From c6e4453f6223bbb2b6cfd5242c0d9af55cd8b121 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Sun, 12 Sep 2021 08:51:53 -0400 Subject: If container exits with 125 podman should exit with 125 fixes: https://github.com/containers/podman/issues/11540 Signed-off-by: Daniel J Walsh --- test/e2e/run_exit_test.go | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test/e2e') diff --git a/test/e2e/run_exit_test.go b/test/e2e/run_exit_test.go index e86718577..6c39e5a1f 100644 --- a/test/e2e/run_exit_test.go +++ b/test/e2e/run_exit_test.go @@ -1,6 +1,7 @@ package integration import ( + "fmt" "os" "github.com/containers/podman/v3/libpod/define" @@ -63,4 +64,10 @@ var _ = Describe("Podman run exit", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(50)) }) + + It("podman run exit 125", func() { + result := podmanTest.Podman([]string{"run", ALPINE, "sh", "-c", fmt.Sprintf("exit %d", define.ExecErrorCodeGeneric)}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(define.ExecErrorCodeGeneric)) + }) }) -- cgit v1.2.3-54-g00ecf From fd8d332a4e440462f2dc8fbd1de4c291187fd92a Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 10 Sep 2021 10:06:45 +0200 Subject: test: enable --cgroup-parent test and fix it for running with runc. Closes: https://github.com/containers/podman/issues/11165 Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_linux.go | 10 +++++----- test/e2e/run_cgroup_parent_test.go | 32 ++++++++++++++------------------ 2 files changed, 19 insertions(+), 23 deletions(-) (limited to 'test/e2e') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index eabe8efd2..ae029dc62 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2489,11 +2489,6 @@ func (c *Container) getOCICgroupPath() (string, error) { switch { case c.config.NoCgroups: return "", nil - case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)): - if !isRootlessCgroupSet(c.config.CgroupParent) { - return "", nil - } - return c.config.CgroupParent, nil case c.config.CgroupsMode == cgroupSplit: if c.config.CgroupParent != "" { return c.config.CgroupParent, nil @@ -2510,6 +2505,11 @@ func (c *Container) getOCICgroupPath() (string, error) { systemdCgroups := fmt.Sprintf("%s:libpod:%s", path.Base(c.config.CgroupParent), c.ID()) logrus.Debugf("Setting CGroups for container %s to %s", c.ID(), systemdCgroups) return systemdCgroups, nil + case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)): + if c.config.CgroupParent == "" || !isRootlessCgroupSet(c.config.CgroupParent) { + return "", nil + } + fallthrough case cgroupManager == config.CgroupfsCgroupsManager: cgroupPath := filepath.Join(c.config.CgroupParent, fmt.Sprintf("libpod-%s", c.ID())) logrus.Debugf("Setting CGroup path for container %s to %s", c.ID(), cgroupPath) diff --git a/test/e2e/run_cgroup_parent_test.go b/test/e2e/run_cgroup_parent_test.go index 82b6c3057..e0e1d4b1d 100644 --- a/test/e2e/run_cgroup_parent_test.go +++ b/test/e2e/run_cgroup_parent_test.go @@ -13,6 +13,8 @@ import ( . "github.com/onsi/gomega/gexec" ) +const cgroupRoot = "/sys/fs/cgroup" + var _ = Describe("Podman run with --cgroup-parent", func() { var ( tempdir string @@ -64,7 +66,6 @@ var _ = Describe("Podman run with --cgroup-parent", func() { }) Specify("always honor --cgroup-parent", func() { - Skip("https://github.com/containers/podman/issues/11165") SkipIfCgroupV1("test not supported in cgroups v1") if Containerized() || podmanTest.CgroupManager == "cgroupfs" { Skip("Requires Systemd cgroup manager support") @@ -78,36 +79,31 @@ var _ = Describe("Podman run with --cgroup-parent", func() { Expect(run).Should(Exit(0)) cid := run.OutputToString() - exec := podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"}) + exec := podmanTest.Podman([]string{"exec", cid, "cat", "/proc/1/cgroup"}) exec.WaitWithDefaultTimeout() Expect(exec).Should(Exit(0)) containerCgroup := strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n") - content, err := ioutil.ReadFile(filepath.Join("/sys/fs/cgroup", containerCgroup, "cgroup.procs")) - Expect(err).To(BeNil()) - // Move the container process to a sub cgroup - subCgroupPath := filepath.Join(filepath.Join("/sys/fs/cgroup", containerCgroup, "old-container")) - - err = os.MkdirAll(subCgroupPath, 0755) + content, err := ioutil.ReadFile(filepath.Join(cgroupRoot, containerCgroup, "cgroup.procs")) Expect(err).To(BeNil()) - - err = ioutil.WriteFile(filepath.Join(subCgroupPath, "cgroup.procs"), content, 0644) + oldSubCgroupPath := filepath.Join(filepath.Join(cgroupRoot, containerCgroup, "old-container")) + err = os.MkdirAll(oldSubCgroupPath, 0755) + Expect(err).To(BeNil()) + err = ioutil.WriteFile(filepath.Join(oldSubCgroupPath, "cgroup.procs"), content, 0644) Expect(err).To(BeNil()) - cgroup := filepath.Dir(containerCgroup) + newCgroup := fmt.Sprintf("%s/new-container", containerCgroup) + err = os.MkdirAll(filepath.Join(cgroupRoot, newCgroup), 0755) + Expect(err).To(BeNil()) - run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "-d", fmt.Sprintf("--cgroup-parent=%s", cgroup), fedoraMinimal, "sleep", "100"}) + run = podmanTest.Podman([]string{"--cgroup-manager=cgroupfs", "run", "--rm", "--cgroupns=host", fmt.Sprintf("--cgroup-parent=%s", newCgroup), fedoraMinimal, "cat", "/proc/self/cgroup"}) run.WaitWithDefaultTimeout() Expect(run).Should(Exit(0)) + cgroupEffective := strings.TrimRight(strings.Replace(run.OutputToString(), "0::", "", -1), "\n") - exec = podmanTest.Podman([]string{"exec", cid, "cat", "/proc/self/cgroup"}) - exec.WaitWithDefaultTimeout() - Expect(exec).Should(Exit(0)) - cgroupEffective := filepath.Dir(strings.TrimRight(strings.Replace(exec.OutputToString(), "0::", "", -1), "\n")) - - Expect(cgroupEffective).To(Equal(cgroup)) + Expect(newCgroup).To(Equal(filepath.Dir(cgroupEffective))) }) Specify("valid --cgroup-parent using slice", func() { -- cgit v1.2.3-54-g00ecf From e0881fd5eb655952528536bb89b70fc781b930ce Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 14 Sep 2021 09:57:37 +0200 Subject: tests: simplify --cgroups=disabled test read the cgroup directly from the container. Signed-off-by: Giuseppe Scrivano --- test/e2e/run_test.go | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) (limited to 'test/e2e') diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 846da283d..cf1ce699e 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1330,28 +1330,23 @@ USER mail`, BB) Skip("Test only works on crun") } + trim := func(i string) string { + return strings.TrimSuffix(i, "\n") + } + curCgroupsBytes, err := ioutil.ReadFile("/proc/self/cgroup") Expect(err).ShouldNot(HaveOccurred()) - var curCgroups = string(curCgroupsBytes) + curCgroups := trim(string(curCgroupsBytes)) fmt.Printf("Output:\n%s\n", curCgroups) Expect(curCgroups).ToNot(Equal("")) - ctrName := "testctr" - container := podmanTest.Podman([]string{"run", "--name", ctrName, "-d", "--cgroups=disabled", ALPINE, "top"}) + container := podmanTest.Podman([]string{"run", "--cgroupns=host", "--cgroups=disabled", ALPINE, "cat", "/proc/self/cgroup"}) container.WaitWithDefaultTimeout() Expect(container).Should(Exit(0)) - // Get PID and get cgroups of that PID - inspectOut := podmanTest.InspectContainer(ctrName) - Expect(len(inspectOut)).To(Equal(1)) - pid := inspectOut[0].State.Pid - Expect(pid).ToNot(Equal(0)) - Expect(inspectOut[0].HostConfig.CgroupParent).To(Equal("")) - - ctrCgroupsBytes, err := ioutil.ReadFile(fmt.Sprintf("/proc/%d/cgroup", pid)) - Expect(err).ShouldNot(HaveOccurred()) - var ctrCgroups = string(ctrCgroupsBytes) + ctrCgroups := trim(container.OutputToString()) fmt.Printf("Output\n:%s\n", ctrCgroups) + Expect(ctrCgroups).To(Equal(curCgroups)) }) -- cgit v1.2.3-54-g00ecf From 939db105c31f332c202d92182fe1aa9a790cdeb5 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 14 Sep 2021 10:22:49 +0200 Subject: tests: enable --cgroups=disabled test for rootless Signed-off-by: Giuseppe Scrivano --- test/e2e/run_test.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'test/e2e') diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index cf1ce699e..cb61aba21 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -11,6 +11,7 @@ import ( "syscall" "time" + "github.com/containers/podman/v3/pkg/cgroups" . "github.com/containers/podman/v3/test/utils" "github.com/containers/storage/pkg/stringid" "github.com/mrunalp/fileutils" @@ -1323,13 +1324,19 @@ USER mail`, BB) }) It("podman run with cgroups=disabled runs without cgroups", func() { - SkipIfRootless("FIXME: I believe this should work but need to fix this test") SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") // Only works on crun if !strings.Contains(podmanTest.OCIRuntime, "crun") { Skip("Test only works on crun") } + ownsCgroup, err := cgroups.UserOwnsCurrentSystemdCgroup() + Expect(err).ShouldNot(HaveOccurred()) + if !ownsCgroup { + // Podman moves itself to a new cgroup if it doesn't own the current cgroup + Skip("Test only works when Podman owns the current cgroup") + } + trim := func(i string) string { return strings.TrimSuffix(i, "\n") } -- cgit v1.2.3-54-g00ecf From 5532cd488b0dd174ebf5675991b4fe8fb1ff9edd Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Tue, 14 Sep 2021 12:16:13 +0200 Subject: libpod: honor --cgroups=split also with pods Honor --cgroups=split also when the container is running in a pod. Signed-off-by: Giuseppe Scrivano --- libpod/container_internal_linux.go | 3 --- test/e2e/run_test.go | 53 +++++++++++++++++++++++--------------- 2 files changed, 32 insertions(+), 24 deletions(-) (limited to 'test/e2e') diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index ae029dc62..4194a0d93 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -2490,9 +2490,6 @@ func (c *Container) getOCICgroupPath() (string, error) { case c.config.NoCgroups: return "", nil case c.config.CgroupsMode == cgroupSplit: - if c.config.CgroupParent != "" { - return c.config.CgroupParent, nil - } selfCgroup, err := utils.GetOwnCgroup() if err != nil { return "", err diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index cb61aba21..ec4b0d997 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -1296,31 +1296,42 @@ USER mail`, BB) SkipIfRootlessCgroupsV1("Disable cgroups not supported on cgroupv1 for rootless users") SkipIfRemote("--cgroups=split cannot be used in remote mode") - container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) - container.WaitWithDefaultTimeout() - Expect(container).Should(Exit(0)) - lines := container.OutputToStringArray() - - cgroup := "" - for _, line := range lines { - parts := strings.SplitN(line, ":", 3) - if !CGROUPSV2 { - // ignore unified on cgroup v1. - // both runc and crun do not set it. - // crun does not set named hierarchies. - if parts[1] == "" || strings.Contains(parts[1], "name=") { + checkLines := func(lines []string) { + cgroup := "" + for _, line := range lines { + parts := strings.SplitN(line, ":", 3) + if len(parts) < 2 { continue } + if !CGROUPSV2 { + // ignore unified on cgroup v1. + // both runc and crun do not set it. + // crun does not set named hierarchies. + if parts[1] == "" || strings.Contains(parts[1], "name=") { + continue + } + } + if parts[2] == "/" { + continue + } + if cgroup == "" { + cgroup = parts[2] + continue + } + Expect(cgroup).To(Equal(parts[2])) } - if parts[2] == "/" { - continue - } - if cgroup == "" { - cgroup = parts[2] - continue - } - Expect(cgroup).To(Equal(parts[2])) } + + container := podmanTest.Podman([]string{"run", "--rm", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) + + // check that --cgroups=split is honored also when a container runs in a pod + container = podmanTest.Podman([]string{"run", "--rm", "--pod", "new:split-test-pod", "--cgroups=split", ALPINE, "cat", "/proc/self/cgroup"}) + container.WaitWithDefaultTimeout() + Expect(container).Should(Exit(0)) + checkLines(container.OutputToStringArray()) }) It("podman run with cgroups=disabled runs without cgroups", func() { -- cgit v1.2.3-54-g00ecf From 0d43151c23237f1e9939715c9de5d47b5937dcd3 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Thu, 16 Sep 2021 09:18:55 -0400 Subject: Remove Pod CPU tests Signed-off-by: Matthew Heon --- test/e2e/pod_create_test.go | 44 -------------------------------------------- 1 file changed, 44 deletions(-) (limited to 'test/e2e') diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 7297bfc6e..ed686b470 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -9,9 +9,7 @@ import ( "strconv" "strings" - "github.com/containers/common/pkg/sysinfo" "github.com/containers/podman/v3/pkg/rootless" - "github.com/containers/podman/v3/pkg/util" . "github.com/containers/podman/v3/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -535,48 +533,6 @@ ENTRYPOINT ["sleep","99999"] Expect(create).Should(Exit(0)) }) - It("podman pod create --cpus", func() { - podName := "testPod" - numCPU := float64(sysinfo.NumCPU()) - period, quota := util.CoresToPeriodAndQuota(numCPU) - numCPUStr := strconv.Itoa(int(numCPU)) - podCreate := podmanTest.Podman([]string{"pod", "create", "--cpus", numCPUStr, "--name", podName}) - podCreate.WaitWithDefaultTimeout() - Expect(podCreate).Should(Exit(0)) - - contCreate := podmanTest.Podman([]string{"container", "create", "--pod", podName, "alpine"}) - contCreate.WaitWithDefaultTimeout() - Expect(podCreate).Should(Exit(0)) - - podInspect := podmanTest.Podman([]string{"pod", "inspect", podName}) - podInspect.WaitWithDefaultTimeout() - Expect(podInspect).Should(Exit(0)) - podJSON := podInspect.InspectPodToJSON() - Expect(podJSON.CPUPeriod).To(Equal(period)) - Expect(podJSON.CPUQuota).To(Equal(quota)) - }) - - It("podman pod create --cpuset-cpus", func() { - podName := "testPod" - ctrName := "testCtr" - numCPU := float64(sysinfo.NumCPU()) - 1 - numCPUStr := strconv.Itoa(int(numCPU)) - in := "0-" + numCPUStr - podCreate := podmanTest.Podman([]string{"pod", "create", "--cpuset-cpus", in, "--name", podName}) - podCreate.WaitWithDefaultTimeout() - Expect(podCreate).Should(Exit(0)) - - contCreate := podmanTest.Podman([]string{"container", "create", "--name", ctrName, "--pod", podName, "alpine"}) - contCreate.WaitWithDefaultTimeout() - Expect(podCreate).Should(Exit(0)) - - podInspect := podmanTest.Podman([]string{"pod", "inspect", podName}) - podInspect.WaitWithDefaultTimeout() - Expect(podInspect).Should(Exit(0)) - podJSON := podInspect.InspectPodToJSON() - Expect(podJSON.CPUSetCPUs).To(Equal(in)) - }) - It("podman pod create --pid", func() { podName := "pidPod" ns := "ns:/proc/self/ns/" -- cgit v1.2.3-54-g00ecf