.*" \
-                   "podman logs does not work with none log driver"
+                   "podman logs, with driver 'none', should fail with error"
             fi
         fi
         run_podman rm myctr
@@ -437,14 +442,7 @@ json-file | f
     skip_if_remote "We cannot read journalctl over remote."
 
     # We can't use journald on RHEL as rootless, either: rhbz#1895105
-    if is_rootless; then
-        run journalctl -n 1
-        if [[ $status -ne 0 ]]; then
-            if [[ $output =~ permission ]]; then
-                skip "Cannot use rootless journald on this system"
-            fi
-        fi
-    fi
+    skip_if_journald_unavailable
 
     msg=$(random_string 20)
     pidfile="${PODMAN_TMPDIR}/$(random_string 20)"

diff --git a/test/system/035-logs.bats b/test/system/035-logs.bats
@@ -55,14 +55,7 @@ ${cid[0]} d"   "Sequential output from logs"
 
 @test "podman logs over journald" {
     # We can't use journald on RHEL as rootless: rhbz#1895105
-    if is_rootless; then
-        run journalctl -n 1
-        if [[ $status -ne 0 ]]; then
-            if [[ $output =~ permission ]]; then
-                skip "Cannot use rootless journald on this system"
-            fi
-        fi
-    fi
+    skip_if_journald_unavailable
 
     msg=$(random_string 20)
 

diff --git a/test/system/helpers.bash b/test/system/helpers.bash
@@ -259,6 +259,31 @@ function is_cgroupsv2() {
     test "$cgroup_type" = "cgroup2fs"
 }
 
+# rhbz#1895105: rootless journald is unavailable except to users in
+# certain magic groups; which our testuser account does not belong to
+# (intentional: that is the RHEL default, so that's the setup we test).
+function journald_unavailable() {
+    if ! is_rootless; then
+        # root must always have access to journal
+        return 1
+    fi
+
+    run journalctl -n 1
+    if [[ $status -eq 0 ]]; then
+        return 1
+    fi
+
+    if [[ $output =~ permission ]]; then
+        return 0
+    fi
+
+    # This should never happen; if it does, it's likely that a subsequent
+    # test will fail. This output may help track that down.
+    echo "WEIRD: 'journalctl -n 1' failed with a non-permission error:"
+    echo "$output"
+    return 1
+}
+
 ###########################
 #  _add_label_if_missing  #  make sure skip messages include rootless/remote
 ###########################
@@ -315,6 +340,15 @@ function skip_if_cgroupsv1() {
     fi
 }
 
+##################################
+#  skip_if_journald_unavailable  #  rhbz#1895105: rootless journald permissions
+##################################
+function skip_if_journald_unavailable {
+    if journald_unavailable; then
+        skip "Cannot use rootless journald on this system"
+    fi
+}
+
 #########
 #  die  #  Abort with helpful message
 #########