Merge pull request from runcom/test-cgroup-manager

Test systemd cgroup manager
This commit is contained in:
Antonio Murdaca 2017-05-19 11:49:59 +02:00 committed by GitHub
commit a19d60654e
7 changed files with 50 additions and 9 deletions

View file

@ -215,7 +215,7 @@
args:
chdir: /root/src/github.com/kubernetes-incubator/cri-o/
- name: run integration tests RHEL
shell: 'STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration > testout.txt'
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration > testout.txt'
args:
chdir: /root/src/github.com/kubernetes-incubator/cri-o
async: 3600
@ -223,7 +223,7 @@
ignore_errors: yes
when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS'
- name: run integration tests RHEL with xunit results
shell: 'STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration'
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration'
args:
chdir: /root/src/github.com/kubernetes-incubator/cri-o
async: 3600
@ -231,7 +231,7 @@
ignore_errors: yes
when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and xunit
- name: run integration tests Fedora
shell: 'STORAGE_OPTS="--storage-driver=overlay2" make localintegration > testout.txt'
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2" make localintegration > testout.txt'
args:
chdir: /root/src/github.com/kubernetes-incubator/cri-o
async: 3600
@ -239,7 +239,7 @@
ignore_errors: yes
when: ansible_distribution == 'Fedora'
- name: run integration tests Fedora with xunit results
shell: 'STORAGE_OPTS="--storage-driver=overlay2" make localintegration'
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2" make localintegration'
args:
chdir: /root/src/github.com/kubernetes-incubator/cri-o
async: 3600

View file

@ -47,6 +47,8 @@ ARTIFACTS_PATH=${ARTIFACTS_PATH:-${CRIO_ROOT}/cri-o/.artifacts}
CHECKSECCOMP_BINARY=${CHECKSECCOMP_BINARY:-${CRIO_ROOT}/cri-o/test/checkseccomp/checkseccomp}
# XXX: This is hardcoded inside cri-o at the moment.
DEFAULT_LOG_PATH=/var/log/crio/pods
# Cgroup manager to be used
CGROUP_MANAGER=${CGROUP_MANAGER:-cgroupfs}
TESTDIR=$(mktemp -d)
if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
@ -146,7 +148,7 @@ function start_crio() {
"$BIN2IMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTS --runroot "$TESTDIR/crio-run" --source-binary "$PAUSE_BINARY"
fi
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTS --runroot "$TESTDIR/crio-run" --image-name=redis:alpine --import-from=dir:"$ARTIFACTS_PATH"/redis-image --add-name=docker://docker.io/library/redis:alpine --signature-policy="$INTEGRATION_ROOT"/policy.json
"$CRIO_BINARY" --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$CRIO_CONFIG
"$CRIO_BINARY" --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --cgroup-manager "$CGROUP_MANAGER" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$CRIO_CONFIG
# Prepare the CNI configuration files, we're running with non host networking by default
if [[ -n "$4" ]]; then

View file

@ -287,3 +287,42 @@ function teardown() {
cleanup_pods
stop_crio
}
@test "invalid systemd cgroup_parent fail" {
if [[ "$CGROUP_MANAGER" != "systemd" ]]; then
skip "need systemd cgroup manager"
fi
wrong_cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "podsandbox1.slice:container:infra"; json.dump(obj, sys.stdout)')
echo "$wrong_cgroup_parent_config" > "$TESTDIR"/sandbox_wrong_cgroup_parent.json
start_crio
run crioctl pod run --config "$TESTDIR"/sandbox_wrong_cgroup_parent.json
echo "$output"
[ "$status" -eq 1 ]
stop_crio
}
@test "systemd cgroup_parent correctly set" {
if [[ "$CGROUP_MANAGER" != "systemd" ]]; then
skip "need systemd cgroup manager"
fi
cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "/Burstable/pod_integration_tests-123"; json.dump(obj, sys.stdout)')
echo "$cgroup_parent_config" > "$TESTDIR"/sandbox_systemd_cgroup_parent.json
start_crio
run crioctl pod run --config "$TESTDIR"/sandbox_systemd_cgroup_parent.json
echo "$output"
[ "$status" -eq 0 ]
pod_id="$output"
run systemctl list-units --type=slice
echo "$output"
[ "$status" -eq 0 ]
[[ "$output" =~ "Burstable-pod_integration_tests_123.slice" ]]
cleanup_pods
stop_crio
}

View file

@ -11,7 +11,7 @@ function teardown() {
@test "ctr seccomp profiles unconfined" {
# this test requires seccomp, so skip this test if seccomp is not enabled.
enabled=$(is_seccomp_enabled)
if [[ "$enabled" -eq 0 ]]; then
if [[ "$enabled" -eq 0 ]]; then
skip "skip this test since seccomp is not enabled."
fi

View file

@ -52,7 +52,7 @@
"security.alpha.kubernetes.io/seccomp/pod": "unconfined"
},
"linux": {
"cgroup_parent": "/crio-podsandbox1",
"cgroup_parent": "/Burstable/pod_123-456",
"security_context": {
"namespace_options": {
"host_network": false,

View file

@ -51,7 +51,7 @@
"security.alpha.kubernetes.io/seccomp/pod": "unconfined"
},
"linux": {
"cgroup_parent": "/crio-podsandbox1",
"cgroup_parent": "/Burstable/pod_123-456",
"security_context": {
"namespace_options": {
"host_network": true,

View file

@ -50,7 +50,7 @@
%VALUE%
},
"linux": {
"cgroup_parent": "podsandbox1.slice:container:infra",
"cgroup_parent": "/Burstable/pod_123-456",
"security_context": {
"namespace_options": {
"host_network": false,