Merge pull request #526 from runcom/test-cgroup-manager
Test systemd cgroup manager
This commit is contained in:
commit
a19d60654e
7 changed files with 50 additions and 9 deletions
|
@ -215,7 +215,7 @@
|
|||
args:
|
||||
chdir: /root/src/github.com/kubernetes-incubator/cri-o/
|
||||
- name: run integration tests RHEL
|
||||
shell: 'STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration > testout.txt'
|
||||
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration > testout.txt'
|
||||
args:
|
||||
chdir: /root/src/github.com/kubernetes-incubator/cri-o
|
||||
async: 3600
|
||||
|
@ -223,7 +223,7 @@
|
|||
ignore_errors: yes
|
||||
when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS'
|
||||
- name: run integration tests RHEL with xunit results
|
||||
shell: 'STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration'
|
||||
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration'
|
||||
args:
|
||||
chdir: /root/src/github.com/kubernetes-incubator/cri-o
|
||||
async: 3600
|
||||
|
@ -231,7 +231,7 @@
|
|||
ignore_errors: yes
|
||||
when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and xunit
|
||||
- name: run integration tests Fedora
|
||||
shell: 'STORAGE_OPTS="--storage-driver=overlay2" make localintegration > testout.txt'
|
||||
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2" make localintegration > testout.txt'
|
||||
args:
|
||||
chdir: /root/src/github.com/kubernetes-incubator/cri-o
|
||||
async: 3600
|
||||
|
@ -239,7 +239,7 @@
|
|||
ignore_errors: yes
|
||||
when: ansible_distribution == 'Fedora'
|
||||
- name: run integration tests Fedora with xunit results
|
||||
shell: 'STORAGE_OPTS="--storage-driver=overlay2" make localintegration'
|
||||
shell: 'CGROUP_MANAGER=systemd STORAGE_OPTS="--storage-driver=overlay2" make localintegration'
|
||||
args:
|
||||
chdir: /root/src/github.com/kubernetes-incubator/cri-o
|
||||
async: 3600
|
||||
|
|
|
@ -47,6 +47,8 @@ ARTIFACTS_PATH=${ARTIFACTS_PATH:-${CRIO_ROOT}/cri-o/.artifacts}
|
|||
CHECKSECCOMP_BINARY=${CHECKSECCOMP_BINARY:-${CRIO_ROOT}/cri-o/test/checkseccomp/checkseccomp}
|
||||
# XXX: This is hardcoded inside cri-o at the moment.
|
||||
DEFAULT_LOG_PATH=/var/log/crio/pods
|
||||
# Cgroup manager to be used
|
||||
CGROUP_MANAGER=${CGROUP_MANAGER:-cgroupfs}
|
||||
|
||||
TESTDIR=$(mktemp -d)
|
||||
if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
|
||||
|
@ -146,7 +148,7 @@ function start_crio() {
|
|||
"$BIN2IMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTS --runroot "$TESTDIR/crio-run" --source-binary "$PAUSE_BINARY"
|
||||
fi
|
||||
"$COPYIMG_BINARY" --root "$TESTDIR/crio" $STORAGE_OPTS --runroot "$TESTDIR/crio-run" --image-name=redis:alpine --import-from=dir:"$ARTIFACTS_PATH"/redis-image --add-name=docker://docker.io/library/redis:alpine --signature-policy="$INTEGRATION_ROOT"/policy.json
|
||||
"$CRIO_BINARY" --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$CRIO_CONFIG
|
||||
"$CRIO_BINARY" --conmon "$CONMON_BINARY" --listen "$CRIO_SOCKET" --cgroup-manager "$CGROUP_MANAGER" --runtime "$RUNTIME_BINARY" --root "$TESTDIR/crio" --runroot "$TESTDIR/crio-run" $STORAGE_OPTS --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$CRIO_CNI_CONFIG" --signature-policy "$INTEGRATION_ROOT"/policy.json --config /dev/null config >$CRIO_CONFIG
|
||||
|
||||
# Prepare the CNI configuration files, we're running with non host networking by default
|
||||
if [[ -n "$4" ]]; then
|
||||
|
|
|
@ -287,3 +287,42 @@ function teardown() {
|
|||
cleanup_pods
|
||||
stop_crio
|
||||
}
|
||||
|
||||
@test "invalid systemd cgroup_parent fail" {
|
||||
if [[ "$CGROUP_MANAGER" != "systemd" ]]; then
|
||||
skip "need systemd cgroup manager"
|
||||
fi
|
||||
|
||||
wrong_cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "podsandbox1.slice:container:infra"; json.dump(obj, sys.stdout)')
|
||||
echo "$wrong_cgroup_parent_config" > "$TESTDIR"/sandbox_wrong_cgroup_parent.json
|
||||
|
||||
start_crio
|
||||
run crioctl pod run --config "$TESTDIR"/sandbox_wrong_cgroup_parent.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 1 ]
|
||||
|
||||
stop_crio
|
||||
}
|
||||
|
||||
@test "systemd cgroup_parent correctly set" {
|
||||
if [[ "$CGROUP_MANAGER" != "systemd" ]]; then
|
||||
skip "need systemd cgroup manager"
|
||||
fi
|
||||
|
||||
cgroup_parent_config=$(cat "$TESTDATA"/sandbox_config.json | python -c 'import json,sys;obj=json.load(sys.stdin);obj["linux"]["cgroup_parent"] = "/Burstable/pod_integration_tests-123"; json.dump(obj, sys.stdout)')
|
||||
echo "$cgroup_parent_config" > "$TESTDIR"/sandbox_systemd_cgroup_parent.json
|
||||
|
||||
start_crio
|
||||
run crioctl pod run --config "$TESTDIR"/sandbox_systemd_cgroup_parent.json
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
pod_id="$output"
|
||||
|
||||
run systemctl list-units --type=slice
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
[[ "$output" =~ "Burstable-pod_integration_tests_123.slice" ]]
|
||||
|
||||
cleanup_pods
|
||||
stop_crio
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@ function teardown() {
|
|||
@test "ctr seccomp profiles unconfined" {
|
||||
# this test requires seccomp, so skip this test if seccomp is not enabled.
|
||||
enabled=$(is_seccomp_enabled)
|
||||
if [[ "$enabled" -eq 0 ]]; then
|
||||
if [[ "$enabled" -eq 0 ]]; then
|
||||
skip "skip this test since seccomp is not enabled."
|
||||
fi
|
||||
|
||||
|
|
2
test/testdata/sandbox_config.json
vendored
2
test/testdata/sandbox_config.json
vendored
|
@ -52,7 +52,7 @@
|
|||
"security.alpha.kubernetes.io/seccomp/pod": "unconfined"
|
||||
},
|
||||
"linux": {
|
||||
"cgroup_parent": "/crio-podsandbox1",
|
||||
"cgroup_parent": "/Burstable/pod_123-456",
|
||||
"security_context": {
|
||||
"namespace_options": {
|
||||
"host_network": false,
|
||||
|
|
2
test/testdata/sandbox_config_hostnet.json
vendored
2
test/testdata/sandbox_config_hostnet.json
vendored
|
@ -51,7 +51,7 @@
|
|||
"security.alpha.kubernetes.io/seccomp/pod": "unconfined"
|
||||
},
|
||||
"linux": {
|
||||
"cgroup_parent": "/crio-podsandbox1",
|
||||
"cgroup_parent": "/Burstable/pod_123-456",
|
||||
"security_context": {
|
||||
"namespace_options": {
|
||||
"host_network": true,
|
||||
|
|
2
test/testdata/sandbox_config_seccomp.json
vendored
2
test/testdata/sandbox_config_seccomp.json
vendored
|
@ -50,7 +50,7 @@
|
|||
%VALUE%
|
||||
},
|
||||
"linux": {
|
||||
"cgroup_parent": "podsandbox1.slice:container:infra",
|
||||
"cgroup_parent": "/Burstable/pod_123-456",
|
||||
"security_context": {
|
||||
"namespace_options": {
|
||||
"host_network": false,
|
||||
|
|
Loading…
Reference in a new issue