aboutsummaryrefslogtreecommitdiff
path: root/test/system/260-sdnotify.bats
diff options
context:
space:
mode:
Diffstat (limited to 'test/system/260-sdnotify.bats')
-rw-r--r--test/system/260-sdnotify.bats153
1 files changed, 144 insertions, 9 deletions
diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats
index cd7b1262a..6c3ef7f3f 100644
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@@ -88,7 +88,13 @@ function _assert_mainpid_is_conmon() {
export NOTIFY_SOCKET=$PODMAN_TMPDIR/ignore.sock
_start_socat
- run_podman 1 run --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET
+ run_podman create --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET
+ cid="$output"
+
+ run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+ is "$output" "ignore " "NOTIFY_SOCKET is not set with 'ignore' mode"
+
+ run_podman 1 start --attach $cid
is "$output" "" "\$NOTIFY_SOCKET in container"
is "$(< $_SOCAT_LOG)" "" "nothing received on socket"
@@ -106,6 +112,9 @@ function _assert_mainpid_is_conmon() {
cid="$output"
wait_for_ready $cid
+ run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+ is "$output" "conmon $NOTIFY_SOCKET"
+
run_podman container inspect sdnotify_conmon_c --format "{{.State.ConmonPid}}"
mainPID="$output"
@@ -113,6 +122,7 @@ function _assert_mainpid_is_conmon() {
is "$output" "READY" "\$NOTIFY_SOCKET in container"
# The 'echo's help us debug failed runs
+ wait_for_file $_SOCAT_LOG
run cat $_SOCAT_LOG
echo "socat log:"
echo "$output"
@@ -132,7 +142,7 @@ READY=1" "sdnotify sent MAINPID and READY"
# These tests can fail in dev. environment because of SELinux.
# quick fix: chcon -t container_runtime_exec_t ./bin/podman
@test "sdnotify : container" {
- skip_if_aarch64 "FIXME: #15074 - fails on aarch64 non-remote"
+ skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64"
# Sigh... we need to pull a humongous image because it has systemd-notify.
# (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
# caused CI to hang. That's why we explicitly require fedora:31)
@@ -147,13 +157,18 @@ READY=1" "sdnotify sent MAINPID and READY"
_start_socat
run_podman run -d --sdnotify=container $_FEDORA \
- sh -c 'printenv NOTIFY_SOCKET;echo READY;systemd-notify --ready;while ! test -f /stop;do sleep 0.1;done'
+ sh -c 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready'
cid="$output"
wait_for_ready $cid
+ run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}"
+ is "$output" "container $NOTIFY_SOCKET"
+
run_podman logs $cid
is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container"
+ run_podman container inspect $cid --format "{{.State.ConmonPid}}"
+ mainPID="$output"
# With container, READY=1 isn't necessarily the last message received;
# just look for it anywhere in received messages
run cat $_SOCAT_LOG
@@ -161,19 +176,25 @@ READY=1" "sdnotify sent MAINPID and READY"
echo "socat log:"
echo "$output"
- is "$output" ".*READY=1" "received READY=1 through notify socket"
-
- _assert_mainpid_is_conmon "$output"
+ is "$output" "MAINPID=$mainPID" "Container is not ready yet, so we only know the main PID"
# Done. Stop container, clean up.
run_podman exec $cid touch /stop
run_podman wait $cid
+
+ wait_for_file $_SOCAT_LOG
+ run cat $_SOCAT_LOG
+ echo "socat log:"
+ echo "$output"
+ is "$output" "MAINPID=$mainPID
+READY=1"
+
run_podman rm $cid
run_podman rmi $_FEDORA
_stop_socat
}
-@test "sdnotify : play kube" {
+@test "sdnotify : play kube - no policies" {
# Create the YAMl file
yaml_source="$PODMAN_TMPDIR/test.yaml"
cat >$yaml_source <<EOF
@@ -202,8 +223,15 @@ EOF
_start_socat
run_podman play kube --service-container=true $yaml_source
+
+ # Make sure the containers have the correct policy.
+ run_podman container inspect test_pod-test $service_container --format "{{.Config.SdNotifyMode}}"
+ is "$output" "ignore
+ignore"
+
run_podman container inspect $service_container --format "{{.State.ConmonPid}}"
mainPID="$output"
+ wait_for_file $_SOCAT_LOG
# The 'echo's help us debug failed runs
run cat $_SOCAT_LOG
echo "socat log:"
@@ -216,9 +244,116 @@ READY=1" "sdnotify sent MAINPID and READY"
# Clean up pod and pause image
run_podman play kube --down $PODMAN_TMPDIR/test.yaml
- run_podman version --format "{{.Server.Version}}-{{.Server.Built}}"
- podman rmi -f localhost/podman-pause:$output
+ run_podman rmi $(pause_image)
}
+@test "sdnotify : play kube - with policies" {
+ skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64"
+
+ # Sigh... we need to pull a humongous image because it has systemd-notify.
+ # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
+ # caused CI to hang. That's why we explicitly require fedora:31)
+ # FIXME: is there a smaller image we could use?
+ local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31"
+ # Pull that image. Retry in case of flakes.
+ run_podman pull $_FEDORA || \
+ run_podman pull $_FEDORA || \
+ run_podman pull $_FEDORA
+
+ # Create the YAMl file
+ yaml_source="$PODMAN_TMPDIR/test.yaml"
+ cat >$yaml_source <<EOF
+apiVersion: v1
+kind: Pod
+metadata:
+ labels:
+ app: test
+ name: test_pod
+ annotations:
+ io.containers.sdnotify: "container"
+ io.containers.sdnotify/b: "conmon"
+spec:
+ containers:
+ - command:
+ - /bin/sh
+ - -c
+ - 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready'
+ image: $_FEDORA
+ name: a
+ - command:
+ - /bin/sh
+ - -c
+ - 'echo READY; top'
+ image: $IMAGE
+ name: b
+EOF
+ container_a="test_pod-a"
+ container_b="test_pod-b"
+
+ # The name of the service container is predictable: the first 12 characters
+ # of the hash of the YAML file followed by the "-service" suffix
+ yaml_sha=$(sha256sum $yaml_source)
+ service_container="${yaml_sha:0:12}-service"
+
+ export NOTIFY_SOCKET=$PODMAN_TMPDIR/conmon.sock
+ _start_socat
+
+ # Run `play kube` in the background as it will wait for all containers to
+ # send the READY=1 message.
+ timeout --foreground -v --kill=10 60 \
+ $PODMAN play kube --service-container=true $yaml_source &>/dev/null &
+
+ # Wait for both containers to be running
+ for i in $(seq 1 20); do
+ run_podman "?" container wait $container_a $container_b --condition="running"
+ if [[ $status == 0 ]]; then
+ break
+ fi
+ sleep 0.5
+ # Just for debugging
+ run_podman ps -a
+ done
+ if [[ $status != 0 ]]; then
+ die "container $container_a and/or $container_b did not start"
+ fi
+
+ # Make sure the containers have the correct policy
+ run_podman container inspect $container_a $container_b $service_container --format "{{.Config.SdNotifyMode}}"
+ is "$output" "container
+conmon
+ignore"
+
+ is "$(< $_SOCAT_LOG)" "" "nothing received on socket"
+
+ # Make sure the container received a "proxy" socket and is not using the
+ # one of `kube play`
+ run_podman container inspect $container_a --format "{{.Config.SdNotifySocket}}"
+ assert "$output" != $NOTIFY_SOCKET
+
+ run_podman logs $container_a
+ is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container"
+
+ # Instruct the container to send the READY
+ run_podman exec $container_a /bin/touch /stop
+
+ run_podman container inspect $service_container --format "{{.State.ConmonPid}}"
+ main_pid="$output"
+
+ run_podman container wait $container_a
+ wait_for_file $_SOCAT_LOG
+ # The 'echo's help us debug failed runs
+ run cat $_SOCAT_LOG
+ echo "socat log:"
+ echo "$output"
+
+ is "$output" "MAINPID=$main_pid
+READY=1" "sdnotify sent MAINPID and READY"
+
+ _stop_socat
+
+ # Clean up pod and pause image
+ run_podman play kube --down $yaml_source
+ run_podman rmi $_FEDORA $(pause_image)
+}
# vim: filetype=sh