Commit graph

74 commits

Author SHA1 Message Date
Nalin Dahyabhai
ebe86effe2 Pass --signature-policy to copyimg
When calling copyimg to pull down an image in the integration tests,
don't forget to pass in the test signature policy.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-26 14:01:47 +01:00
Daniel J Walsh
9c61688098 Default type for containers is not container_t
We usually specify MCS Labels as comma separated pair.
Finally if we run two different containers we want them on different
MCS labels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-01-25 22:11:30 +01:00
Antonio Murdaca
5d86f1f110
test: enable tests in Travis
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 19:14:46 +01:00
Antonio Murdaca
25d40b6927
test: use checkseccomp to test if seccomp is supported
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
0d37c41521
test: add a custom binary to reliable check seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Antonio Murdaca
f1f5c635d2
test: change location of the test image
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-01-19 18:51:47 +01:00
Nalin Dahyabhai
aeea656581 Limit implicit image pulling to the pause image
The CRI doesn't expect us to implicitly pull an image if it isn't
already present before we're asked to use it to create a container, and
the tests no longer depend on us doing so, either.

Limit the logic which attempts to pull an image, if it isn't present, to
only pulling the configured "pause" image, since our use of that image
for running pod sandboxes is an implementation detail that our clients
can't be expected to know or care about.  Include the name of the image
that we didn't pull in the error we return when we don't pull one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
925806b8fa Add and use copyimg for caching images for tests
Add a basic tool for copying images from one location to another,
optionally adding a name if it's to local storage.  Ideally we could use
skopeo for this, but we don't want to build it.

Use it to initially populate the test/testdata/redis-image directory, if
it's not been cleaned out, with a copy of "docker://redis:latest", and
to copy it in to the storage that ocid is using before we start up ocid.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
636d5d8e9a Add and use bin2img for creating images for tests
Add tests which exercise image pulling, listing, and removal.  When running
tests, prepopulate the store with an image with the default infrastructure
container's name, using the locally-built "pause" binary, so that tests won't
have to pull it down from the network.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Nalin Dahyabhai
c0333b102b Integrate containers/storage
Use containers/storage to store images, pod sandboxes, and containers.
A pod sandbox's infrastructure container has the same ID as the pod to
which it belongs, and all containers also keep track of their pod's ID.

The container configuration that we build using the data in a
CreateContainerRequest is stored in the container's ContainerDirectory
and ContainerRunDirectory.

We catch SIGTERM and SIGINT, and when we receive either, we gracefully
exit the grpc loop.  If we also think that there aren't any container
filesystems in use, we attempt to do a clean shutdown of the storage
driver.

The test harness now waits for ocid to exit before attempting to delete
the storage root directory.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-01-18 10:23:30 -05:00
Antonio Murdaca
00e6832715 Merge pull request #320 from jawnsy/build-with-go-install
Build with go install
2017-01-18 00:06:13 +01:00
Mrunal Patel
e785e3e07f Remove host ping test
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-01-17 13:43:23 -08:00
Jonathan Yu
6c9628cdb1
Build and install from GOPATH
* Rename 'vendor/src' -> 'vendor'
  * Ignore vendor/ instead of vendor/src/ for lint
* Rename 'cmd/client' -> 'cmd/ocic' to make it 'go install'able
* Rename 'cmd/server' -> 'cmd/ocid' to make it 'go install'able
* Update Makefile to build and install from GOPATH
* Update tests to locate ocid/ocic in GOPATH/bin
* Search for binaries in GOPATH/bin instead of PATH
* Install tools using `go get -u`, so they are updated on each run

Signed-off-by: Jonathan Yu <jawnsy@redhat.com>
2017-01-17 12:09:09 -08:00
Samuel Ortiz
ce54c1e5e9
test: Do not hardcode runc specific output
"executable file not found in" is part of a runc
specific output when 'runc exec' fails.
This prevents the execsync failure to pass when running
ocid with other runtimes than runc.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-01-14 02:02:45 +01:00
Samuel Ortiz
8e1af3668a
test: Fix networking helpers indentation
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:26:18 +01:00
Samuel Ortiz
b6455253c2
test: Add host pod ping test
We create a pod with host networking and we try to ping
it from the host.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 12:24:37 +01:00
Samuel Ortiz
5273bef5d2
test: Add a inter pod ping networking test
We create 2 pods in 2 different networking namespace and
we check if we can ping one from the other.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-21 11:28:33 +01:00
Samuel Ortiz
b97a57c006
test: Skip networking tests if CNI plugins are missing
If the CNI binaries (bridge and host-local) are not installed,
we skip the tests.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:23 +01:00
Samuel Ortiz
4c702fb60c
test: Add 2 basic networking tests
We create temporary CNI networking configurations and run 2
functional tests:

- Verify that the networking namespace interface has a valid CIDR
- Ping the networking namespace interface from the host

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-20 12:50:20 +01:00
Mrunal Patel
a418ef8dc2 Fixup cgroup in test sandbox config
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-12-16 13:33:38 -08:00
Antonio Murdaca
e1054cf28e
cmd/client: move pod create to pod run
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-14 18:15:37 +01:00
Antonio Murdaca
4bb0830c37 Merge pull request #239 from xlgao-zju/reload-apparmor-profile
reload default apparmor profile if it is unloaded
2016-12-13 11:10:26 +01:00
Antonio Murdaca
f22dc5244f
test: add restart ocid with pod stopped test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-09 11:56:25 +01:00
Mrunal Patel
0e1db291b6 Merge pull request #251 from sameo/topic/bats
test: Add a pod remove idempotent test
2016-12-08 16:20:41 -08:00
Mrunal Patel
7a6213c3ef Merge pull request #248 from sameo/topic/config.json
testdata: Add missing closed curly
2016-12-08 16:12:02 -08:00
Samuel Ortiz
d701009264
test: Add a pod remove idempotent test
Test if we can remove a pod several times without
generating an error.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:43:25 +01:00
Samuel Ortiz
c55d9a5da6
testdata: Add missing closed curly
Typo introduced by PR #244.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-09 00:11:16 +01:00
fd7a052023
testdata: fix invalid json doc
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2016-12-08 15:23:24 -05:00
Samuel Ortiz
5d8537f270
testdata: sandbox ns options should be under security_context
And not directly under linux.

Fixes #243

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2016-12-08 18:09:28 +01:00
Xianglin Gao
cb5ed1ce9d reload default apparmor profile if it is unloaded
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-07 20:19:29 +08:00
Mrunal Patel
a4021ba179 Merge pull request #235 from runcom/fix-state
server: sync ctr state before checking it
2016-12-06 09:42:43 -08:00
Antonio Murdaca
1b2d4f3d60
server: sync ctr state before checking it
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:39:38 +01:00
Antonio Murdaca
f2b4fda554
server: fix ctr filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:34 +01:00
Antonio Murdaca
e7492ca12f
server: fix pod filter by truncated id
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:16:30 +01:00
Antonio Murdaca
15f23bc6ac
test: fix apparmor detection
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-12-06 12:10:32 +01:00
Xianglin Gao
4f323377ee add apparmor build tag and update readme
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-06 11:51:15 +08:00
Xianglin Gao
bec3c3e2aa add test cases
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
2016-12-01 21:42:13 +08:00
Antonio Murdaca
78ee03a8fc
add seccomp support
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-28 22:05:34 +01:00
Mrunal Patel
d12c4b68ac Merge pull request #212 from runcom/execsync-fix
execsync: return proper error description
2016-11-24 08:28:45 -08:00
HaoZhang
bdd817d002 add test for sysctls
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-24 20:32:33 +08:00
Antonio Murdaca
cbe2a68ce5
execsync: return proper error description
The gprc execsync client call doesn't populate `ExecSyncResponse` on
error at all. You just get an error.
This patch modifies the code to include command's streams, exit code
and error direcly into the error. `ocic` will then print useful
infomation in the cli, otherwise it won't.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-11-24 12:11:04 +01:00
Mrunal Patel
3e415d0c2f Add test for exec sync
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-11-21 13:16:36 -08:00
HaoZhang
018c4db06d add test for container/pod metadata in status/list APIs
Signed-off-by: HaoZhang <crazykev@zju.edu.cn>
2016-11-02 00:37:40 +08:00
Mrunal Patel
2be40e0a31 Add tests for pod filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-17 12:51:21 -07:00
Dan Walsh
488216f57b Make sure selinuxenabled exists before executing it
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 08:48:14 -04:00
Dan Walsh
04807d586a Setup proper labeling for running test with selinux
The rootfs that gets created needs to have an SELinux label that containers
can write to.  Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-14 17:29:20 -04:00
Mrunal Patel
e1a4b71478 Add more tests for label filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-14 12:06:10 -07:00
Mrunal Patel
1d58bc8eae Add a test for label filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-14 09:58:09 -07:00
Mrunal Patel
1bb79c9bbb Add a test for container list filtering
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2016-10-13 12:40:07 -07:00
Antonio Murdaca
8a9395964e
server/sandbox: fix add/release pod/ctr ids and names
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2016-10-13 18:48:23 +02:00