2016-09-20 10:23:34 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Root directory of integration tests.
|
|
|
|
INTEGRATION_ROOT=$(dirname "$(readlink -f "$BASH_SOURCE")")
|
|
|
|
|
|
|
|
# Test data path.
|
2016-09-27 07:14:31 +00:00
|
|
|
TESTDATA="${INTEGRATION_ROOT}/testdata"
|
2016-09-20 10:23:34 +00:00
|
|
|
|
|
|
|
# Root directory of the repository.
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO_ROOT=${CRIO_ROOT:-$(cd "$INTEGRATION_ROOT/../.."; pwd -P)}
|
2016-09-20 10:23:34 +00:00
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Path of the crio binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
CRIO_BINARY=${CRIO_BINARY:-${CRIO_ROOT}/cri-o/bin/crio}
|
2017-08-22 14:00:21 +00:00
|
|
|
# Path of the crictl binary.
|
|
|
|
CRICTL_PATH=$(command -v crictl || true)
|
|
|
|
CRICTL_BINARY=${CRICTL_PATH:-/usr/bin/crictl}
|
2016-09-20 10:23:34 +00:00
|
|
|
# Path of the conmon binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
CONMON_BINARY=${CONMON_BINARY:-${CRIO_ROOT}/cri-o/bin/conmon}
|
2016-10-02 09:11:07 +00:00
|
|
|
# Path of the pause binary.
|
2017-10-30 10:59:17 +00:00
|
|
|
PAUSE_BINARY=${PAUSE_BINARY:-${CRIO_ROOT}/cri-o/bin/pause}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Path of the default seccomp profile.
|
2017-05-15 22:05:58 +00:00
|
|
|
SECCOMP_PROFILE=${SECCOMP_PROFILE:-${CRIO_ROOT}/cri-o/seccomp.json}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Name of the default apparmor profile.
|
2017-05-12 13:36:15 +00:00
|
|
|
APPARMOR_PROFILE=${APPARMOR_PROFILE:-crio-default}
|
2017-01-25 23:58:13 +00:00
|
|
|
# Runtime
|
|
|
|
RUNTIME=${RUNTIME:-runc}
|
|
|
|
RUNTIME_PATH=$(command -v $RUNTIME || true)
|
|
|
|
RUNTIME_BINARY=${RUNTIME_PATH:-/usr/local/sbin/runc}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Path of the apparmor_parser binary.
|
|
|
|
APPARMOR_PARSER_BINARY=${APPARMOR_PARSER_BINARY:-/sbin/apparmor_parser}
|
|
|
|
# Path of the apparmor profile for test.
|
|
|
|
APPARMOR_TEST_PROFILE_PATH=${APPARMOR_TEST_PROFILE_PATH:-${TESTDATA}/apparmor_test_deny_write}
|
2017-05-12 13:36:15 +00:00
|
|
|
# Path of the apparmor profile for unloading crio-default.
|
2017-05-15 22:05:58 +00:00
|
|
|
FAKE_CRIO_DEFAULT_PROFILE_PATH=${FAKE_CRIO_DEFAULT_PROFILE_PATH:-${TESTDATA}/fake_crio_default}
|
2016-12-01 13:15:47 +00:00
|
|
|
# Name of the apparmor profile for test.
|
2016-12-02 07:13:41 +00:00
|
|
|
APPARMOR_TEST_PROFILE_NAME=${APPARMOR_TEST_PROFILE_NAME:-apparmor-test-deny-write}
|
|
|
|
# Path of boot config.
|
|
|
|
BOOT_CONFIG_FILE_PATH=${BOOT_CONFIG_FILE_PATH:-/boot/config-`uname -r`}
|
|
|
|
# Path of apparmor parameters file.
|
|
|
|
APPARMOR_PARAMETERS_FILE_PATH=${APPARMOR_PARAMETERS_FILE_PATH:-/sys/module/apparmor/parameters/enabled}
|
2016-12-16 23:34:51 +00:00
|
|
|
# Path of the bin2img binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
BIN2IMG_BINARY=${BIN2IMG_BINARY:-${CRIO_ROOT}/cri-o/test/bin2img/bin2img}
|
2017-01-10 22:57:22 +00:00
|
|
|
# Path of the copyimg binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
COPYIMG_BINARY=${COPYIMG_BINARY:-${CRIO_ROOT}/cri-o/test/copyimg/copyimg}
|
2017-01-19 17:06:34 +00:00
|
|
|
# Path of tests artifacts.
|
2017-05-15 22:05:58 +00:00
|
|
|
ARTIFACTS_PATH=${ARTIFACTS_PATH:-${CRIO_ROOT}/cri-o/.artifacts}
|
2017-01-19 17:11:02 +00:00
|
|
|
# Path of the checkseccomp binary.
|
2017-05-15 22:05:58 +00:00
|
|
|
CHECKSECCOMP_BINARY=${CHECKSECCOMP_BINARY:-${CRIO_ROOT}/cri-o/test/checkseccomp/checkseccomp}
|
2017-03-22 12:07:15 +00:00
|
|
|
# XXX: This is hardcoded inside cri-o at the moment.
|
2017-05-12 13:36:15 +00:00
|
|
|
DEFAULT_LOG_PATH=/var/log/crio/pods
|
2017-05-18 15:39:44 +00:00
|
|
|
# Cgroup manager to be used
|
|
|
|
CGROUP_MANAGER=${CGROUP_MANAGER:-cgroupfs}
|
2017-07-07 02:09:58 +00:00
|
|
|
# Image volumes handling
|
|
|
|
IMAGE_VOLUMES=${IMAGE_VOLUMES:-mkdir}
|
2017-07-10 23:43:40 +00:00
|
|
|
# Container pids limit
|
|
|
|
PIDS_LIMIT=${PIDS_LIMIT:-1024}
|
2017-09-25 22:37:55 +00:00
|
|
|
# Log size max limit
|
|
|
|
LOG_SIZE_MAX_LIMIT=${LOG_SIZE_MAX_LIMIT:--1}
|
2016-09-20 10:23:34 +00:00
|
|
|
|
2016-09-21 09:03:57 +00:00
|
|
|
TESTDIR=$(mktemp -d)
|
2017-07-18 14:45:18 +00:00
|
|
|
|
2017-08-31 13:04:02 +00:00
|
|
|
# kpod pull needs a configuration file for shortname pulls
|
|
|
|
export REGISTRIES_CONFIG_PATH="$INTEGRATION_ROOT/registries.conf"
|
|
|
|
|
2017-08-12 10:29:22 +00:00
|
|
|
# Setup default hooks dir
|
|
|
|
HOOKSDIR=$TESTDIR/hooks
|
|
|
|
mkdir ${HOOKSDIR}
|
|
|
|
HOOKS_OPTS="--hooks-dir-path=$HOOKSDIR"
|
|
|
|
|
2017-10-12 18:14:42 +00:00
|
|
|
# Setup default secrets mounts
|
|
|
|
MOUNT_PATH="$TESTDIR/secrets"
|
|
|
|
mkdir ${MOUNT_PATH}
|
|
|
|
MOUNT_FILE="${MOUNT_PATH}/test.txt"
|
|
|
|
touch ${MOUNT_FILE}
|
|
|
|
echo "Testing secrets mounts!" > ${MOUNT_FILE}
|
|
|
|
|
|
|
|
DEFAULT_MOUNTS_OPTS="--default-mounts=${MOUNT_PATH}:/container/path1"
|
2017-09-22 15:10:15 +00:00
|
|
|
|
2017-07-18 14:45:18 +00:00
|
|
|
# We may need to set some default storage options.
|
|
|
|
case "$(stat -f -c %T ${TESTDIR})" in
|
|
|
|
aufs)
|
|
|
|
# None of device mapper, overlay, or aufs can be used dependably over aufs, and of course btrfs and zfs can't,
|
|
|
|
# and we have to explicitly specify the "vfs" driver in order to use it, so do that now.
|
2017-10-24 21:54:09 +00:00
|
|
|
STORAGE_OPTIONS=${STORAGE_OPTIONS:---storage-driver vfs}
|
2017-07-18 14:45:18 +00:00
|
|
|
;;
|
|
|
|
esac
|
|
|
|
|
2016-10-17 12:48:14 +00:00
|
|
|
if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
|
2016-10-14 21:26:13 +00:00
|
|
|
. /etc/selinux/config
|
|
|
|
filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts)
|
|
|
|
chcon -R ${filelabel} $TESTDIR
|
|
|
|
fi
|
2017-05-15 22:05:58 +00:00
|
|
|
CRIO_SOCKET="$TESTDIR/crio.sock"
|
|
|
|
CRIO_CONFIG="$TESTDIR/crio.conf"
|
|
|
|
CRIO_CNI_CONFIG="$TESTDIR/cni/net.d/"
|
2017-09-26 17:34:17 +00:00
|
|
|
CRIO_CNI_PLUGIN=${CRIO_CNI_PLUGIN:-/opt/cni/bin/}
|
2016-12-17 11:29:27 +00:00
|
|
|
POD_CIDR="10.88.0.0/16"
|
|
|
|
POD_CIDR_MASK="10.88.*.*"
|
2016-09-21 09:03:57 +00:00
|
|
|
|
|
|
|
cp "$CONMON_BINARY" "$TESTDIR/conmon"
|
|
|
|
|
|
|
|
PATH=$PATH:$TESTDIR
|
2016-09-20 10:23:34 +00:00
|
|
|
|
2017-07-12 16:41:38 +00:00
|
|
|
# Make sure we have a copy of the redis:alpine image.
|
2017-01-19 17:06:34 +00:00
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/redis-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/redis-image
|
2017-05-05 12:49:02 +00:00
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://redis:alpine --export-to=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
2017-01-10 22:57:22 +00:00
|
|
|
echo "Error pulling docker://redis"
|
2017-01-19 17:06:34 +00:00
|
|
|
rm -fr "$ARTIFACTS_PATH"/redis-image
|
2017-01-10 22:57:22 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-07-12 16:41:38 +00:00
|
|
|
# TODO: remove the code below for pulling redis:alpine using a canonical reference once
|
|
|
|
# https://github.com/kubernetes-incubator/cri-o/issues/531 is complete and we can
|
|
|
|
# pull the image using a tagged reference and then subsequently find the image without
|
|
|
|
# having to explicitly record the canonical reference as one of the image's names
|
2017-05-26 13:46:08 +00:00
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/redis-image-digest ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/redis-image-digest
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b --export-to=dir:"$ARTIFACTS_PATH"/redis-image-digest --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/redis-image-digest
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-05-25 09:11:14 +00:00
|
|
|
# Make sure we have a copy of the runcom/stderr-test image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/stderr-test ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/stderr-test
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://runcom/stderr-test:latest --export-to=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://stderr-test"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/stderr-test
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-03-22 12:07:15 +00:00
|
|
|
# Make sure we have a copy of the busybox:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/busybox-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/busybox-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://busybox --export-to=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://busybox"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/busybox-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-05-23 21:48:57 +00:00
|
|
|
# Make sure we have a copy of the mrunalp/oom:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/oom-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/oom-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/oom --export-to=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://mrunalp/oom"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/oom-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2017-07-07 02:09:58 +00:00
|
|
|
# Make sure we have a copy of the mrunalp/image-volume-test:latest image.
|
|
|
|
if ! [ -d "$ARTIFACTS_PATH"/image-volume-test-image ]; then
|
|
|
|
mkdir -p "$ARTIFACTS_PATH"/image-volume-test-image
|
|
|
|
if ! "$COPYIMG_BINARY" --import-from=docker://mrunalp/image-volume-test --export-to=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json ; then
|
|
|
|
echo "Error pulling docker://mrunalp/image-volume-test-image"
|
|
|
|
rm -fr "$ARTIFACTS_PATH"/image-volume-test-image
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
2017-05-15 22:05:58 +00:00
|
|
|
# Run crio using the binary specified by $CRIO_BINARY.
|
2017-05-12 13:36:15 +00:00
|
|
|
# This must ONLY be run on engines created with `start_crio`.
|
|
|
|
function crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
"$CRIO_BINARY" --listen "$CRIO_SOCKET" "$@"
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2017-08-22 14:00:21 +00:00
|
|
|
# DEPRECATED
|
2017-10-30 10:59:17 +00:00
|
|
|
OCIC_BINARY=${OCIC_BINARY:-${CRIO_ROOT}/cri-o/bin/crioctl}
|
2017-05-12 13:36:15 +00:00
|
|
|
# Run crioctl using the binary specified by $OCIC_BINARY.
|
|
|
|
function crioctl() {
|
2017-05-15 22:05:58 +00:00
|
|
|
"$OCIC_BINARY" --connect "$CRIO_SOCKET" "$@"
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2017-08-22 14:00:21 +00:00
|
|
|
# Run crictl using the binary specified by $CRICTL_BINARY.
|
|
|
|
function crictl() {
|
|
|
|
"$CRICTL_BINARY" -r "$CRIO_SOCKET" -i "$CRIO_SOCKET" "$@"
|
|
|
|
}
|
|
|
|
|
2016-09-20 10:23:34 +00:00
|
|
|
# Communicate with Docker on the host machine.
|
|
|
|
# Should rarely use this.
|
|
|
|
function docker_host() {
|
|
|
|
command docker "$@"
|
|
|
|
}
|
|
|
|
|
|
|
|
# Retry a command $1 times until it succeeds. Wait $2 seconds between retries.
|
|
|
|
function retry() {
|
|
|
|
local attempts=$1
|
|
|
|
shift
|
|
|
|
local delay=$1
|
|
|
|
shift
|
|
|
|
local i
|
|
|
|
|
|
|
|
for ((i=0; i < attempts; i++)); do
|
|
|
|
run "$@"
|
|
|
|
if [[ "$status" -eq 0 ]] ; then
|
|
|
|
return 0
|
|
|
|
fi
|
|
|
|
sleep $delay
|
|
|
|
done
|
|
|
|
|
|
|
|
echo "Command \"$@\" failed $attempts times. Output: $output"
|
|
|
|
false
|
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Waits until the given crio becomes reachable.
|
2016-09-20 10:23:34 +00:00
|
|
|
function wait_until_reachable() {
|
2017-08-22 14:00:21 +00:00
|
|
|
retry 15 1 crictl status
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Start crio.
|
|
|
|
function start_crio() {
|
2016-12-02 07:13:41 +00:00
|
|
|
if [[ -n "$1" ]]; then
|
|
|
|
seccomp="$1"
|
|
|
|
else
|
|
|
|
seccomp="$SECCOMP_PROFILE"
|
|
|
|
fi
|
2016-11-23 09:41:48 +00:00
|
|
|
|
2016-12-02 07:13:41 +00:00
|
|
|
if [[ -n "$2" ]]; then
|
|
|
|
apparmor="$2"
|
|
|
|
else
|
|
|
|
apparmor="$APPARMOR_PROFILE"
|
|
|
|
fi
|
2016-12-01 13:15:47 +00:00
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Don't forget: bin2img, copyimg, and crio have their own default drivers, so if you override any, you probably need to override them all
|
2016-12-16 23:34:51 +00:00
|
|
|
if ! [ "$3" = "--no-pause-image" ] ; then
|
2017-10-24 21:54:09 +00:00
|
|
|
"$BIN2IMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --source-binary "$PAUSE_BINARY"
|
2016-12-16 23:34:51 +00:00
|
|
|
fi
|
2017-10-30 21:18:42 +00:00
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/redis:alpine --import-from=dir:"$ARTIFACTS_PATH"/redis-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
2017-07-12 16:41:38 +00:00
|
|
|
# TODO: remove the code below for copying redis:alpine in using a canonical reference once
|
|
|
|
# https://github.com/kubernetes-incubator/cri-o/issues/531 is complete and we can
|
|
|
|
# copy the image using a tagged reference and then subsequently find the image without
|
|
|
|
# having to explicitly record the canonical reference as one of the image's names
|
2017-10-30 21:18:42 +00:00
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b --import-from=dir:"$ARTIFACTS_PATH"/redis-image-digest --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=mrunalp/oom --import-from=dir:"$ARTIFACTS_PATH"/oom-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/mrunalp/image-volume-test --import-from=dir:"$ARTIFACTS_PATH"/image-volume-test-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/busybox:latest --import-from=dir:"$ARTIFACTS_PATH"/busybox-image --signature-policy="$INTEGRATION_ROOT"/policy.json
|
|
|
|
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTIONS --runroot "$TESTDIR/crio-run" --image-name=docker.io/library/runcom/stderr-test:latest --import-from=dir:"$ARTIFACTS_PATH"/stderr-test --signature-policy="$INTEGRATION_ROOT"/policy.json
|
2017-10-24 21:54:09 +00:00
|
|
|
"$CRIO_BINARY" ${DEFAULT_MOUNTS_OPTS} ${HOOKS_OPTS} --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --cgroup-manager "$CGROUP_MANAGER" --registry "docker.io" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTIONS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --cni-plugin-dir "$CRIO_CNI_PLUGIN" --signature-policy "$INTEGRATION_ROOT"/policy.json --image-volumes "$IMAGE_VOLUMES" --pids-limit "$PIDS_LIMIT" --log-size-max "$LOG_SIZE_MAX_LIMIT" --config /dev/null config >$CRIO_CONFIG
|
2017-04-06 21:57:27 +00:00
|
|
|
|
|
|
|
# Prepare the CNI configuration files, we're running with non host networking by default
|
2017-05-04 16:41:15 +00:00
|
|
|
if [[ -n "$4" ]]; then
|
|
|
|
netfunc="$4"
|
|
|
|
else
|
|
|
|
netfunc="prepare_network_conf"
|
|
|
|
fi
|
|
|
|
${netfunc} $POD_CIDR
|
2017-04-06 21:57:27 +00:00
|
|
|
|
2017-09-27 09:33:03 +00:00
|
|
|
"$CRIO_BINARY" --log-level debug --config "$CRIO_CONFIG" & CRIO_PID=$!
|
2016-09-20 10:23:34 +00:00
|
|
|
wait_until_reachable
|
2017-01-16 18:19:44 +00:00
|
|
|
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti redis:alpine
|
2017-01-16 18:19:44 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull redis:alpine
|
2017-01-16 18:19:44 +00:00
|
|
|
fi
|
2017-08-27 08:54:36 +00:00
|
|
|
REDIS_IMAGEID=$(crictl inspecti redis:alpine | head -1 | sed -e "s/ID: //g")
|
2017-07-12 16:41:38 +00:00
|
|
|
run crictl inspecti redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b
|
|
|
|
if [ "$status" -ne 0 ] ; then
|
|
|
|
crictl pull redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b
|
|
|
|
fi
|
|
|
|
REDIS_IMAGEID_DIGESTED=$(crictl inspecti redis@sha256:03789f402b2ecfb98184bf128d180f398f81c63364948ff1454583b02442f73b | head -1 | sed -e "s/ID: //g")
|
2017-08-27 08:54:36 +00:00
|
|
|
run crictl inspecti mrunalp/oom
|
2017-05-23 21:48:57 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull mrunalp/oom
|
2017-05-23 21:48:57 +00:00
|
|
|
fi
|
2017-07-12 16:41:38 +00:00
|
|
|
OOM_IMAGEID=$(crictl inspecti mrunalp/oom | head -1 | sed -e "s/ID: //g")
|
|
|
|
run crioctl image status --id=runcom/stderr-test
|
2017-05-25 09:11:14 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull runcom/stderr-test:latest
|
2017-05-25 09:11:14 +00:00
|
|
|
fi
|
2017-08-27 08:54:36 +00:00
|
|
|
STDERR_IMAGEID=$(crictl inspecti runcom/stderr-test | head -1 | sed -e "s/ID: //g")
|
|
|
|
run crictl inspecti busybox
|
2017-05-25 09:11:14 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull busybox:latest
|
2017-05-25 09:11:14 +00:00
|
|
|
fi
|
2017-08-27 08:54:36 +00:00
|
|
|
BUSYBOX_IMAGEID=$(crictl inspecti busybox | head -1 | sed -e "s/ID: //g")
|
|
|
|
run crictl inspecti mrunalp/image-volume-test
|
2017-07-07 02:09:58 +00:00
|
|
|
if [ "$status" -ne 0 ] ; then
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl pull mrunalp/image-volume-test:latest
|
2017-07-07 02:09:58 +00:00
|
|
|
fi
|
2017-08-27 08:54:36 +00:00
|
|
|
VOLUME_IMAGEID=$(crictl inspecti mrunalp/image-volume-test | head -1 | sed -e "s/ID: //g")
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
|
|
|
|
2016-10-08 12:57:45 +00:00
|
|
|
function cleanup_ctrs() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl ps --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-08 12:57:45 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl stop "$line"
|
|
|
|
crictl rm "$line"
|
2016-10-08 12:57:45 +00:00
|
|
|
done
|
|
|
|
fi
|
|
|
|
fi
|
2017-08-12 10:29:22 +00:00
|
|
|
rm -f /run/hookscheck
|
2016-10-08 12:57:45 +00:00
|
|
|
}
|
|
|
|
|
2016-10-18 14:48:33 +00:00
|
|
|
function cleanup_images() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl images --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-18 14:48:33 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl rmi "$line"
|
2016-10-18 14:48:33 +00:00
|
|
|
done
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2016-09-27 08:40:33 +00:00
|
|
|
function cleanup_pods() {
|
2017-11-01 21:02:51 +00:00
|
|
|
output=$(crictl sandboxes --quiet)
|
|
|
|
if [ $? -eq 0 ]; then
|
2016-10-08 12:24:16 +00:00
|
|
|
if [ "$output" != "" ]; then
|
|
|
|
printf '%s\n' "$output" | while IFS= read -r line
|
|
|
|
do
|
2017-08-27 08:54:36 +00:00
|
|
|
crictl stops "$line"
|
|
|
|
crictl rms "$line"
|
2016-10-08 12:24:16 +00:00
|
|
|
done
|
|
|
|
fi
|
2016-09-27 08:54:16 +00:00
|
|
|
fi
|
2016-09-27 08:40:33 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
# Stop crio.
|
|
|
|
function stop_crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
if [ "$CRIO_PID" != "" ]; then
|
|
|
|
kill "$CRIO_PID" >/dev/null 2>&1
|
|
|
|
wait "$CRIO_PID"
|
|
|
|
rm -f "$CRIO_CONFIG"
|
2016-09-27 08:54:16 +00:00
|
|
|
fi
|
2017-04-06 21:57:27 +00:00
|
|
|
|
|
|
|
cleanup_network_conf
|
2016-09-21 09:03:57 +00:00
|
|
|
}
|
|
|
|
|
2017-05-12 13:36:15 +00:00
|
|
|
function restart_crio() {
|
2017-05-15 22:05:58 +00:00
|
|
|
if [ "$CRIO_PID" != "" ]; then
|
|
|
|
kill "$CRIO_PID" >/dev/null 2>&1
|
|
|
|
wait "$CRIO_PID"
|
2017-05-12 13:36:15 +00:00
|
|
|
start_crio
|
2016-12-09 10:56:25 +00:00
|
|
|
else
|
2017-05-12 13:36:15 +00:00
|
|
|
echo "you must start crio first"
|
2016-12-09 10:56:25 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2016-09-21 09:03:57 +00:00
|
|
|
function cleanup_test() {
|
|
|
|
rm -rf "$TESTDIR"
|
2016-09-20 10:23:34 +00:00
|
|
|
}
|
2016-12-01 13:15:47 +00:00
|
|
|
|
|
|
|
|
2016-12-07 11:32:50 +00:00
|
|
|
function load_apparmor_profile() {
|
|
|
|
"$APPARMOR_PARSER_BINARY" -r "$1"
|
2016-12-01 13:15:47 +00:00
|
|
|
}
|
|
|
|
|
2016-12-07 11:32:50 +00:00
|
|
|
function remove_apparmor_profile() {
|
|
|
|
"$APPARMOR_PARSER_BINARY" -R "$1"
|
2016-12-01 13:15:47 +00:00
|
|
|
}
|
2016-12-02 07:13:41 +00:00
|
|
|
|
|
|
|
function is_seccomp_enabled() {
|
2017-01-19 17:11:02 +00:00
|
|
|
if ! "$CHECKSECCOMP_BINARY" ; then
|
|
|
|
echo 0
|
|
|
|
return
|
2016-12-02 07:13:41 +00:00
|
|
|
fi
|
2017-01-19 17:11:02 +00:00
|
|
|
echo 1
|
2016-12-02 07:13:41 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function is_apparmor_enabled() {
|
|
|
|
if [[ -f "$APPARMOR_PARAMETERS_FILE_PATH" ]]; then
|
|
|
|
out=$(cat "$APPARMOR_PARAMETERS_FILE_PATH")
|
|
|
|
if [[ "$out" =~ "Y" ]]; then
|
|
|
|
echo 1
|
2016-12-06 11:10:32 +00:00
|
|
|
return
|
2016-12-02 07:13:41 +00:00
|
|
|
fi
|
|
|
|
fi
|
2016-12-06 11:10:32 +00:00
|
|
|
echo 0
|
2016-12-02 07:13:41 +00:00
|
|
|
}
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
function prepare_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
mkdir -p $CRIO_CNI_CONFIG
|
|
|
|
cat >$CRIO_CNI_CONFIG/10-crio.conf <<-EOF
|
2016-12-17 11:29:27 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
2017-05-12 13:36:15 +00:00
|
|
|
"name": "crionet",
|
2016-12-17 11:29:27 +00:00
|
|
|
"type": "bridge",
|
|
|
|
"bridge": "cni0",
|
|
|
|
"isGateway": true,
|
|
|
|
"ipMasq": true,
|
|
|
|
"ipam": {
|
|
|
|
"type": "host-local",
|
|
|
|
"subnet": "$1",
|
|
|
|
"routes": [
|
|
|
|
{ "dst": "0.0.0.0/0" }
|
|
|
|
]
|
|
|
|
}
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
2017-05-15 22:05:58 +00:00
|
|
|
cat >$CRIO_CNI_CONFIG/99-loopback.conf <<-EOF
|
2016-12-17 11:29:27 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
|
|
|
"type": "loopback"
|
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
|
|
|
|
2017-05-04 16:41:15 +00:00
|
|
|
function prepare_plugin_test_args_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
mkdir -p $CRIO_CNI_CONFIG
|
|
|
|
cat >$CRIO_CNI_CONFIG/10-plugin-test-args.conf <<-EOF
|
2017-05-04 16:41:15 +00:00
|
|
|
{
|
|
|
|
"cniVersion": "0.2.0",
|
2017-08-31 09:19:13 +00:00
|
|
|
"name": "crionet_test_args",
|
|
|
|
"type": "bridge-custom",
|
|
|
|
"bridge": "cni0",
|
|
|
|
"isGateway": true,
|
|
|
|
"ipMasq": true,
|
|
|
|
"ipam": {
|
|
|
|
"type": "host-local",
|
|
|
|
"subnet": "$1",
|
|
|
|
"routes": [
|
|
|
|
{ "dst": "0.0.0.0/0" }
|
|
|
|
]
|
|
|
|
}
|
2017-05-04 16:41:15 +00:00
|
|
|
}
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function check_pod_cidr() {
|
2017-08-04 11:13:19 +00:00
|
|
|
run crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1
|
2017-04-21 11:42:59 +00:00
|
|
|
echo "$output"
|
|
|
|
[ "$status" -eq 0 ]
|
|
|
|
[[ "$output" =~ $POD_CIDR_MASK ]]
|
2016-12-17 11:29:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function parse_pod_ip() {
|
2016-12-21 11:26:18 +00:00
|
|
|
for arg
|
|
|
|
do
|
|
|
|
cidr=`echo "$arg" | grep $POD_CIDR_MASK`
|
|
|
|
if [ "$cidr" == "$arg" ]
|
|
|
|
then
|
|
|
|
echo `echo "$arg" | sed "s/\/[0-9][0-9]//"`
|
|
|
|
fi
|
|
|
|
done
|
2016-12-17 11:29:27 +00:00
|
|
|
}
|
|
|
|
|
2017-06-17 00:41:54 +00:00
|
|
|
function get_host_ip() {
|
|
|
|
gateway_dev=`ip -o route show default 0.0.0.0/0 | sed 's/.*dev \([^[:space:]]*\).*/\1/'`
|
|
|
|
[ "$gateway_dev" ]
|
|
|
|
host_ip=`ip -o -4 addr show dev $gateway_dev scope global | sed 's/.*inet \([0-9.]*\).*/\1/'`
|
|
|
|
}
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function ping_pod() {
|
2017-08-04 11:13:19 +00:00
|
|
|
inet=`crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 | grep inet`
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
IFS=" "
|
|
|
|
ip=`parse_pod_ip $inet`
|
|
|
|
|
|
|
|
ping -W 1 -c 5 $ip
|
|
|
|
|
|
|
|
echo $?
|
|
|
|
}
|
|
|
|
|
2016-12-21 10:28:33 +00:00
|
|
|
function ping_pod_from_pod() {
|
2017-08-04 11:13:19 +00:00
|
|
|
inet=`crioctl ctr execsync --id $1 ip addr show dev eth0 scope global 2>&1 | grep inet`
|
2016-12-21 10:28:33 +00:00
|
|
|
|
2017-08-04 11:13:19 +00:00
|
|
|
IFS=" "
|
|
|
|
ip=`parse_pod_ip $inet`
|
2016-12-21 10:28:33 +00:00
|
|
|
|
2017-08-04 11:13:19 +00:00
|
|
|
run crioctl ctr execsync --id $2 ping -W 1 -c 2 $ip
|
|
|
|
echo "$output"
|
|
|
|
[ "$status" -eq 0 ]
|
2016-12-21 10:28:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-17 11:29:27 +00:00
|
|
|
function cleanup_network_conf() {
|
2017-05-15 22:05:58 +00:00
|
|
|
rm -rf $CRIO_CNI_CONFIG
|
2016-12-17 11:29:27 +00:00
|
|
|
|
|
|
|
echo 0
|
|
|
|
}
|
2016-12-21 10:28:33 +00:00
|
|
|
|
|
|
|
function temp_sandbox_conf() {
|
|
|
|
sed -e s/\"namespace\":.*/\"namespace\":\ \"$1\",/g "$TESTDATA"/sandbox_config.json > $TESTDIR/sandbox_config_$1.json
|
|
|
|
}
|