moby/plugin/manager_linux_test.go

274 lines
6.7 KiB
Go
Raw Permalink Normal View History

package plugin // import "github.com/docker/docker/plugin"
import (
"io"
"net"
"os"
"path/filepath"
"syscall"
"testing"
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/events"
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
"github.com/docker/docker/pkg/containerfs"
"github.com/docker/docker/pkg/stringid"
v2 "github.com/docker/docker/plugin/v2"
"github.com/moby/sys/mount"
"github.com/moby/sys/mountinfo"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/pkg/errors"
"gotest.tools/v3/skip"
)
func TestManagerWithPluginMounts(t *testing.T) {
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
root, err := os.MkdirTemp("", "test-store-with-plugin-mounts")
if err != nil {
t.Fatal(err)
}
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
defer containerfs.EnsureRemoveAll(root)
s := NewStore()
managerRoot := filepath.Join(root, "manager")
p1 := newTestPlugin(t, "test1", "testcap", managerRoot)
p2 := newTestPlugin(t, "test2", "testcap", managerRoot)
p2.PluginObj.Enabled = true
m, err := NewManager(
ManagerConfig{
Store: s,
Root: managerRoot,
ExecRoot: filepath.Join(root, "exec"),
CreateExecutor: func(*Manager) (Executor, error) { return nil, nil },
LogPluginEvent: func(_, _ string, _ events.Action) {},
})
if err != nil {
t.Fatal(err)
}
if err := s.Add(p1); err != nil {
t.Fatal(err)
}
if err := s.Add(p2); err != nil {
t.Fatal(err)
}
// Create a mount to simulate a plugin that has created it's own mounts
p2Mount := filepath.Join(p2.Rootfs, "testmount")
if err := os.MkdirAll(p2Mount, 0o755); err != nil {
t.Fatal(err)
}
if err := mount.Mount("tmpfs", p2Mount, "tmpfs", ""); err != nil {
t.Fatal(err)
}
if err := m.Remove(p1.GetID(), &backend.PluginRmConfig{ForceRemove: true}); err != nil {
t.Fatal(err)
}
if mounted, err := mountinfo.Mounted(p2Mount); !mounted || err != nil {
t.Fatalf("expected %s to be mounted, err: %v", p2Mount, err)
}
}
func newTestPlugin(t *testing.T, name, cap, root string) *v2.Plugin {
id := stringid.GenerateRandomID()
rootfs := filepath.Join(root, id)
if err := os.MkdirAll(rootfs, 0o755); err != nil {
t.Fatal(err)
}
p := v2.Plugin{PluginObj: types.Plugin{ID: id, Name: name}}
p.Rootfs = rootfs
iType := types.PluginInterfaceType{Capability: cap, Prefix: "docker", Version: "1.0"}
i := types.PluginConfigInterface{Socket: "plugin.sock", Types: []types.PluginInterfaceType{iType}}
p.PluginObj.Config.Interface = i
p.PluginObj.ID = id
return &p
}
type simpleExecutor struct {
Executor
}
func (e *simpleExecutor) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
return errors.New("Create failed")
}
func TestCreateFailed(t *testing.T) {
root, err := os.MkdirTemp("", "test-create-failed")
if err != nil {
t.Fatal(err)
}
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
defer containerfs.EnsureRemoveAll(root)
s := NewStore()
managerRoot := filepath.Join(root, "manager")
p := newTestPlugin(t, "create", "testcreate", managerRoot)
m, err := NewManager(
ManagerConfig{
Store: s,
Root: managerRoot,
ExecRoot: filepath.Join(root, "exec"),
CreateExecutor: func(*Manager) (Executor, error) { return &simpleExecutor{}, nil },
LogPluginEvent: func(_, _ string, _ events.Action) {},
})
if err != nil {
t.Fatal(err)
}
if err := s.Add(p); err != nil {
t.Fatal(err)
}
if err := m.enable(p, &controller{}, false); err == nil {
t.Fatalf("expected Create failed error, got %v", err)
}
if err := m.Remove(p.GetID(), &backend.PluginRmConfig{ForceRemove: true}); err != nil {
t.Fatal(err)
}
}
type executorWithRunning struct {
m *Manager
root string
exitChans map[string]chan struct{}
}
func (e *executorWithRunning) Create(id string, spec specs.Spec, stdout, stderr io.WriteCloser) error {
sockAddr := filepath.Join(e.root, id, "plugin.sock")
ch := make(chan struct{})
if e.exitChans == nil {
e.exitChans = make(map[string]chan struct{})
}
e.exitChans[id] = ch
listenTestPlugin(sockAddr, ch)
return nil
}
func (e *executorWithRunning) IsRunning(id string) (bool, error) {
return true, nil
}
func (e *executorWithRunning) Restore(id string, stdout, stderr io.WriteCloser) (bool, error) {
return true, nil
}
func (e *executorWithRunning) Signal(id string, signal syscall.Signal) error {
ch := e.exitChans[id]
ch <- struct{}{}
<-ch
e.m.HandleExitEvent(id)
return nil
}
func TestPluginAlreadyRunningOnStartup(t *testing.T) {
plugin/manager_linux_test: Skip privileged tests when non-root This test fail when run by a non-root user === CONT TestPluginAlreadyRunningOnStartup === RUN TestPluginAlreadyRunningOnStartup/live-restore-disabled === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-disabled === RUN TestPluginAlreadyRunningOnStartup/live-restore-enabled === PAUSE TestPluginAlreadyRunningOnStartup/live-restore-enabled === CONT TestPluginAlreadyRunningOnStartup/live-restore-disabled === CONT TestPluginAlreadyRunningOnStartup/live-restore-enabled time="2020-12-15T02:23:03Z" level=error msg="failed to enable plugin" error="chown /tmp/TestPluginAlreadyRunningOnStartup898689032/live-restore-disabled/manager/b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417/rootfs/dev: operation not permitted" id=b6106d4d8937398ec8ec5e7092897ca4dd2eab6aa8043640095ef92b860b1417 === CONT TestPluginAlreadyRunningOnStartup/live-restore-disabled manager_linux_test.go:250: plugin client should not be nil panic: test timed out after 10m0s goroutine 41 [running]: testing.(*M).startAlarm.func1() /usr/lib/go-1.15/src/testing/testing.go:1618 +0xe5 created by time.goFunc /usr/lib/go-1.15/src/time/sleep.go:167 +0x45 goroutine 1 [chan receive, 9 minutes]: testing.tRunner.func1(0xc000001500) /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d testing.tRunner(0xc000001500, 0xc0001dfde0) /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125 testing.runTests(0xc00000e2c0, 0xeade80, 0xa, 0xa, 0xbfee25f7d50c4ace, 0x8bb30f7348, 0xebb2c0, 0x40f710) /usr/lib/go-1.15/src/testing/testing.go:1437 +0x2fe testing.(*M).Run(0xc000394100, 0x0) /usr/lib/go-1.15/src/testing/testing.go:1345 +0x1eb main.main() _testmain.go:61 +0x138 goroutine 11 [chan receive, 9 minutes]: testing.tRunner.func1(0xc000412180) /usr/lib/go-1.15/src/testing/testing.go:1088 +0x24d testing.tRunner(0xc000412180, 0xad9b38) /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125 created by testing.(*T).Run /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3 goroutine 16 [chan receive, 9 minutes]: testing.runTests.func1.1(0xc000001500) /usr/lib/go-1.15/src/testing/testing.go:1444 +0x3b created by testing.runTests.func1 /usr/lib/go-1.15/src/testing/testing.go:1444 +0xac goroutine 34 [chan send, 9 minutes]: github.com/docker/docker/plugin.(*executorWithRunning).Signal(0xc0003e31e0, 0xc0000317c0, 0x40, 0xf, 0x3f, 0x3f) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:171 +0x73 github.com/docker/docker/plugin.shutdownPlugin(0xc0003e6840, 0xc000096360, 0xb6dfc0, 0xc0003e31e0) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:157 +0x8a github.com/docker/docker/plugin.(*Manager).Shutdown(0xc0003e80c0) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux.go:211 +0x1a7 runtime.Goexit() /usr/lib/go-1.15/src/runtime/panic.go:617 +0x1e5 testing.(*common).FailNow(0xc000412a80) /usr/lib/go-1.15/src/testing/testing.go:732 +0x3c testing.(*common).Fatal(0xc000412a80, 0xc00015ddc8, 0x1, 0x1) /usr/lib/go-1.15/src/testing/testing.go:800 +0x78 github.com/docker/docker/plugin.TestPluginAlreadyRunningOnStartup.func3(0xc000412a80) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:250 +0x919 testing.tRunner(0xc000412a80, 0xc0003e4f90) /usr/lib/go-1.15/src/testing/testing.go:1123 +0xef created by testing.(*T).Run /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3 goroutine 35 [chan send, 9 minutes]: testing.tRunner.func1(0xc000412d80) /usr/lib/go-1.15/src/testing/testing.go:1113 +0x373 testing.tRunner(0xc000412d80, 0xc0003e4fc0) /usr/lib/go-1.15/src/testing/testing.go:1127 +0x125 created by testing.(*T).Run /usr/lib/go-1.15/src/testing/testing.go:1168 +0x2b3 goroutine 50 [IO wait, 9 minutes]: internal/poll.runtime_pollWait(0x7f7b26d75e70, 0x72, 0x0) /usr/lib/go-1.15/src/runtime/netpoll.go:222 +0x55 internal/poll.(*pollDesc).wait(0xc000518018, 0x72, 0x0, 0x0, 0xab05ec) /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:87 +0x45 internal/poll.(*pollDesc).waitRead(...) /usr/lib/go-1.15/src/internal/poll/fd_poll_runtime.go:92 internal/poll.(*FD).Accept(0xc000518000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) /usr/lib/go-1.15/src/internal/poll/fd_unix.go:394 +0x1fc net.(*netFD).accept(0xc000518000, 0x64298f, 0xc000394080, 0x0) /usr/lib/go-1.15/src/net/fd_unix.go:172 +0x45 net.(*UnixListener).accept(0xc00050c0f0, 0xc000394080, 0x0, 0x0) /usr/lib/go-1.15/src/net/unixsock_posix.go:162 +0x32 net.(*UnixListener).Accept(0xc00050c0f0, 0x0, 0x0, 0x0, 0x0) /usr/lib/go-1.15/src/net/unixsock.go:260 +0x65 github.com/docker/docker/plugin.listenTestPlugin.func1(0xb6be00, 0xc00050c0f0) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:266 +0x3d created by github.com/docker/docker/plugin.listenTestPlugin /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:264 +0x105 goroutine 51 [chan receive, 9 minutes]: github.com/docker/docker/plugin.listenTestPlugin.func2(0xc000516000, 0xb6be00, 0xc00050c0f0, 0xc000514000, 0x65) /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:274 +0x34 created by github.com/docker/docker/plugin.listenTestPlugin /<<PKGBUILDDIR>>/_build/src/github.com/docker/docker/plugin/manager_linux_test.go:273 +0x14f FAIL github.com/docker/docker/plugin 600.013s Signed-off-by: Arnaud Rebillout <elboulangero@gmail.com>
2020-12-15 02:45:00 +00:00
skip.If(t, os.Getuid() != 0, "skipping test that requires root")
t.Parallel()
root, err := os.MkdirTemp("", t.Name())
if err != nil {
t.Fatal(err)
}
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
defer containerfs.EnsureRemoveAll(root)
for _, test := range []struct {
desc string
config ManagerConfig
}{
{
desc: "live-restore-disabled",
config: ManagerConfig{
LogPluginEvent: func(_, _ string, _ events.Action) {},
},
},
{
desc: "live-restore-enabled",
config: ManagerConfig{
LogPluginEvent: func(_, _ string, _ events.Action) {},
LiveRestoreEnabled: true,
},
},
} {
t.Run(test.desc, func(t *testing.T) {
config := test.config
desc := test.desc
t.Parallel()
p := newTestPlugin(t, desc, desc, config.Root)
p.PluginObj.Enabled = true
// Need a short-ish path here so we don't run into unix socket path length issues.
config.ExecRoot, err = os.MkdirTemp("", "plugintest")
executor := &executorWithRunning{root: config.ExecRoot}
config.CreateExecutor = func(m *Manager) (Executor, error) { executor.m = m; return executor, nil }
if err := executor.Create(p.GetID(), specs.Spec{}, nil, nil); err != nil {
t.Fatal(err)
}
root := filepath.Join(root, desc)
config.Root = filepath.Join(root, "manager")
if err := os.MkdirAll(filepath.Join(config.Root, p.GetID()), 0o755); err != nil {
t.Fatal(err)
}
if !p.IsEnabled() {
t.Fatal("plugin should be enabled")
}
if err := (&Manager{config: config}).save(p); err != nil {
t.Fatal(err)
}
s := NewStore()
config.Store = s
if err != nil {
t.Fatal(err)
}
pkg/system: move EnsureRemoveAll() to pkg/containerfs pkg/system historically has been a bit of a kitchen-sink of things that were somewhat "system" related, but didn't have a good place for. EnsureRemoveAll() is one of those utilities. EnsureRemoveAll() is used to both unmount and remove a path, for which it depends on both github.com/moby/sys/mount, which in turn depends on github.com/moby/sys/mountinfo. pkg/system is imported in the CLI, but neither EnsureRemoveAll(), nor any of its moby/sys dependencies are used on the client side, so let's move this function somewhere else, to remove those dependencies from the CLI. I looked for plausible locations that were related; it's used in: - daemon - daemon/graphdriver/XXX/ - plugin I considered moving it into a (e.g.) "utils" package within graphdriver (but not a huge fan of "utils" packages), and given that it felt (mostly) related to cleaning up container filesystems, I decided to move it there. Some things to follow-up on after this: - Verify if this function is still needed (it feels a bit like a big hammer in a "YOLO, let's try some things just in case it fails") - Perhaps it should be integrated in `containerfs.Remove()` (so that it's used automatically) - Look if there's other implementations (and if they should be consolidated), although (e.g.) the one in containerd is a copy of ours: https://github.com/containerd/containerd/blob/v1.5.9/pkg/cri/server/helpers_linux.go#L200 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-02 21:43:07 +00:00
defer containerfs.EnsureRemoveAll(config.ExecRoot)
m, err := NewManager(config)
if err != nil {
t.Fatal(err)
}
defer m.Shutdown()
p = s.GetAll()[p.GetID()] // refresh `p` with what the manager knows
if p.Client() == nil {
t.Fatal("plugin client should not be nil")
}
})
}
}
func listenTestPlugin(sockAddr string, exit chan struct{}) (net.Listener, error) {
if err := os.MkdirAll(filepath.Dir(sockAddr), 0o755); err != nil {
return nil, err
}
l, err := net.Listen("unix", sockAddr)
if err != nil {
return nil, err
}
go func() {
for {
conn, err := l.Accept()
if err != nil {
return
}
conn.Close()
}
}()
go func() {
<-exit
l.Close()
os.Remove(sockAddr)
exit <- struct{}{}
}()
return l, nil
}