diff options
Diffstat (limited to 'test/system/260-sdnotify.bats')
-rw-r--r-- | test/system/260-sdnotify.bats | 153 |
1 files changed, 144 insertions, 9 deletions
diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index cd7b1262a..6c3ef7f3f 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -88,7 +88,13 @@ function _assert_mainpid_is_conmon() { export NOTIFY_SOCKET=$PODMAN_TMPDIR/ignore.sock _start_socat - run_podman 1 run --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET + run_podman create --rm --sdnotify=ignore $IMAGE printenv NOTIFY_SOCKET + cid="$output" + + run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}" + is "$output" "ignore " "NOTIFY_SOCKET is not set with 'ignore' mode" + + run_podman 1 start --attach $cid is "$output" "" "\$NOTIFY_SOCKET in container" is "$(< $_SOCAT_LOG)" "" "nothing received on socket" @@ -106,6 +112,9 @@ function _assert_mainpid_is_conmon() { cid="$output" wait_for_ready $cid + run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}" + is "$output" "conmon $NOTIFY_SOCKET" + run_podman container inspect sdnotify_conmon_c --format "{{.State.ConmonPid}}" mainPID="$output" @@ -113,6 +122,7 @@ function _assert_mainpid_is_conmon() { is "$output" "READY" "\$NOTIFY_SOCKET in container" # The 'echo's help us debug failed runs + wait_for_file $_SOCAT_LOG run cat $_SOCAT_LOG echo "socat log:" echo "$output" @@ -132,7 +142,7 @@ READY=1" "sdnotify sent MAINPID and READY" # These tests can fail in dev. environment because of SELinux. # quick fix: chcon -t container_runtime_exec_t ./bin/podman @test "sdnotify : container" { - skip_if_aarch64 "FIXME: #15074 - fails on aarch64 non-remote" + skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64" # Sigh... we need to pull a humongous image because it has systemd-notify. # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this # caused CI to hang. That's why we explicitly require fedora:31) @@ -147,13 +157,18 @@ READY=1" "sdnotify sent MAINPID and READY" _start_socat run_podman run -d --sdnotify=container $_FEDORA \ - sh -c 'printenv NOTIFY_SOCKET;echo READY;systemd-notify --ready;while ! test -f /stop;do sleep 0.1;done' + sh -c 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready' cid="$output" wait_for_ready $cid + run_podman container inspect $cid --format "{{.Config.SdNotifyMode}} {{.Config.SdNotifySocket}}" + is "$output" "container $NOTIFY_SOCKET" + run_podman logs $cid is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container" + run_podman container inspect $cid --format "{{.State.ConmonPid}}" + mainPID="$output" # With container, READY=1 isn't necessarily the last message received; # just look for it anywhere in received messages run cat $_SOCAT_LOG @@ -161,19 +176,25 @@ READY=1" "sdnotify sent MAINPID and READY" echo "socat log:" echo "$output" - is "$output" ".*READY=1" "received READY=1 through notify socket" - - _assert_mainpid_is_conmon "$output" + is "$output" "MAINPID=$mainPID" "Container is not ready yet, so we only know the main PID" # Done. Stop container, clean up. run_podman exec $cid touch /stop run_podman wait $cid + + wait_for_file $_SOCAT_LOG + run cat $_SOCAT_LOG + echo "socat log:" + echo "$output" + is "$output" "MAINPID=$mainPID +READY=1" + run_podman rm $cid run_podman rmi $_FEDORA _stop_socat } -@test "sdnotify : play kube" { +@test "sdnotify : play kube - no policies" { # Create the YAMl file yaml_source="$PODMAN_TMPDIR/test.yaml" cat >$yaml_source <<EOF @@ -202,8 +223,15 @@ EOF _start_socat run_podman play kube --service-container=true $yaml_source + + # Make sure the containers have the correct policy. + run_podman container inspect test_pod-test $service_container --format "{{.Config.SdNotifyMode}}" + is "$output" "ignore +ignore" + run_podman container inspect $service_container --format "{{.State.ConmonPid}}" mainPID="$output" + wait_for_file $_SOCAT_LOG # The 'echo's help us debug failed runs run cat $_SOCAT_LOG echo "socat log:" @@ -216,9 +244,116 @@ READY=1" "sdnotify sent MAINPID and READY" # Clean up pod and pause image run_podman play kube --down $PODMAN_TMPDIR/test.yaml - run_podman version --format "{{.Server.Version}}-{{.Server.Built}}" - podman rmi -f localhost/podman-pause:$output + run_podman rmi $(pause_image) } +@test "sdnotify : play kube - with policies" { + skip_if_aarch64 "FIXME: #15277 sdnotify doesn't work on aarch64" + + # Sigh... we need to pull a humongous image because it has systemd-notify. + # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this + # caused CI to hang. That's why we explicitly require fedora:31) + # FIXME: is there a smaller image we could use? + local _FEDORA="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/fedora:31" + # Pull that image. Retry in case of flakes. + run_podman pull $_FEDORA || \ + run_podman pull $_FEDORA || \ + run_podman pull $_FEDORA + + # Create the YAMl file + yaml_source="$PODMAN_TMPDIR/test.yaml" + cat >$yaml_source <<EOF +apiVersion: v1 +kind: Pod +metadata: + labels: + app: test + name: test_pod + annotations: + io.containers.sdnotify: "container" + io.containers.sdnotify/b: "conmon" +spec: + containers: + - command: + - /bin/sh + - -c + - 'printenv NOTIFY_SOCKET; echo READY; while ! test -f /stop;do sleep 0.1;done;systemd-notify --ready' + image: $_FEDORA + name: a + - command: + - /bin/sh + - -c + - 'echo READY; top' + image: $IMAGE + name: b +EOF + container_a="test_pod-a" + container_b="test_pod-b" + + # The name of the service container is predictable: the first 12 characters + # of the hash of the YAML file followed by the "-service" suffix + yaml_sha=$(sha256sum $yaml_source) + service_container="${yaml_sha:0:12}-service" + + export NOTIFY_SOCKET=$PODMAN_TMPDIR/conmon.sock + _start_socat + + # Run `play kube` in the background as it will wait for all containers to + # send the READY=1 message. + timeout --foreground -v --kill=10 60 \ + $PODMAN play kube --service-container=true $yaml_source &>/dev/null & + + # Wait for both containers to be running + for i in $(seq 1 20); do + run_podman "?" container wait $container_a $container_b --condition="running" + if [[ $status == 0 ]]; then + break + fi + sleep 0.5 + # Just for debugging + run_podman ps -a + done + if [[ $status != 0 ]]; then + die "container $container_a and/or $container_b did not start" + fi + + # Make sure the containers have the correct policy + run_podman container inspect $container_a $container_b $service_container --format "{{.Config.SdNotifyMode}}" + is "$output" "container +conmon +ignore" + + is "$(< $_SOCAT_LOG)" "" "nothing received on socket" + + # Make sure the container received a "proxy" socket and is not using the + # one of `kube play` + run_podman container inspect $container_a --format "{{.Config.SdNotifySocket}}" + assert "$output" != $NOTIFY_SOCKET + + run_podman logs $container_a + is "${lines[0]}" "/run/notify/notify.sock" "NOTIFY_SOCKET is passed to container" + + # Instruct the container to send the READY + run_podman exec $container_a /bin/touch /stop + + run_podman container inspect $service_container --format "{{.State.ConmonPid}}" + main_pid="$output" + + run_podman container wait $container_a + wait_for_file $_SOCAT_LOG + # The 'echo's help us debug failed runs + run cat $_SOCAT_LOG + echo "socat log:" + echo "$output" + + is "$output" "MAINPID=$main_pid +READY=1" "sdnotify sent MAINPID and READY" + + _stop_socat + + # Clean up pod and pause image + run_podman play kube --down $yaml_source + run_podman rmi $_FEDORA $(pause_image) +} # vim: filetype=sh |