lxc_template_unit_test.go 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368
  1. // +build linux
  2. package lxc
  3. import (
  4. "bufio"
  5. "fmt"
  6. "github.com/docker/docker/daemon/execdriver"
  7. nativeTemplate "github.com/docker/docker/daemon/execdriver/native/template"
  8. "github.com/docker/libcontainer/devices"
  9. "github.com/docker/libcontainer/security/capabilities"
  10. "github.com/syndtr/gocapability/capability"
  11. "io/ioutil"
  12. "math/rand"
  13. "os"
  14. "path"
  15. "strings"
  16. "testing"
  17. "time"
  18. )
  19. func TestLXCConfig(t *testing.T) {
  20. root, err := ioutil.TempDir("", "TestLXCConfig")
  21. if err != nil {
  22. t.Fatal(err)
  23. }
  24. defer os.RemoveAll(root)
  25. os.MkdirAll(path.Join(root, "containers", "1"), 0777)
  26. // Memory is allocated randomly for testing
  27. rand.Seed(time.Now().UTC().UnixNano())
  28. var (
  29. memMin = 33554432
  30. memMax = 536870912
  31. mem = memMin + rand.Intn(memMax-memMin)
  32. cpuMin = 100
  33. cpuMax = 10000
  34. cpu = cpuMin + rand.Intn(cpuMax-cpuMin)
  35. )
  36. driver, err := NewDriver(root, "", false)
  37. if err != nil {
  38. t.Fatal(err)
  39. }
  40. command := &execdriver.Command{
  41. ID: "1",
  42. Resources: &execdriver.Resources{
  43. Memory: int64(mem),
  44. CpuShares: int64(cpu),
  45. },
  46. Network: &execdriver.Network{
  47. Mtu: 1500,
  48. Interface: nil,
  49. },
  50. AllowedDevices: make([]*devices.Device, 0),
  51. ProcessConfig: execdriver.ProcessConfig{},
  52. }
  53. p, err := driver.generateLXCConfig(command)
  54. if err != nil {
  55. t.Fatal(err)
  56. }
  57. grepFile(t, p,
  58. fmt.Sprintf("lxc.cgroup.memory.limit_in_bytes = %d", mem))
  59. grepFile(t, p,
  60. fmt.Sprintf("lxc.cgroup.memory.memsw.limit_in_bytes = %d", mem*2))
  61. }
  62. func TestCustomLxcConfig(t *testing.T) {
  63. root, err := ioutil.TempDir("", "TestCustomLxcConfig")
  64. if err != nil {
  65. t.Fatal(err)
  66. }
  67. defer os.RemoveAll(root)
  68. os.MkdirAll(path.Join(root, "containers", "1"), 0777)
  69. driver, err := NewDriver(root, "", false)
  70. if err != nil {
  71. t.Fatal(err)
  72. }
  73. processConfig := execdriver.ProcessConfig{
  74. Privileged: false,
  75. }
  76. command := &execdriver.Command{
  77. ID: "1",
  78. LxcConfig: []string{
  79. "lxc.utsname = docker",
  80. "lxc.cgroup.cpuset.cpus = 0,1",
  81. },
  82. Network: &execdriver.Network{
  83. Mtu: 1500,
  84. Interface: nil,
  85. },
  86. ProcessConfig: processConfig,
  87. }
  88. p, err := driver.generateLXCConfig(command)
  89. if err != nil {
  90. t.Fatal(err)
  91. }
  92. grepFile(t, p, "lxc.utsname = docker")
  93. grepFile(t, p, "lxc.cgroup.cpuset.cpus = 0,1")
  94. }
  95. func grepFile(t *testing.T, path string, pattern string) {
  96. grepFileWithReverse(t, path, pattern, false)
  97. }
  98. func grepFileWithReverse(t *testing.T, path string, pattern string, inverseGrep bool) {
  99. f, err := os.Open(path)
  100. if err != nil {
  101. t.Fatal(err)
  102. }
  103. defer f.Close()
  104. r := bufio.NewReader(f)
  105. var (
  106. line string
  107. )
  108. err = nil
  109. for err == nil {
  110. line, err = r.ReadString('\n')
  111. if strings.Contains(line, pattern) == true {
  112. if inverseGrep {
  113. t.Fatalf("grepFile: pattern \"%s\" found in \"%s\"", pattern, path)
  114. }
  115. return
  116. }
  117. }
  118. if inverseGrep {
  119. return
  120. }
  121. t.Fatalf("grepFile: pattern \"%s\" not found in \"%s\"", pattern, path)
  122. }
  123. func TestEscapeFstabSpaces(t *testing.T) {
  124. var testInputs = map[string]string{
  125. " ": "\\040",
  126. "": "",
  127. "/double space": "/double\\040\\040space",
  128. "/some long test string": "/some\\040long\\040test\\040string",
  129. "/var/lib/docker": "/var/lib/docker",
  130. " leading": "\\040leading",
  131. "trailing ": "trailing\\040",
  132. }
  133. for in, exp := range testInputs {
  134. if out := escapeFstabSpaces(in); exp != out {
  135. t.Logf("Expected %s got %s", exp, out)
  136. t.Fail()
  137. }
  138. }
  139. }
  140. func TestIsDirectory(t *testing.T) {
  141. tempDir, err := ioutil.TempDir("", "TestIsDir")
  142. if err != nil {
  143. t.Fatal(err)
  144. }
  145. defer os.RemoveAll(tempDir)
  146. tempFile, err := ioutil.TempFile(tempDir, "TestIsDirFile")
  147. if err != nil {
  148. t.Fatal(err)
  149. }
  150. if isDirectory(tempDir) != "dir" {
  151. t.Logf("Could not identify %s as a directory", tempDir)
  152. t.Fail()
  153. }
  154. if isDirectory(tempFile.Name()) != "file" {
  155. t.Logf("Could not identify %s as a file", tempFile.Name())
  156. t.Fail()
  157. }
  158. }
  159. func TestCustomLxcConfigMounts(t *testing.T) {
  160. root, err := ioutil.TempDir("", "TestCustomLxcConfig")
  161. if err != nil {
  162. t.Fatal(err)
  163. }
  164. defer os.RemoveAll(root)
  165. tempDir, err := ioutil.TempDir("", "TestIsDir")
  166. if err != nil {
  167. t.Fatal(err)
  168. }
  169. defer os.RemoveAll(tempDir)
  170. tempFile, err := ioutil.TempFile(tempDir, "TestIsDirFile")
  171. if err != nil {
  172. t.Fatal(err)
  173. }
  174. os.MkdirAll(path.Join(root, "containers", "1"), 0777)
  175. driver, err := NewDriver(root, "", false)
  176. if err != nil {
  177. t.Fatal(err)
  178. }
  179. processConfig := execdriver.ProcessConfig{
  180. Privileged: false,
  181. }
  182. mounts := []execdriver.Mount{
  183. {
  184. Source: tempDir,
  185. Destination: tempDir,
  186. Writable: false,
  187. Private: true,
  188. },
  189. {
  190. Source: tempFile.Name(),
  191. Destination: tempFile.Name(),
  192. Writable: true,
  193. Private: true,
  194. },
  195. }
  196. command := &execdriver.Command{
  197. ID: "1",
  198. LxcConfig: []string{
  199. "lxc.utsname = docker",
  200. "lxc.cgroup.cpuset.cpus = 0,1",
  201. },
  202. Network: &execdriver.Network{
  203. Mtu: 1500,
  204. Interface: nil,
  205. },
  206. Mounts: mounts,
  207. ProcessConfig: processConfig,
  208. }
  209. p, err := driver.generateLXCConfig(command)
  210. if err != nil {
  211. t.Fatal(err)
  212. }
  213. grepFile(t, p, "lxc.utsname = docker")
  214. grepFile(t, p, "lxc.cgroup.cpuset.cpus = 0,1")
  215. grepFile(t, p, fmt.Sprintf("lxc.mount.entry = %s %s none rbind,ro,create=%s 0 0", tempDir, "/"+tempDir, "dir"))
  216. grepFile(t, p, fmt.Sprintf("lxc.mount.entry = %s %s none rbind,rw,create=%s 0 0", tempFile.Name(), "/"+tempFile.Name(), "file"))
  217. }
  218. func TestCustomLxcConfigMisc(t *testing.T) {
  219. root, err := ioutil.TempDir("", "TestCustomLxcConfig")
  220. if err != nil {
  221. t.Fatal(err)
  222. }
  223. defer os.RemoveAll(root)
  224. os.MkdirAll(path.Join(root, "containers", "1"), 0777)
  225. driver, err := NewDriver(root, "", false)
  226. if err != nil {
  227. t.Fatal(err)
  228. }
  229. processConfig := execdriver.ProcessConfig{
  230. Privileged: false,
  231. }
  232. processConfig.Env = []string{"HOSTNAME=testhost"}
  233. command := &execdriver.Command{
  234. ID: "1",
  235. LxcConfig: []string{
  236. "lxc.cgroup.cpuset.cpus = 0,1",
  237. },
  238. Network: &execdriver.Network{
  239. Mtu: 1500,
  240. Interface: &execdriver.NetworkInterface{
  241. Gateway: "10.10.10.1",
  242. IPAddress: "10.10.10.10",
  243. IPPrefixLen: 24,
  244. Bridge: "docker0",
  245. },
  246. },
  247. ProcessConfig: processConfig,
  248. CapAdd: []string{"net_admin", "syslog"},
  249. CapDrop: []string{"kill", "mknod"},
  250. }
  251. p, err := driver.generateLXCConfig(command)
  252. if err != nil {
  253. t.Fatal(err)
  254. }
  255. // network
  256. grepFile(t, p, "lxc.network.type = veth")
  257. grepFile(t, p, "lxc.network.link = docker0")
  258. grepFile(t, p, "lxc.network.name = eth0")
  259. grepFile(t, p, "lxc.network.ipv4 = 10.10.10.10/24")
  260. grepFile(t, p, "lxc.network.ipv4.gateway = 10.10.10.1")
  261. grepFile(t, p, "lxc.network.flags = up")
  262. // hostname
  263. grepFile(t, p, "lxc.utsname = testhost")
  264. grepFile(t, p, "lxc.cgroup.cpuset.cpus = 0,1")
  265. container := nativeTemplate.New()
  266. for _, cap := range container.Capabilities {
  267. realCap := capabilities.GetCapability(cap)
  268. numCap := fmt.Sprintf("%d", realCap.Value)
  269. if cap != "MKNOD" && cap != "KILL" {
  270. grepFile(t, p, fmt.Sprintf("lxc.cap.keep = %s", numCap))
  271. }
  272. }
  273. grepFileWithReverse(t, p, fmt.Sprintf("lxc.cap.keep = %d", capability.CAP_KILL), true)
  274. grepFileWithReverse(t, p, fmt.Sprintf("lxc.cap.keep = %d", capability.CAP_MKNOD), true)
  275. }
  276. func TestCustomLxcConfigMiscOverride(t *testing.T) {
  277. root, err := ioutil.TempDir("", "TestCustomLxcConfig")
  278. if err != nil {
  279. t.Fatal(err)
  280. }
  281. defer os.RemoveAll(root)
  282. os.MkdirAll(path.Join(root, "containers", "1"), 0777)
  283. driver, err := NewDriver(root, "", false)
  284. if err != nil {
  285. t.Fatal(err)
  286. }
  287. processConfig := execdriver.ProcessConfig{
  288. Privileged: false,
  289. }
  290. processConfig.Env = []string{"HOSTNAME=testhost"}
  291. command := &execdriver.Command{
  292. ID: "1",
  293. LxcConfig: []string{
  294. "lxc.cgroup.cpuset.cpus = 0,1",
  295. "lxc.network.ipv4 = 172.0.0.1",
  296. },
  297. Network: &execdriver.Network{
  298. Mtu: 1500,
  299. Interface: &execdriver.NetworkInterface{
  300. Gateway: "10.10.10.1",
  301. IPAddress: "10.10.10.10",
  302. IPPrefixLen: 24,
  303. Bridge: "docker0",
  304. },
  305. },
  306. ProcessConfig: processConfig,
  307. CapAdd: []string{"NET_ADMIN", "SYSLOG"},
  308. CapDrop: []string{"KILL", "MKNOD"},
  309. }
  310. p, err := driver.generateLXCConfig(command)
  311. if err != nil {
  312. t.Fatal(err)
  313. }
  314. // network
  315. grepFile(t, p, "lxc.network.type = veth")
  316. grepFile(t, p, "lxc.network.link = docker0")
  317. grepFile(t, p, "lxc.network.name = eth0")
  318. grepFile(t, p, "lxc.network.ipv4 = 172.0.0.1")
  319. grepFile(t, p, "lxc.network.ipv4.gateway = 10.10.10.1")
  320. grepFile(t, p, "lxc.network.flags = up")
  321. // hostname
  322. grepFile(t, p, "lxc.utsname = testhost")
  323. grepFile(t, p, "lxc.cgroup.cpuset.cpus = 0,1")
  324. container := nativeTemplate.New()
  325. for _, cap := range container.Capabilities {
  326. realCap := capabilities.GetCapability(cap)
  327. numCap := fmt.Sprintf("%d", realCap.Value)
  328. if cap != "MKNOD" && cap != "KILL" {
  329. grepFile(t, p, fmt.Sprintf("lxc.cap.keep = %s", numCap))
  330. }
  331. }
  332. grepFileWithReverse(t, p, fmt.Sprintf("lxc.cap.keep = %d", capability.CAP_KILL), true)
  333. grepFileWithReverse(t, p, fmt.Sprintf("lxc.cap.keep = %d", capability.CAP_MKNOD), true)
  334. }