forked from sylabs/singularity
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
e2e: non-pid namespace e2e-tests for OCI/CGROUPS
The Singularity e2e-tests were previously all run in a mount and PID namespace, to avoid polluting the host filesystem (critical), and process tree (less critical). These namespaces are set up in some CGO init code. The use of the PID namespace prevents testing with systemd as the cgroups manager, as systemd is aware of the host process tree, not the one in the new e2e PID namespace. This is a major omission since sylabs#540 switched to using systemd for cgroups management by default. This PR: * Modifies the e2e init CGO code, so that an env var `SINGULARITYE_E2E_NO_PID_NS` will cause it *not* to create a new PID namespace. * Modifies the Makefile so that the e2e suite is called twice, once with PID ns, once without. * Moves the INSTANCE cgroups test into a new package/topic e2e/cgroups, run in the e2e call without PID ns. * Moves the OCI tests into the e2e call without PID ns. * Modifies the CGROUPS and OCI tests so that they test with both systemd and cgroupfs management, using a convenience wrapper function. Fixes: 563 Note - this breaks the e2e CLI coverage, as it only supports collecting / analyzing one e2e run... where we now have two. The CLI coverage metrics are unused in practice, and flawed (don't consider combinations of flags required or possible), so I'm going to propose removing them in a separate issue.
- Loading branch information
Showing
10 changed files
with
189 additions
and
67 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
// Copyright (c) 2022, Sylabs Inc. All rights reserved. | ||
// This software is licensed under a 3-clause BSD license. Please consult the | ||
// LICENSE.md file distributed with the sources of this project regarding your | ||
// rights to use or distribute this software. | ||
|
||
package cgroups | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/google/uuid" | ||
"github.com/sylabs/singularity/e2e/internal/e2e" | ||
"github.com/sylabs/singularity/e2e/internal/testhelper" | ||
"github.com/sylabs/singularity/internal/pkg/test/tool/require" | ||
) | ||
|
||
// NOTE | ||
// ---- | ||
// Tests in this package/topic are run in a a mount namespace only. There is | ||
// no PID namespace, in order that the systemd cgroups manager functionality | ||
// can be exercised. | ||
// | ||
// You must take extra care not to leave detached process etc. that will | ||
// pollute the host PID namespace. | ||
// | ||
|
||
// randomName generates a random name instance or OCI container name based on a UUID. | ||
func randomName(t *testing.T) string { | ||
t.Helper() | ||
|
||
id, err := uuid.NewRandom() | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
return id.String() | ||
} | ||
|
||
type ctx struct { | ||
env e2e.TestEnv | ||
} | ||
|
||
// moved from INSTANCE suite, as testing with systemd cgroup manager requires | ||
// e2e to be run without PID namespace | ||
func (c *ctx) instanceApplyCgroups(t *testing.T) { | ||
require.Cgroups(t) | ||
e2e.EnsureImage(t, c.env) | ||
|
||
// pick up a random name | ||
instanceName := randomName(t) | ||
joinName := fmt.Sprintf("instance://%s", instanceName) | ||
|
||
c.env.RunSingularity( | ||
t, | ||
e2e.WithProfile(e2e.RootProfile), | ||
e2e.WithCommand("instance start"), | ||
e2e.WithArgs("--apply-cgroups", "testdata/cgroups/deny_device.toml", c.env.ImagePath, instanceName), | ||
e2e.ExpectExit(0), | ||
) | ||
|
||
c.env.RunSingularity( | ||
t, | ||
e2e.WithProfile(e2e.RootProfile), | ||
e2e.WithCommand("exec"), | ||
e2e.WithArgs(joinName, "cat", "/dev/null"), | ||
e2e.ExpectExit(1), | ||
) | ||
|
||
c.env.RunSingularity( | ||
t, | ||
e2e.WithProfile(e2e.RootProfile), | ||
e2e.WithCommand("instance stop"), | ||
e2e.WithArgs(instanceName), | ||
e2e.ExpectExit(0), | ||
) | ||
} | ||
|
||
// E2ETests is the main func to trigger the test suite | ||
func E2ETests(env e2e.TestEnv) testhelper.Tests { | ||
c := &ctx{ | ||
env: env, | ||
} | ||
|
||
np := testhelper.NoParallel | ||
|
||
return testhelper.Tests{ | ||
"instance apply cgroups": np(env.WithCgroupManagers(c.instanceApplyCgroups)), | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
// Copyright (c) 2022 Sylabs Inc. All rights reserved. | ||
// This software is licensed under a 3-clause BSD license. Please consult the | ||
// LICENSE.md file distributed with the sources of this project regarding your | ||
// rights to use or distribute this software. | ||
|
||
package e2e | ||
|
||
import "testing" | ||
|
||
// WithCgroupManagers is a wrapper to call test function f in both the systemd and | ||
// cgroupfs cgroup manager configurations. It *must* be run noparallel, as the | ||
// cgroup manager setting is set / read from global configuration. | ||
func (env TestEnv) WithCgroupManagers(f func(t *testing.T)) func(t *testing.T) { | ||
return func(t *testing.T) { | ||
env.RunSingularity( | ||
t, | ||
WithProfile(RootProfile), | ||
WithCommand("config global"), | ||
WithArgs("--set", "systemd cgroups", "yes"), | ||
ExpectExit(0), | ||
) | ||
|
||
defer env.RunSingularity( | ||
t, | ||
WithProfile(RootProfile), | ||
WithCommand("config global"), | ||
WithArgs("--reset", "systemd cgroups"), | ||
ExpectExit(0), | ||
) | ||
|
||
t.Run("systemd", f) | ||
|
||
env.RunSingularity( | ||
t, | ||
WithProfile(RootProfile), | ||
WithCommand("config global"), | ||
WithArgs("--set", "systemd cgroups", "no"), | ||
ExpectExit(0), | ||
) | ||
|
||
t.Run("cgroupfs", f) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters