2016-09-20 10:23:34 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Root directory of integration tests.
|
|
|
|
INTEGRATION_ROOT=$(dirname "$(readlink -f "$BASH_SOURCE")")
|
|
|
|
|
|
|
|
# Test data path.
|
2016-09-27 07:14:31 +00:00
|
|
|
TESTDATA="${INTEGRATION_ROOT}/testdata"
|
2016-09-20 10:23:34 +00:00
|
|
|
|
|
|
|
# Root directory of the repository.
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO_ROOT=${CRIO_ROOT:-$(cd "$INTEGRATION_ROOT/../.."; pwd -P)}
|
2016-09-20 10:23:34 +00:00
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Path of the crio binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
CRIO_BINARY=${CRIO_BINARY:-${CRIO_ROOT}/cri-o/bin/crio}
|
2017-08-22 14:00:21 +00:00
|
|
|
# Path of the crictl binary.
|
|
|
|
CRICTL_PATH=$(command -v crictl || true)
|
|
|
|
CRICTL_BINARY=${CRICTL_PATH:-/usr/bin/crictl}
|
2016-09-20 10:23:34 +00:00
|
|
|
# Path of the conmon binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
CONMON_BINARY=${CONMON_BINARY:-${CRIO_ROOT}/cri-o/bin/conmon}
|
2016-10-02 09:11:07 +00:00
|
|
|
# Path of the pause binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
PAUSE_BINARY=${PAUSE_BINARY:-${CRIO_ROOT}/cri-o/bin/pause}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Path of the default seccomp profile.
|
2017-05-15 22:05:58 +00:00
|
|
|
SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/cri-o/seccomp.json}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Name of the default apparmor profile.
|
2017-05-12 13:36:15 +00:00
|
|
|
APPARMOR_PROFILE=${APPARMOR_PROFILE:-crio-default}
|
2017-01-25 23:58:13 +00:00
|
|
|
# Runtime
|
|
|
|
RUNTIME=${RUNTIME:-runc}
|
|
|
|
RUNTIME_PATH=$(command -v $RUNTIME || true)
|
|
|
|
RUNTIME_BINARY=${RUNTIME_PATH:-/usr/local/sbin/runc}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Path of the apparmor_parser binary.
|
|
|
|
APPARMOR_PARSER_BINARY=${APPARMOR_PARSER_BINARY:-/sbin/apparmor_parser}
|
|
|
|
# Path of the apparmor profile for test.
|
|
|
|
APPARMOR_TEST_PROFILE_PATH=${APPARMOR_TEST_PROFILE_PATH:-${TESTDATA}/apparmor_test_deny_write}
|
2017-05-12 13:36:15 +00:00
|
|
|
# Path of the apparmor profile for unloading crio-default.
|
2017-05-15 22:05:58 +00:00
|
|
|
FAKE_CRIO_DEFAULT_PROFILE_PATH=${FAKE_CRIO_DEFAULT_PROFILE_PATH:-${TESTDATA}/fake_crio_default}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Name of the apparmor profile for test.
|
2016-12-02 07:13:41 +00:00
|
|
|
APPARMOR_TEST_PROFILE_NAME=${APPARMOR_TEST_PROFILE_NAME:-apparmor-test-deny-write}
|
|
|
|
# Path of boot config.
|
|
|
|
BOOT_CONFIG_FILE_PATH=${BOOT_CONFIG_FILE_PATH:-/boot/config-`uname -r`}
|
|
|
|
# Path of apparmor parameters file.
|
|
|
|
APPARMOR_PARAMETERS_FILE_PATH=${APPARMOR_PARAMETERS_FILE_PATH:-/sys/module/apparmor/parameters/enabled}
|
2016-12-16 23:34:51 +00:00
|
|
|
# Path of the bin2img binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
BIN2IMG_BINARY=${BIN2IMG_BINARY:-${CRIO_ROOT}/cri-o/test/bin2img/bin2img}
|
2017-01-10 22:57:22 +00:00
|
|
|
# Path of the copyimg binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
COPYIMG_BINARY=${COPYIMG_BINARY:-${CRIO_ROOT}/cri-o/test/copyimg/copyimg}
|
2017-01-19 17:06:34 +00:00
|
|
|
# Path of tests artifacts.
|
2017-05-15 22:05:58 +00:00
|
|
|
ARTIFACTS_PATH=${ARTIFACTS_PATH:-${CRIO_ROOT}/cri-o/.artifacts}
|
2017-01-19 17:11:02 +00:00
|
|
|
# Path of the checkseccomp binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
CHECKSECCOMP_BINARY=${CHECKSECCOMP_BINARY:-${CRIO_ROOT}/cri-o/test/checkseccomp/checkseccomp}
|
2017-03-22 12:07:15 +00:00
|
|
|
# XXX: This is hardcoded inside cri-o at the moment.
|
2017-05-12 13:36:15 +00:00
|
|
|
DEFAULT_LOG_PATH=/var/log/crio/pods
|
2017-05-18 15:39:44 +00:00
|
|
|
# Cgroup manager to be used
|
|
|
|
CGROUP_MANAGER=${CGROUP_MANAGER:-cgroupfs}
|
2017-07-07 02:09:58 +00:00
|
|
|
# Image volumes handling
|
|
|
|
IMAGE_VOLUMES=${IMAGE_VOLUMES:-mkdir}
|
2017-07-10 23:43:40 +00:00
|
|
|
# Container pids limit
|
|
|
|
PIDS_LIMIT=${PIDS_LIMIT:-1024}
|
2017-09-25 22:37:55 +00:00
|
|
|
# Log size max limit
|
|
|
|
LOG_SIZE_MAX_LIMIT=${LOG_SIZE_MAX_LIMIT:--1}
|
2017-11-10 03:24:34 +00:00
|
|
|
# enable share container pid namespace
|
2017-11-18 00:52:06 +00:00
|
|
|
ENABLE_SHARED_PID_NAMESPACE=${ENABLE_SHARED_PID_NAMESPACE:-false}
|
2016-09-20 10:23:34 +00:00
|
|
|
|
2016-09-21 09:03:57 +00:00
|
|
|
TESTDIR=$(mktemp -d)
|
2017-07-18 14:45:18 +00:00
|
|
|
|
2017-08-31 13:04:02 +00:00
|
|
|
# kpod pull needs a configuration file for shortname pulls
|
|
|
|
export REGISTRIES_CONFIG_PATH="$INTEGRATION_ROOT/registries.conf"
|
|
|
|
|
2017-08-12 10:29:22 +00:00
|
|
|
# Setup default hooks dir
|
|
|
|
HOOKSDIR=$TESTDIR/hooks
|
|
|
|
mkdir ${HOOKSDIR}
|
|
|
|
HOOKS_OPTS="--hooks-dir-path=$HOOKSDIR"
|
|
|
|
|
2017-10-12 18:14:42 +00:00
|
|
|
# Setup default secrets mounts
|
|
|
|
MOUNT_PATH="$TESTDIR/secrets"
|
|
|
|
mkdir ${MOUNT_PATH}
|
|
|
|
MOUNT_FILE="${MOUNT_PATH}/test.txt"
|
|
|
|
touch ${MOUNT_FILE}
|
|
|
|
echo "Testing secrets mounts!" > ${MOUNT_FILE}
|
|
|
|
|
|
|
|
DEFAULT_MOUNTS_OPTS="--default-mounts=${MOUNT_PATH}:/container/path1"
|
2017-09-22 15:10:15 +00:00
|
|
|
|
2017-07-18 14:45:18 +00:00
|
|
|
# We may need to set some default storage options.
|
|
|
|
case "$(stat -f -c %T ${TESTDIR})" in
|
|
|
|
aufs)
|
|
|
|
# None of device mapper, overlay, or aufs can be used dependably over aufs, and of course btrfs and zfs can't,
|
|
|
|
# and we have to explicitly specify the "vfs" driver in order to use it, so do that now.
|
2017-10-24 21:54:09 +00:00
|
|
|
STORAGE_OPTIONS=${STORAGE_OPTIONS:---storage-driver vfs}
|
2017-07-18 14:45:18 +00:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2016-10-17 12:48:14 +00:00
|
|
|
if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
|
2016-10-14 21:26:13 +00:00
|
|
|
. /etc/selinux/config
|
|
|
|
filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts)
|
|
|
|
chcon -R ${filelabel} $TESTDIR
|
|
|
|
fi
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO_SOCKET="$TESTDIR/crio.sock"
|
|
|
|
CRIO_CONFIG="$TESTDIR/crio.conf"
|
|
|
|
CRIO_CNI_CONFIG="$TESTDIR/cni/net.d/"
|
2017-09-26 17:34:17 +00:00
|
|
|
CRIO_CNI_PLUGIN=${CRIO_CNI_PLUGIN:-/opt/cni/bin/}
|
2016-12-17 11:29:27 +00:00
|
|
|
POD_CIDR="10.88.0.0/16"
|
|
|
|
POD_CIDR_MASK="10.88.*.*"
|
2016-09-21 09:03:57 +00:00
|
|
|
|
|
|
|
cp "$CONMON_BINARY" "$TESTDIR/conmon"
|
|
|
|
|
|
|
|
PATH=$PATH:$TESTDIR
|
2016-09-20 10:23:34 +00:00
|
|
|
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
# Make sure we have a copy of the redis:alpine image.
|
2017-01-19 17:06:34 +00:00
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/redis-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/redis-image
|
2017-05-05 12:49:02 +00:00
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://redis:alpine --export-to=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
2017-01-10 22:57:22 +00:00
|
|
|
echo "Error pulling docker://redis"
|
2017-01-19 17:06:34 +00:00
|
|
|
rm -fr "$ARTIFACTS_PATH"/redis-image
|
2017-01-10 22:57:22 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-05-25 09:11:14 +00:00
|
|
|
# Make sure we have a copy of the runcom/stderr-test image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/stderr-test ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/stderr-test
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://runcom/stderr-test:latest --export-to=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://stderr-test"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/stderr-test
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-03-22 12:07:15 +00:00
|
|
|
# Make sure we have a copy of the busybox:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/busybox-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/busybox-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://busybox --export-to=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://busybox"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/busybox-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-05-23 21:48:57 +00:00
|
|
|
# Make sure we have a copy of the mrunalp/oom:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/oom-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/oom-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/oom --export-to=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://mrunalp/oom"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/oom-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-07-07 02:09:58 +00:00
|
|
|
# Make sure we have a copy of the mrunalp/image-volume-test:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/image-volume-test-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/image-volume-test-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/image-volume-test --export-to=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://mrunalp/image-volume-test-image"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/image-volume-test-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
2017-05-15 22:05:58 +00:00
|
|
|
# Run crio using the binary specified by $CRIO_BINARY.
|
2017-05-12 13:36:15 +00:00
|
|
|
# This must ONLY be run on engines created with `start_crio`.
|
|
|
|
function crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
"$CRIO_BINARY" --listen "$CRIO_SOCKET" "$@"
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2017-08-22 14:00:21 +00:00
|
|
|
# Run crictl using the binary specified by $CRICTL_BINARY.
|
|
|
|
function crictl() {
|
|
|
|
"$CRICTL_BINARY" -r "$CRIO_SOCKET" -i "$CRIO_SOCKET" "$@"
|
|
|
|
}
|
|
|
|
|
2016-09-20 10:23:34 +00:00
|
|
|
# Communicate with Docker on the host machine.
|
|
|
|
# Should rarely use this.
|
|
|
|
function docker_host() {
|
|
|
|
command docker "$@"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Retry a command $1 times until it succeeds. Wait $2 seconds between retries.
|
|
|
|
function retry() {
|
|
|
|
local attempts=$1
|
|
|
|
shift
|
|
|
|
local delay=$1
|
|
|
|
shift
|
|
|
|
local i
|
|
|
|
|
|
|
|
for ((i=0; i < attempts; i++)); do
|
|
|
|
run "$@"
|
|
|
|
if [[ "$status" -eq 0 ]] ; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
sleep $delay
|
|
|
|
done
|
|
|
|
|
|
|
|
echo "Command \"$@\" failed $attempts times. Output: $output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
|
2017-11-11 11:05:36 +00:00
|
|
|
# Waits until crio becomes reachable.
|
2016-09-20 10:23:34 +00:00
|
|
|
function wait_until_reachable() {
|
2017-11-11 11:05:36 +00:00
|
|
|
retry 15 1 crictl info
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Start crio.
|
|
|
|
function start_crio() {
|
2016-12-02 07:13:41 +00:00
|
|
|
if [[ -n "$1" ]]; then
|
|
|
|
seccomp="$1"
|
|
|
|
else
|
|
|
|
seccomp="$SECCOMP_PROFILE"
|
|
|
|
fi
|
2016-11-23 09:41:48 +00:00
|
|
|
|
2016-12-02 07:13:41 +00:00
|
|
|
if [[ -n "$2" ]]; then
|
|
|
|
apparmor="$2"
|
|
|
|
else
|
|
|
|
apparmor="$APPARMOR_PROFILE"
|
|
|
|
fi
|
2016-12-01 13:15:47 +00:00
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Don't forget: bin2img, copyimg, and crio have their own default drivers, so if you override any, you probably need to override them all
|
2016-12-16 23:34:51 +00:00
|
|
|
if ! [ "$3" = "--no-pause-image" ] ; then
|
2017-10-24 21:54:09 +00:00
|
|
|
"$BIN2IMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --source-binary "$PAUSE_BINARY"
|
2016-12-16 23:34:51 +00:00
|
|
|
fi
|
2017-10-30 21:18:42 +00:00
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/redis:alpine --import-from=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/mrunalp/oom:latest --import-from=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/mrunalp/image-volume-test:latest --import-from=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/busybox:latest --import-from=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/runcom/stderr-test:latest --import-from=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json
|
2017-11-18 00:52:06 +00:00
|
|
|
"$CRIO_BINARY" ${DEFAULT_MOUNTS_OPTS} ${HOOKS_OPTS} --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --cgroup-manager "$CGROUP_MANAGER" --registry "docker.io" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTIONS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --cni-plugin-dir "$CRIO_CNI_PLUGIN" --signature-policy "$INTEGRATION_ROOT"/policy.json --image-volumes "$IMAGE_VOLUMES" --pids-limit "$PIDS_LIMIT" --enable-shared-pid-namespace=${ENABLE_SHARED_PID_NAMESPACE} --log-size-max "$LOG_SIZE_MAX_LIMIT" --config /dev/null config >$CRIO_CONFIG
|
2017-04-06 21:57:27 +00:00
|
|
|
|
|
|
|
# Prepare the CNI configuration files, we're running with non host networking by default
|
2017-05-04 16:41:15 +00:00
|
|
|
if [[ -n "$4" ]]; then
|
|
|
|
netfunc="$4"
|
|
|
|
else
|
|
|
|
netfunc="prepare_network_conf"
|
|
|
|
fi
|
|
|
|
${netfunc} $POD_CIDR
|
2017-04-06 21:57:27 +00:00
|
|
|
|
2017-09-27 09:33:03 +00:00
|
|
|
"$CRIO_BINARY" --log-level debug --config "$CRIO_CONFIG" & CRIO_PID=$!
|
2016-09-20 10:23:34 +00:00
|
|
|
wait_until_reachable
|
2017-01-16 18:19:44 +00:00
|
|
|
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti redis:alpine
|
2017-01-16 18:19:44 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull redis:alpine
|
2017-01-16 18:19:44 +00:00
|
|
|
fi
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
REDIS_IMAGEID=$(crictl inspecti redis:alpine | grep ^ID: | head -n 1 | sed -e "s/ID: //g")
|
|
|
|
REDIS_IMAGEREF=$(crictl inspecti redis:alpine | grep ^Digest: | head -n 1 | sed -e "s/Digest: //g")
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti mrunalp/oom
|
2017-05-23 21:48:57 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull mrunalp/oom
|
2017-05-23 21:48:57 +00:00
|
|
|
fi
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
OOM_IMAGEID=$(crictl inspecti mrunalp/oom | grep ^ID: | head -n 1 | sed -e "s/ID: //g")
|
|
|
|
run crioctl image status --id=runcom/stderr-test
|
2017-05-25 09:11:14 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull runcom/stderr-test:latest
|
2017-05-25 09:11:14 +00:00
|
|
|
fi
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
STDERR_IMAGEID=$(crictl inspecti runcom/stderr-test | grep ^ID: | head -n 1 | sed -e "s/ID: //g")
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti busybox
|
2017-05-25 09:11:14 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull busybox:latest
|
2017-05-25 09:11:14 +00:00
|
|
|
fi
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
BUSYBOX_IMAGEID=$(crictl inspecti busybox | grep ^ID: | head -n 1 | sed -e "s/ID: //g")
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti mrunalp/image-volume-test
|
2017-07-07 02:09:58 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull mrunalp/image-volume-test:latest
|
2017-07-07 02:09:58 +00:00
|
|
|
fi
|
Return image references from the storage package
The image's canonical reference is a name with a digest of the image's
manifest, so in imageService.ImageStatus() and
imageService.ListImages(), divide the image's name list into tagged and
digested values, and if we have names, add canonical versions.
In Server.ContainerStatus(), return the image name as it was given to us
as the image, and the image digested reference as the image reference.
In Server.ListImages(), be sure to only return tagged names in the
RepoTags field. In Server.ImageStatus(), also return canonical
references in the RepoDigests field.
In Server.PullImage(), be sure that we consistently return the same
image reference for an image, whether we ended up pulling it or not.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-12 16:41:38 +00:00
|
|
|
VOLUME_IMAGEID=$(crictl inspecti mrunalp/image-volume-test | grep ^ID: | head -n 1 | sed -e "s/ID: //g")
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2016-10-08 12:57:45 +00:00
|
|
|
function cleanup_ctrs() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl ps --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-08 12:57:45 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl stop "$line"
|
|
|
|
crictl rm "$line"
|
2016-10-08 12:57:45 +00:00
|
|
|
done
|
|
|
|
fi
|
|
|
|
fi
|
2017-08-12 10:29:22 +00:00
|
|
|
rm -f /run/hookscheck
|
2016-10-08 12:57:45 +00:00
|
|
|
}
|
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
function cleanup_images() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl images --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-18 14:48:33 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl rmi "$line"
|
2016-10-18 14:48:33 +00:00
|
|
|
done
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2016-09-27 08:40:33 +00:00
|
|
|
function cleanup_pods() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl sandboxes --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-08 12:24:16 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl stops "$line"
|
|
|
|
crictl rms "$line"
|
2016-10-08 12:24:16 +00:00
|
|
|
done
|
|
|
|
fi
|
2016-09-27 08:54:16 +00:00
|
|
|
fi
|
2016-09-27 08:40:33 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Stop crio.
|
|
|
|
function stop_crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
if [ "$CRIO_PID" != "" ]; then
|
|
|
|
kill "$CRIO_PID" >/dev/null 2>&1
|
|
|
|
wait "$CRIO_PID"
|
|
|
|
rm -f "$CRIO_CONFIG"
|
2016-09-27 08:54:16 +00:00
|
|
|
fi
|
2017-04-06 21:57:27 +00:00
|
|
|
|
|
|
|
cleanup_network_conf
|
2016-09-21 09:03:57 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
function restart_crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
if [ "$CRIO_PID" != "" ]; then
|
|
|
|
kill "$CRIO_PID" >/dev/null 2>&1
|
|
|
|
wait "$CRIO_PID"
|
2017-05-12 13:36:15 +00:00
|
|
|
start_crio
|
2016-12-09 10:56:25 +00:00
|
|
|
else
|
2017-05-12 13:36:15 +00:00
|
|
|
echo "you must start crio first"
|
2016-12-09 10:56:25 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2016-09-21 09:03:57 +00:00
|
|
|
function cleanup_test() {
|
|
|
|
rm -rf "$TESTDIR"
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
2016-12-01 13:15:47 +00:00
|
|
|
|
|
|
|
|
2016-12-07 11:32:50 +00:00
|
|
|
function load_apparmor_profile() {
|
|
|
|
"$APPARMOR_PARSER_BINARY" -r "$1"
|
2016-12-01 13:15:47 +00:00
|
|
|
}
|
|
|
|
|
2016-12-07 11:32:50 +00:00
|
|
|
function remove_apparmor_profile() {
|
|
|
|
"$APPARMOR_PARSER_BINARY" -R "$1"
|
2016-12-01 13:15:47 +00:00
|
|
|
}
|
2016-12-02 07:13:41 +00:00
|
|
|
|
|
|
|
function is_seccomp_enabled() {
|
2017-01-19 17:11:02 +00:00
|
|
|
if ! "$CHECKSECCOMP_BINARY" ; then
|
|
|
|
echo 0
|
|
|
|
return
|
2016-12-02 07:13:41 +00:00
|
|
|
fi
|
2017-01-19 17:11:02 +00:00
|
|
|
echo 1
|
2016-12-02 07:13:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function is_apparmor_enabled() {
|
|
|
|
if [[ -f "$APPARMOR_PARAMETERS_FILE_PATH" ]]; then
|
|
|
|
out=$(cat "$APPARMOR_PARAMETERS_FILE_PATH")
|
|
|
|
if [[ "$out" =~ "Y" ]]; then
|
|
|
|
echo 1
|
2016-12-06 11:10:32 +00:00
|
|
|
return
|
2016-12-02 07:13:41 +00:00
|
|
|
fi
|
|
|
|
fi
|
2016-12-06 11:10:32 +00:00
|
|
|
echo 0
|
2016-12-02 07:13:41 +00:00
|
|
|
}
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
function prepare_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
mkdir -p $CRIO_CNI_CONFIG
|
|
|
|
cat >$CRIO_CNI_CONFIG/10-crio.conf <<-EOF
|
2016-12-17 11:29:27 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
2017-05-12 13:36:15 +00:00
|
|
|
"name": "crionet",
|
2016-12-17 11:29:27 +00:00
|
|
|
"type": "bridge",
|
|
|
|
"bridge": "cni0",
|
|
|
|
"isGateway": true,
|
|
|
|
"ipMasq": true,
|
|
|
|
"ipam": {
|
|
|
|
"type": "host-local",
|
|
|
|
"subnet": "$1",
|
|
|
|
"routes": [
|
|
|
|
{ "dst": "0.0.0.0/0" }
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
cat >$CRIO_CNI_CONFIG/99-loopback.conf <<-EOF
|
2016-12-17 11:29:27 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
|
|
|
"type": "loopback"
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
|
|
|
|
2017-05-04 16:41:15 +00:00
|
|
|
function prepare_plugin_test_args_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
mkdir -p $CRIO_CNI_CONFIG
|
|
|
|
cat >$CRIO_CNI_CONFIG/10-plugin-test-args.conf <<-EOF
|
2017-05-04 16:41:15 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
2017-08-31 09:19:13 +00:00
|
|
|
"name": "crionet_test_args",
|
|
|
|
"type": "bridge-custom",
|
|
|
|
"bridge": "cni0",
|
|
|
|
"isGateway": true,
|
|
|
|
"ipMasq": true,
|
|
|
|
"ipam": {
|
|
|
|
"type": "host-local",
|
|
|
|
"subnet": "$1",
|
|
|
|
"routes": [
|
|
|
|
{ "dst": "0.0.0.0/0" }
|
|
|
|
]
|
|
|
|
}
|
2017-05-04 16:41:15 +00:00
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function check_pod_cidr() {
|
2017-11-15 15:24:20 +00:00
|
|
|
run crictl exec --sync $1 ip addr show dev eth0 scope global 2>&1
|
2017-04-21 11:42:59 +00:00
|
|
|
echo "$output"
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
[[ "$output" =~ $POD_CIDR_MASK ]]
|
2016-12-17 11:29:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function parse_pod_ip() {
|
2016-12-21 11:26:18 +00:00
|
|
|
for arg
|
|
|
|
do
|
|
|
|
cidr=`echo "$arg" | grep $POD_CIDR_MASK`
|
|
|
|
if [ "$cidr" == "$arg" ]
|
|
|
|
then
|
|
|
|
echo `echo "$arg" | sed "s/\/[0-9][0-9]//"`
|
|
|
|
fi
|
|
|
|
done
|
2016-12-17 11:29:27 +00:00
|
|
|
}
|
|
|
|
|
2017-06-17 00:41:54 +00:00
|
|
|
function get_host_ip() {
|
|
|
|
gateway_dev=`ip -o route show default 0.0.0.0/0 | sed 's/.*dev \([^[:space:]]*\).*/\1/'`
|
|
|
|
[ "$gateway_dev" ]
|
|
|
|
host_ip=`ip -o -4 addr show dev $gateway_dev scope global | sed 's/.*inet \([0-9.]*\).*/\1/'`
|
|
|
|
}
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function ping_pod() {
|
2017-11-15 15:24:20 +00:00
|
|
|
inet=`crictl exec --sync $1 ip addr show dev eth0 scope global 2>&1 | grep inet`
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
IFS=" "
|
|
|
|
ip=`parse_pod_ip $inet`
|
|
|
|
|
|
|
|
ping -W 1 -c 5 $ip
|
|
|
|
|
|
|
|
echo $?
|
|
|
|
}
|
|
|
|
|
2016-12-21 10:28:33 +00:00
|
|
|
function ping_pod_from_pod() {
|
2017-11-15 15:24:20 +00:00
|
|
|
inet=`crictl exec --sync $1 ip addr show dev eth0 scope global 2>&1 | grep inet`
|
2016-12-21 10:28:33 +00:00
|
|
|
|
2017-08-04 11:13:19 +00:00
|
|
|
IFS=" "
|
|
|
|
ip=`parse_pod_ip $inet`
|
2016-12-21 10:28:33 +00:00
|
|
|
|
2017-11-15 15:24:20 +00:00
|
|
|
run crictl exec --sync $2 ping -W 1 -c 2 $ip
|
2017-08-04 11:13:19 +00:00
|
|
|
echo "$output"
|
|
|
|
[ "$status" -eq 0 ]
|
2016-12-21 10:28:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function cleanup_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
rm -rf $CRIO_CNI_CONFIG
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
2016-12-21 10:28:33 +00:00
|
|
|
|
|
|
|
function temp_sandbox_conf() {
|
|
|
|
sed -e s/\"namespace\":.*/\"namespace\":\ \"$1\",/g "$TESTDATA"/sandbox_config.json > $TESTDIR/sandbox_config_$1.json
|
|
|
|
}
|