Merge pull request #285 from sameo/topic/network-bats

Add Initial networking BATs
2016-12-20 16:49:04 +01:00 · 2016-12-20 16:49:04 +01:00 · ac7943c707
commit ac7943c707
parent 4cfbdb261e b97a57c006
8 changed files with 196 additions and 2 deletions
--- a/cmd/server/config.go
+++ b/cmd/server/config.go
@ -17,6 +17,8 @@ const (
 	seccompProfilePath  = "/etc/ocid/seccomp.json"
 	apparmorProfileName = "ocid-default"
 	cgroupManager       = "cgroupfs"
+	cniConfigDir        = "/etc/cni/net.d/"
+	cniBinDir           = "/opt/cni/bin/"
 )

 var commentedConfigTemplate = template.Must(template.New("config").Parse(`
@ -81,6 +83,17 @@ cgroup_manager = "{{ .CgroupManager }}"
 # pause is the path to the statically linked pause container binary, used
 # as the entrypoint for infra containers.
 pause = "{{ .Pause }}"
+
+# The "ocid.network" table contains settings pertaining to the
+# management of CNI plugins.
+[ocid.network]
+
+# network_dir is is where CNI network configuration
+# files are stored.
+network_dir = "{{ .NetworkDir }}"
+
+# plugin_dir is is where CNI plugin binaries are stored.
+plugin_dir = "{{ .PluginDir }}"
 `))

 // TODO: Currently ImageDir isn't really used, so we haven't added it to this
@ -113,6 +126,10 @@ func DefaultConfig() *server.Config {
 			Pause:    pausePath,
 			ImageDir: filepath.Join(ocidRoot, "store"),
 		},
+		NetworkConfig: server.NetworkConfig{
+			NetworkDir: cniConfigDir,
+			PluginDir:  cniBinDir,
+		},
 	}
 }

--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@ -66,6 +66,12 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("cgroup-manager") {
 		config.CgroupManager = ctx.GlobalString("cgroup-manager")
 	}
+	if ctx.GlobalIsSet("cni-config-dir") {
+		config.NetworkDir = ctx.GlobalString("cni-config-dir")
+	}
+	if ctx.GlobalIsSet("cni-plugin-dir") {
+		config.PluginDir = ctx.GlobalString("cni-plugin-dir")
+	}
 	return nil
 }

@ -157,6 +163,14 @@ func main() {
 			Name:  "cgroup-manager",
 			Usage: "cgroup manager (cgroupfs or systemd)",
 		},
+		cli.StringFlag{
+			Name:  "cni-config-dir",
+			Usage: "CNI configuration files directory",
+		},
+		cli.StringFlag{
+			Name:  "cni-plugin-dir",
+			Usage: "CNI plugin binaries directory",
+		},
 	}

 	// remove once https://github.com/urfave/cli/pull/544 lands
--- a/docs/ocid.8.md
+++ b/docs/ocid.8.md
@ -21,6 +21,8 @@ ocid - Enable OCI Kubernetes Container Runtime daemon
 [**--selinux**]
 [**--seccomp-profile**=[*value*]]
 [**--apparmor-profile**=[*value*]]
+[**---cni-config-dir**=[*value*]]
+[**---cni-plugin-dir**=[*value*]]
 [**--version**|**-v**]

 # DESCRIPTION
@ -86,6 +88,12 @@ ocid is meant to provide an integration path between OCI conformant runtimes and
 **--apparmor_profile**=""
  Name of the apparmor profile to be used as the runtime's default (default: "ocid-default")

+**--cni-config-dir**=""
+  CNI configuration files directory (defautl: "/etc/cni/net.d/")
+
+**--cni-plugin-dir**=""
+  CNI plugin binaries directory (defautl: "/opt/cni/bin/")
+
 **--version, -v**
  Print the version

--- a/docs/ocid.conf.5.md
+++ b/docs/ocid.conf.5.md
@ -69,6 +69,14 @@ The `ocid` table supports the following options:
 **pause**=""
  Path to the pause executable (default: "/usr/libexec/ocid/pause")

+## OCID.NETWORK TABLE
+
+**network_dir**=""
+  Path to CNI configuration files (default: "/etc/cni/net.d/")
+
+**plugin_dir**=""
+  Path to CNI plugin binaries (default: "/opt/cni/bin/")
+
 # SEE ALSO
 ocid(8)

--- a/server/config.go
+++ b/server/config.go
@ -14,6 +14,7 @@ type Config struct {
 	APIConfig
 	RuntimeConfig
 	ImageConfig
+	NetworkConfig
 }

 // This structure is necessary to fake the TOML tables when parsing,
@ -93,6 +94,15 @@ type ImageConfig struct {
 	ImageDir string `toml:"image_dir"`
 }

+// NetworkConfig represents the "ocid.network" TOML config table
+type NetworkConfig struct {
+	// NetworkDir is where CNI network configuration files are stored.
+	NetworkDir string `toml:"network_dir"`
+
+	// PluginDir is where CNI plugin binaries are stored.
+	PluginDir string `toml:"plugin_dir"`
+}
+
 // tomlConfig is another way of looking at a Config, which is
 // TOML-friendly (it has all of the explicit tables). It's just used for
 // conversions.
@ -102,6 +112,7 @@ type tomlConfig struct {
 		API     struct{ APIConfig }     `toml:"api"`
 		Runtime struct{ RuntimeConfig } `toml:"runtime"`
 		Image   struct{ ImageConfig }   `toml:"image"`
+		Network struct{ NetworkConfig } `toml:"network"`
 	} `toml:"ocid"`
 }

@ -110,6 +121,7 @@ func (t *tomlConfig) toConfig(c *Config) {
 	c.APIConfig = t.Ocid.API.APIConfig
 	c.RuntimeConfig = t.Ocid.Runtime.RuntimeConfig
 	c.ImageConfig = t.Ocid.Image.ImageConfig
+	c.NetworkConfig = t.Ocid.Network.NetworkConfig
 }

 func (t *tomlConfig) fromConfig(c *Config) {
@ -117,6 +129,7 @@ func (t *tomlConfig) fromConfig(c *Config) {
 	t.Ocid.API.APIConfig = c.APIConfig
 	t.Ocid.Runtime.RuntimeConfig = c.RuntimeConfig
 	t.Ocid.Image.ImageConfig = c.ImageConfig
+	t.Ocid.Network.NetworkConfig = c.NetworkConfig
 }

 // FromFile populates the Config from the TOML-encoded file at the given path.
--- a/server/server.go
+++ b/server/server.go
@ -310,7 +310,7 @@ func New(config *Config) (*Server, error) {
 	}
 	sandboxes := make(map[string]*sandbox)
 	containers := oci.NewMemoryStore()
-	netPlugin, err := ocicni.InitCNI("")
+	netPlugin, err := ocicni.InitCNI(config.NetworkDir)
 	if err != nil {
 		return nil, err
 	}
--- a/test/helpers.bash
+++ b/test/helpers.bash
@ -45,9 +45,15 @@ if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
 fi
 OCID_SOCKET="$TESTDIR/ocid.sock"
 OCID_CONFIG="$TESTDIR/ocid.conf"
+OCID_CNI_CONFIG="$TESTDIR/cni/net.d/"
+OCID_CNI_PLUGIN="/opt/cni/bin/"
+POD_CIDR="10.88.0.0/16"
+POD_CIDR_MASK="10.88.*.*"

 cp "$CONMON_BINARY" "$TESTDIR/conmon"

+mkdir -p $OCID_CNI_CONFIG
+
 PATH=$PATH:$TESTDIR

 # Run ocid using the binary specified by $OCID_BINARY.
@ -106,7 +112,7 @@ function start_ocid() {
 		apparmor="$APPARMOR_PROFILE"
 	fi

-	"$OCID_BINARY" --conmon "$CONMON_BINARY" --pause "$PAUSE_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNC_BINARY" --root "$TESTDIR/ocid" --sandboxdir "$TESTDIR/sandboxes" --containerdir "$TESTDIR/ocid/containers" --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" config >$OCID_CONFIG
+	"$OCID_BINARY" --conmon "$CONMON_BINARY" --pause "$PAUSE_BINARY" --listen "$OCID_SOCKET" --runtime "$RUNC_BINARY" --root "$TESTDIR/ocid" --sandboxdir "$TESTDIR/sandboxes" --containerdir "$TESTDIR/ocid/containers" --seccomp-profile "$seccomp" --apparmor-profile "$apparmor" --cni-config-dir "$OCID_CNI_CONFIG" config >$OCID_CONFIG
 	"$OCID_BINARY" --debug --config "$OCID_CONFIG" & OCID_PID=$!
 	wait_until_reachable
 }
@ -189,3 +195,70 @@ function is_apparmor_enabled() {
 	fi
 	echo 0
 }
+
+function prepare_network_conf() {
+	cat >$OCID_CNI_CONFIG/10-ocid.conf <<-EOF
+{
+    "cniVersion": "0.2.0",
+    "name": "ocidnet",
+    "type": "bridge",
+    "bridge": "cni0",
+    "isGateway": true,
+    "ipMasq": true,
+    "ipam": {
+        "type": "host-local",
+        "subnet": "$1",
+        "routes": [
+            { "dst": "0.0.0.0/0"  }
+        ]
+    }
+}
+EOF
+
+	cat >$OCID_CNI_CONFIG/99-loopback.conf <<-EOF
+{
+    "cniVersion": "0.2.0",
+    "type": "loopback"
+}
+EOF
+
+	echo 0
+}
+
+function check_pod_cidr() {
+        fullnetns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3`
+	netns=`basename $fullnetns`
+
+	ip netns exec $netns ip addr show dev eth0 scope global | grep $POD_CIDR_MASK
+
+	echo $?
+}
+
+function parse_pod_ip() {
+  for arg
+  do
+      cidr=`echo "$arg" | grep $POD_CIDR_MASK`
+      if [ "$cidr" == "$arg" ]
+      then
+	  echo `echo "$arg" | sed "s/\/[0-9][0-9]//"`
+      fi
+  done
+}
+
+function ping_pod() {
+        netns=`ocic pod status --id $1 | grep namespace | cut -d ' ' -f 3`
+	inet=`ip netns exec \`basename $netns\` ip addr show dev eth0 scope global | grep inet`
+
+	IFS=" "
+	ip=`parse_pod_ip $inet`
+
+	ping -W 1 -c 5 $ip
+
+	echo $?
+}
+
+function cleanup_network_conf() {
+	rm -rf $OCID_CNI_CONFIG
+
+	echo 0
+}
--- a/test/network.bats
+++ b/test/network.bats
@ -0,0 +1,61 @@
+#!/usr/bin/env bats
+
+load helpers
+
+@test "Check for valid pod netns CIDR" {
+	# this test requires docker, thus it can't yet be run in a container
+	if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here
+		skip "cannot yet run this test in a container, use sudo make localintegration"
+	fi
+
+	if [ ! -f "$OCID_CNI_PLUGIN/bridge" ]; then
+		skip "missing CNI bridge plugin, please install it"
+	fi
+
+	if [ ! -f "$OCID_CNI_PLUGIN/host-local" ]; then
+		skip "missing CNI host-local IPAM, please install it"
+	fi
+
+	prepare_network_conf $POD_CIDR
+
+	start_ocid
+	run ocic pod run --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+
+	check_pod_cidr $pod_id
+
+	cleanup_pods
+	cleanup_network_conf
+	stop_ocid
+}
+
+@test "Ping pod netns from the host" {
+	# this test requires docker, thus it can't yet be run in a container
+	if [ "$TRAVIS" = "true" ]; then # instead of $TRAVIS, add a function is_containerized to skip here
+		skip "cannot yet run this test in a container, use sudo make localintegration"
+	fi
+
+	if [ ! -f "$OCID_CNI_PLUGIN/bridge" ]; then
+		skip "missing CNI bridge plugin, please install it"
+	fi
+
+	if [ ! -f "$OCID_CNI_PLUGIN/host-local" ]; then
+		skip "missing CNI host-local IPAM, please install it"
+	fi
+
+	prepare_network_conf $POD_CIDR
+
+	start_ocid
+	run ocic pod run --config "$TESTDATA"/sandbox_config.json
+	echo "$output"
+	[ "$status" -eq 0 ]
+	pod_id="$output"
+
+	ping_pod $pod_id
+
+	cleanup_pods
+	cleanup_network_conf
+	stop_ocid
+}