From e6ab56657479456cf7dafc655e504b6100dd7374 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 9 Dec 2020 13:32:56 -0500 Subject: Disable blkio.weight test on Ubuntu These tests fail with `Error: opening file `io.bfq.weight` for writing: Permission denied: OCI permission denied`. Upon examination of the VMs, it was found the kernel and OS lacks support for the `BFQ` scheduler (which supplies the `weight` option). The only available schedulers are `none` and `mq-deadline`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich --- test/e2e/run_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index dbdd6a072..c32446663 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -493,7 +493,9 @@ USER bin` Skip("Kernel does not support blkio.weight") } } - + if podmanTest.Host.Distribution == "ubuntu" { + Skip("Ubuntu <= 20.10 lacks BFQ scheduler") + } if CGROUPSV2 { // convert linearly from [10-1000] to [1-10000] session := podmanTest.Podman([]string{"run", "--rm", "--blkio-weight=15", ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.bfq.weight"}) -- cgit v1.2.3-54-g00ecf From 8997a2d106a26fa1c643824b0c2638aedd05159a Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 10 Dec 2020 11:48:36 -0500 Subject: Disable pod stats tests in containerized Fedora w/ CGroupsV1 Nearly/all of the 'podman stats' tests fail on Fedora when executing testing inside a container, and CGroupsV1 is used on the host. The typical failure message is of the form `Error: unable to load cgroup at /machine.slice/.../: cgroup deleted`. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich --- test/e2e/pod_stats_test.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'test') diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 41fc59267..85a60b29b 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -20,6 +20,9 @@ var _ = Describe("Podman pod stats", func() { if os.Geteuid() != 0 { SkipIfCgroupV2("--cgroup-manager=cgroupfs which doesn't work in rootless mode") } + if isContainerized() { + SkipIfCgroupV1("All tests fail Error: unable to load cgroup at ...: cgroup deleted") + } tempdir, err = CreateTempDirInTempDir() if err != nil { -- cgit v1.2.3-54-g00ecf From e6fbc15f26b2a609936dfc11732037c70ee14cba Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 11 Dec 2020 13:52:29 -0500 Subject: Disable CGv1 pod stats on net=host post This should be addressed by PR https://github.com/containers/podman/pull/8685 Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich --- test/e2e/pod_stats_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 85a60b29b..9af410fcc 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -179,7 +179,8 @@ var _ = Describe("Podman pod stats", func() { It("podman stats on net=host post", func() { // --net=host not supported for rootless pods at present - SkipIfRootlessCgroupsV1("Pause stats not supported in cgroups v1") + // problem with sysctls being passed to containers of the pod. + SkipIfCgroupV1("Bug: Error: sysctl net.ipv4.ping_group_range is not allowed in the hosts network namespace: OCI runtime error") podName := "testPod" podCreate := podmanTest.Podman([]string{"pod", "create", "--net=host", "--name", podName}) podCreate.WaitWithDefaultTimeout() -- cgit v1.2.3-54-g00ecf From 0bb865e6c24942afec3757abd7ea6375be182190 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 10 Dec 2020 14:07:46 -0500 Subject: Disable rootless pod stats tests w/ CgroupV1 When running as rootless, on a CgroupV1 host these tests all report: `Error: pod stats is not supported in rootless mode without cgroups v2` Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich --- test/e2e/pod_stats_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'test') diff --git a/test/e2e/pod_stats_test.go b/test/e2e/pod_stats_test.go index 9af410fcc..a034ec2d1 100644 --- a/test/e2e/pod_stats_test.go +++ b/test/e2e/pod_stats_test.go @@ -17,9 +17,7 @@ var _ = Describe("Podman pod stats", func() { ) BeforeEach(func() { - if os.Geteuid() != 0 { - SkipIfCgroupV2("--cgroup-manager=cgroupfs which doesn't work in rootless mode") - } + SkipIfRootless("Tests fail with both CGv1/2 + required --cgroup-manager=cgroupfs") if isContainerized() { SkipIfCgroupV1("All tests fail Error: unable to load cgroup at ...: cgroup deleted") } -- cgit v1.2.3-54-g00ecf From 427731ab9c977f1b89b49ff23d3adcffb6212f49 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 11 Dec 2020 10:19:22 -0500 Subject: Disable incompatible rootless + CGroupsV1 tests These tests simply will not work under these conditions. Note: Recently updated F32 (prior-fedora) and Ubuntu 20.04 (prior-ubuntu) VMs always use CGroupsV1 with runc. F33 and Ubuntu 20.10 were updated to always use CGroupsV2 with crun. Signed-off-by: Chris Evich --- test/e2e/containers_conf_test.go | 2 ++ test/e2e/generate_kube_test.go | 1 + test/e2e/pod_infra_container_test.go | 1 + test/e2e/pod_kill_test.go | 1 + test/e2e/pod_ps_test.go | 1 + test/e2e/run_ns_test.go | 2 ++ test/e2e/run_selinux_test.go | 1 + test/e2e/toolbox_test.go | 1 + 8 files changed, 10 insertions(+) (limited to 'test') diff --git a/test/e2e/containers_conf_test.go b/test/e2e/containers_conf_test.go index 28672cfc6..719ac9fac 100644 --- a/test/e2e/containers_conf_test.go +++ b/test/e2e/containers_conf_test.go @@ -82,6 +82,7 @@ var _ = Describe("Podman run", func() { }) It("podman Capabilities in containers.conf", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") cap := podmanTest.Podman([]string{"run", ALPINE, "grep", "CapEff", "/proc/self/status"}) cap.WaitWithDefaultTimeout() Expect(cap.ExitCode()).To(Equal(0)) @@ -121,6 +122,7 @@ var _ = Describe("Podman run", func() { }) verifyNSHandling := func(nspath, option string) { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") os.Setenv("CONTAINERS_CONF", "config/containers-ns.conf") if IsRemote() { podmanTest.RestartRemoteService() diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 0950a9321..239817e6c 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -471,6 +471,7 @@ var _ = Describe("Podman generate kube", func() { }) It("podman generate kube multiple pods should fail", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") pod1 := podmanTest.Podman([]string{"run", "-dt", "--pod", "new:pod1", ALPINE, "top"}) pod1.WaitWithDefaultTimeout() Expect(pod1.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index 7ec36b2f8..452a3de21 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -225,6 +225,7 @@ var _ = Describe("Podman pod create", func() { }) It("podman pod container can override pod pid NS", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") session := podmanTest.Podman([]string{"pod", "create", "--share", "pid"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/pod_kill_test.go b/test/e2e/pod_kill_test.go index f968f73a6..710147893 100644 --- a/test/e2e/pod_kill_test.go +++ b/test/e2e/pod_kill_test.go @@ -127,6 +127,7 @@ var _ = Describe("Podman pod kill", func() { }) It("podman pod kill all", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/pod_ps_test.go b/test/e2e/pod_ps_test.go index ea8d10e78..225da785c 100644 --- a/test/e2e/pod_ps_test.go +++ b/test/e2e/pod_ps_test.go @@ -157,6 +157,7 @@ var _ = Describe("Podman ps", func() { }) It("podman pod ps --ctr-names", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") _, ec, podid := podmanTest.CreatePod("") Expect(ec).To(Equal(0)) diff --git a/test/e2e/run_ns_test.go b/test/e2e/run_ns_test.go index 5242e04d2..51657cb1e 100644 --- a/test/e2e/run_ns_test.go +++ b/test/e2e/run_ns_test.go @@ -35,6 +35,7 @@ var _ = Describe("Podman run ns", func() { }) It("podman run pidns test", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") session := podmanTest.Podman([]string{"run", fedoraMinimal, "bash", "-c", "echo $$"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) @@ -105,6 +106,7 @@ var _ = Describe("Podman run ns", func() { }) It("podman run --ipc=host --pid=host", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") cmd := exec.Command("ls", "-l", "/proc/self/ns/pid") res, err := cmd.Output() Expect(err).To(BeNil()) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 3294f6d3b..2e9d38e2d 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -274,6 +274,7 @@ var _ = Describe("Podman run", func() { }) It("podman test --pid=host", func() { + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") session := podmanTest.Podman([]string{"run", "--pid=host", ALPINE, "cat", "/proc/self/attr/current"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) diff --git a/test/e2e/toolbox_test.go b/test/e2e/toolbox_test.go index 6f04ce48c..6de775983 100644 --- a/test/e2e/toolbox_test.go +++ b/test/e2e/toolbox_test.go @@ -121,6 +121,7 @@ var _ = Describe("Toolbox-specific testing", func() { if podmanTest.RemoteTest { Skip("Shm size check does not work with a remote client") } + SkipIfRootlessCgroupsV1("Not supported for rootless + CGroupsV1") var session *PodmanSessionIntegration var cmd *exec.Cmd var hostShmSize, containerShmSize int -- cgit v1.2.3-54-g00ecf From f66ecc882df822260e41de24b1c5f44a1ba3c3ad Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 16 Dec 2020 08:55:16 -0500 Subject: Fix: unpause not supported for CGv1 rootless Thanks Ed Santiago for the fix. Signed-off-by: Chris Evich --- test/system/600-completion.bats | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/system/600-completion.bats b/test/system/600-completion.bats index 1e43cdc41..39906704e 100644 --- a/test/system/600-completion.bats +++ b/test/system/600-completion.bats @@ -8,6 +8,17 @@ load helpers +# Returns true if we are able to podman-pause +function _can_pause() { + # Even though we're just trying completion, not an actual unpause, + # podman barfs with: + # Error: unpause is not supported for cgroupv1 rootless containers + if is_rootless && is_cgroupsv1; then + return 1 + fi + return 0 +} + function check_shell_completion() { local count=0 @@ -70,8 +81,13 @@ function check_shell_completion() { ;; *CONTAINER*) + # podman unpause fails early on rootless cgroupsv1 + if [[ $cmd = "unpause" ]] && ! _can_pause; then + continue 2 + fi + run_completion "$@" $cmd "${extra_args[@]}" "" - is "$output" ".*-$random_container_name${nl}" "Found expected container in suggestions" + is "$output" ".*-$random_container_name${nl}" "Found expected container in suggestions for '$cmd'" match=true # resume @@ -212,7 +228,9 @@ function _check_completion_end() { run_podman create --name created-$random_container_name $IMAGE run_podman run --name running-$random_container_name -d $IMAGE top run_podman run --name pause-$random_container_name -d $IMAGE top - run_podman pause pause-$random_container_name + if _can_pause; then + run_podman pause pause-$random_container_name + fi run_podman run --name exited-$random_container_name -d $IMAGE echo exited # create pods for each state -- cgit v1.2.3-54-g00ecf