From a09152ab28b55ee30439ff88337781434d38dffa Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 15:54:56 +0200 Subject: [PATCH 1/9] test/system: remove podman wait test It takes over 10 seconds for this test as it uses --wait 5 twice which runs into the timeout. IMO this tests is just redundant as it is already covered in the e2e tests much better. Thus remove it here. Signed-off-by: Paul Holzinger --- test/system/075-exec.bats | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index 53f0c20b55..0c0f7cab8f 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -136,20 +136,6 @@ load helpers run_podman rm -t 0 -f $cid } -@test "podman exec --wait" { - skip_if_remote "test is meaningless over remote" - - # wait on bogus container - run_podman 125 exec --wait 5 "bogus_container" echo hello - assert "$output" = "Error: timed out waiting for container: bogus_container" - - run_podman create --name "wait_container" $IMAGE top - run_podman 255 exec --wait 5 "wait_container" echo hello - assert "$output" = "Error: can only create exec sessions on running containers: container state improper" - - run_podman rm -f wait_container -} - @test "podman run umask" { umask="0724" run_podman run --rm -q $IMAGE grep Umask /proc/self/status From 9de1d4f6533edf6fd9ba1dcbd116aae030814632 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 16:20:05 +0200 Subject: [PATCH 2/9] test/system: speed up "podman auto-update using systemd" Defining a timer with a fixed interval is not a good idea as we first have to wait until the timer triggers, while the interval was every two seconds it means that we have to wait at least 2s for it to start. However much worse it means it triggers the unit over and over, this seems to cause some soft of race with the output check. I have seen this test run 10-60s which does not make much sense. Switching the timer to trgger once on start seem to make the test run consistently in 7s locally for me so this is much better. There still is the question if we really have to test this at all on each upstream PR but I left it for now. Signed-off-by: Paul Holzinger --- test/system/255-auto-update.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/system/255-auto-update.bats b/test/system/255-auto-update.bats index f870546aca..eac97801ed 100644 --- a/test/system/255-auto-update.bats +++ b/test/system/255-auto-update.bats @@ -132,7 +132,6 @@ function _confirm_update() { # Image has already been pulled, so this shouldn't take too long local timeout=10 while [[ $timeout -gt 0 ]]; do - sleep 1 run_podman '?' inspect --format "{{.Image}}" $cname if [[ $status != 0 ]]; then if [[ $output =~ (no such object|does not exist in database): ]]; then @@ -144,6 +143,7 @@ function _confirm_update() { elif [[ $output != $old_iid ]]; then return fi + sleep 1 timeout=$((timeout - 1)) done @@ -417,7 +417,7 @@ EOF Description=Podman auto-update testing timer [Timer] -OnCalendar=*-*-* *:*:0/2 +OnActiveSec=0s Persistent=true [Install] From 9a7ffaa0773517c6ee45471fc6828c6a5fcb526c Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 17:14:28 +0200 Subject: [PATCH 3/9] test/system: speed up podman events tests Merge two podman event tests into one to speed them up as they did mostly the same anyway. This way we only have to do the setup/teardown once and only run one container. Second, add the --since option because reading the journal can be slow if you have thousands of event entries. This is not so critical in CI as we run on fresh systems but on local dev machines I have almost 100k events in the journal so parsing all of them makes this test slow (like 30s), with this change I can get it under 1s. Signed-off-by: Paul Holzinger --- test/system/090-events.bats | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/test/system/090-events.bats b/test/system/090-events.bats index 072d7f9f4f..993d7beebc 100644 --- a/test/system/090-events.bats +++ b/test/system/090-events.bats @@ -7,41 +7,34 @@ load helpers load helpers.network # bats test_tags=distro-integration -@test "events with a filter by label" { +@test "events with a filter by label and --no-trunc option" { cname=test-$(random_string 30 | tr A-Z a-z) labelname=$(random_string 10) labelvalue=$(random_string 15) - run_podman run --label $labelname=$labelvalue --name $cname --rm $IMAGE ls + before=$(date --iso-8601=seconds) + run_podman run -d --label $labelname=$labelvalue --name $cname --rm $IMAGE true + id="$output" - expect=".* container start [0-9a-f]\+ (image=$IMAGE, name=$cname,.* ${labelname}=${labelvalue}" - run_podman events --filter type=container -f container=$cname --filter label=${labelname}=${labelvalue} --filter event=start --stream=false + expect=".* container start $id (image=$IMAGE, name=$cname,.* ${labelname}=${labelvalue}" + run_podman events --since "$before" --filter type=container -f container=$cname --filter label=${labelname}=${labelvalue} --filter event=start --stream=false is "$output" "$expect" "filtering by container name and label" # Same thing, but without the container-name filter - run_podman system events -f type=container --filter label=${labelname}=${labelvalue} --filter event=start --stream=false + run_podman system events --since "$before" -f type=container --filter label=${labelname}=${labelvalue} --filter event=start --stream=false is "$output" "$expect" "filtering just by label" # Now filter just by container name, no label - run_podman events --filter type=container --filter container=$cname --filter event=start --stream=false + run_podman events --since "$before" --filter type=container --filter container=$cname --filter event=start --stream=false is "$output" "$expect" "filtering just by container" -} - -@test "truncate events" { - cname=test-$(random_string 30 | tr A-Z a-z) - - run_podman run -d --name=$cname --rm $IMAGE echo hi - id="$output" - - run_podman events --filter container=$cname --filter event=start --stream=false - is "$output" ".* $id " "filtering by container name full id" + # check --no-trunc=false truncID=${id:0:12} - run_podman events --filter container=$cname --filter event=start --stream=false --no-trunc=false + run_podman events --since "$before" --filter container=$cname --filter event=start --stream=false --no-trunc=false is "$output" ".* $truncID " "filtering by container name trunc id" # --no-trunc does not affect --format; we always get the full ID - run_podman events --filter container=$cname --filter event=died --stream=false --format='{{.ID}}--{{.Image}}' --no-trunc=false + run_podman events --since "$before" --filter container=$cname --filter event=died --stream=false --format='{{.ID}}--{{.Image}}' --no-trunc=false assert "$output" = "${id}--${IMAGE}" } From 82bffb9c503b9c34fdf61313b7fcad94c6b1bb86 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 17:37:20 +0200 Subject: [PATCH 4/9] test/system: fix slow kube play --wait with siginterrupt This test waits 15 seconds to send sigterm for no good reason, we can just make the timeout shorter. Also make sure the podman command quit on sigterm by looking for the output message. While at it fix the tests to use $PODMAN_TMPDIR not /tmp and define the yaml in the test instead of using the podman create && podman kube generate && podman rm way to create the yaml as it is a bit slower as we have to call three podman commands for it. Signed-off-by: Paul Holzinger --- test/system/700-play.bats | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/test/system/700-play.bats b/test/system/700-play.bats index 1441775748..e594f7d328 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -633,21 +633,33 @@ EOF # kube play --wait=true, where we clear up the created containers, pods, and volumes when a kill or sigterm is triggered @test "podman kube play --wait with siginterrupt" { cname=c$(random_string 15) - fname="/tmp/play_kube_wait_$(random_string 6).yaml" - run_podman container create --name $cname $IMAGE top - run_podman kube generate -f $fname $cname - - # delete the container we generated from - run_podman rm -f $cname + fname="$PODMAN_TMPDIR/play_kube_wait_$(random_string 6).yaml" + echo " +apiVersion: v1 +kind: Pod +metadata: + labels: + app: test + name: test_pod +spec: + restartPolicy: Never + containers: + - name: server + image: $IMAGE + command: + - top +" > $fname # force a timeout to happen so that the kube play command is killed # and expect the timeout code 124 to happen so that we can clean up local t0=$SECONDS - PODMAN_TIMEOUT=15 run_podman 124 kube play --wait $fname + PODMAN_TIMEOUT=2 run_podman 124 kube play --wait $fname local t1=$SECONDS local delta_t=$((t1 - t0)) - assert $delta_t -le 20 \ - "podman kube play did not get killed within 10 seconds" + assert $delta_t -le 3 \ + "podman kube play did not get killed within 3 seconds" + # Make sure we actually got SIGTERM and podman printed its message. + assert "$output" =~ "Cleaning up containers, pods, and volumes" "kube play printed sigterm message" # there should be no containers running or created run_podman ps -aq @@ -656,7 +668,7 @@ EOF } @test "podman kube play --wait - wait for pod to exit" { - fname="/tmp/play_kube_wait_$(random_string 6).yaml" + fname="$PODMAN_TMPDIR/play_kube_wait_$(random_string 6).yaml" echo " apiVersion: v1 kind: Pod From 94ba2cf1a1c01762c8365efa633ee6c134673e37 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 17:51:59 +0200 Subject: [PATCH 5/9] test/system: speed up "podman run --timeout" There is really no point in waiting 10s for the kill, let's use 2 this should be good enough to observe the timing. Signed-off-by: Paul Holzinger --- test/system/030-run.bats | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 6da1a817a8..bb12bf6826 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -778,7 +778,7 @@ json-file | f @test "podman run --timeout - basic test" { cid=timeouttest t0=$SECONDS - run_podman 255 run --name $cid --timeout 10 $IMAGE sleep 60 + run_podman 255 run --name $cid --timeout 2 $IMAGE sleep 60 t1=$SECONDS # Confirm that container is stopped. Podman-remote unfortunately # cannot tell the difference between "stopped" and "exited", and @@ -790,8 +790,8 @@ json-file | f # This operation should take # exactly 10 seconds. Give it some leeway. delta_t=$(( $t1 - $t0 )) - assert "$delta_t" -gt 8 "podman stop: ran too quickly!" - assert "$delta_t" -le 14 "podman stop: took too long" + assert "$delta_t" -gt 1 "podman stop: ran too quickly!" + assert "$delta_t" -le 6 "podman stop: took too long" run_podman rm $cid } From 9e321aafda262184c4af3c39f8d0911c9540bf14 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 18:10:07 +0200 Subject: [PATCH 6/9] test/system: speed up exit-code propagation test IMO it is not important to cover each case with each sdnotify policy, to speed them up we run all the exit code cases only once just twice for each policy while switching the sdnotify policy between each case. This way we safe 50% of runs and should still have sufficient coverage. Before it took around 24 seconds, with this it is around 12 seconds now. Signed-off-by: Paul Holzinger --- test/system/260-sdnotify.bats | 48 +++++++++++++++++++++-------------- 1 file changed, 29 insertions(+), 19 deletions(-) diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 11629d2c7e..e86774ded8 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -466,31 +466,41 @@ none | true | false | 0 none | false | false | 0 " - # I am sorry, this is a long test as we need to test the upper matrix - # twice. The first run is using the default sdnotify policy of "ignore". + # In each iteration we switch between the sdnotify policy ignore and conmon. + # We could run them in a loop for each case but the test is slow so let's + # just switch between them as it should cover both policies sufficiently. + # Note because of this make sure to have at least two exit code cases directly + # after each other above so both polices will get at least once the error case. + # The first run is using the default sdnotify policy of "ignore". # In this case, the service container serves as the main PID of the service # to have a minimal resource footprint. The second run is using the # "conmon" sdnotify policy in which case Podman needs to serve as the main # PID to act as an sdnotify proxy; there Podman will wait for the service # container to exit and reflects its exit code. + sdnotify_policy=ignore while read exit_code_prop cmd1 cmd2 exit_code; do - for sdnotify_policy in ignore conmon; do - generate_exit_code_yaml $fname $cmd1 $cmd2 $sdnotify_policy - yaml_sha=$(sha256sum $fname) - service_container="${yaml_sha:0:12}-service" - podman_exit=$exit_code - if [[ $sdnotify_policy == "ignore" ]];then - podman_exit=0 - fi - run_podman $podman_exit kube play --service-exit-code-propagation="$exit_code_prop" --service-container $fname - # Make sure that there are no error logs (e.g., #19715) - assert "$output" !~ "error msg=" - run_podman container inspect --format '{{.KubeExitCodePropagation}}' $service_container - is "$output" "$exit_code_prop" "service container has the expected policy set in its annotations" - run_podman wait $service_container - is "$output" "$exit_code" "service container exit code (propagation: $exit_code_prop, policy: $service_policy, cmds: $cmd1 + $cmd2)" - run_podman kube down $fname - done + generate_exit_code_yaml $fname $cmd1 $cmd2 $sdnotify_policy + yaml_sha=$(sha256sum $fname) + service_container="${yaml_sha:0:12}-service" + podman_exit=$exit_code + if [[ $sdnotify_policy == "ignore" ]];then + podman_exit=0 + fi + run_podman $podman_exit kube play --service-exit-code-propagation="$exit_code_prop" --service-container $fname + # Make sure that there are no error logs (e.g., #19715) + assert "$output" !~ "error msg=" + run_podman container inspect --format '{{.KubeExitCodePropagation}}' $service_container + is "$output" "$exit_code_prop" "service container has the expected policy set in its annotations" + run_podman wait $service_container + is "$output" "$exit_code" "service container exit code (propagation: $exit_code_prop, policy: $sdnotify_policy, cmds: $cmd1 + $cmd2)" + run_podman kube down $fname + + # in each iteration switch between conmon/ignore policy to get coverage for both + if [[ $sdnotify_policy == "ignore" ]]; then + sdnotify_policy=conmon + else + sdnotify_policy=ignore + fi done < <(parse_table "$exit_tests") # A final smoke test to make sure bogus policies lead to an error From 42f43fb3a32e06b1b4abfc11e9d2e25531271447 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 18:23:25 +0200 Subject: [PATCH 7/9] test/system: speed up kube play healthcheck initialDelaySeconds Both tests take 10s longer than they need to because they run the sleep command int he container which does not react to sigterm, as such podman waits 10s before killing it with sigkill. To fix it just stop them with podman rm -fa -t0 to avoid the wait and do not use podman kube down as we cannot set a timeout there. podman kube down is still covered in many other tests so this is not an issue. Signed-off-by: Paul Holzinger --- test/system/700-play.bats | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/test/system/700-play.bats b/test/system/700-play.bats index e594f7d328..c36ed04b9b 100644 --- a/test/system/700-play.bats +++ b/test/system/700-play.bats @@ -893,8 +893,7 @@ spec: done assert $output == "2-healthy" "After 3 seconds" - run_podman kube down $fname - run_podman pod rm -a + run_podman pod rm -fa -t0 run_podman rm -a } @@ -946,8 +945,7 @@ spec: done assert $output == "2-unhealthy" "After 3 seconds" - run_podman kube down $fname - run_podman pod rm -a + run_podman pod rm -fa -t0 run_podman rm -a } From 15606148e59288107cf260f0cf885af2fc2cc035 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 18:37:18 +0200 Subject: [PATCH 8/9] test/system: speed up podman-kube@.service template The test does a normal stop on a command that does not react to sigterm. As I cannot fix the system stop logic use a command which does. This safes us 10s as it no longer waits for the timeout. Signed-off-by: Paul Holzinger --- test/system/250-systemd.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index bf4d4a5180..315c40b813 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -397,13 +397,13 @@ spec: - command: - sh - -c - - echo a stdout; echo a stderr 1>&2; sleep inf + - echo a stdout; echo a stderr 1>&2; trap 'exit' SIGTERM; while :; do sleep 0.1; done image: $IMAGE name: a - command: - sh - -c - - echo b stdout; echo b stderr 1>&2; sleep inf + - echo b stdout; echo b stderr 1>&2; trap 'exit' SIGTERM; while :; do sleep 0.1; done image: $IMAGE name: b EOF From 1093ebb72be3117c5312b702ea89ecfcab5d3452 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 27 May 2024 18:47:31 +0200 Subject: [PATCH 9/9] test/system: speed up podman generate systemd - envar This container did not react to sigterm thus we always waited 10s for it to stop. Also do not wait 2s for the logs instead use a retry loop. Signed-off-by: Paul Holzinger --- test/system/250-systemd.bats | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 315c40b813..832ee0d742 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -142,14 +142,16 @@ function service_cleanup() { @test "podman generate systemd - envar" { cname=$(random_string) FOO=value BAR=%s run_podman create --name $cname --env FOO -e BAR --env MYVAR=myval \ - $IMAGE sh -c 'printenv && sleep 100' + $IMAGE sh -c 'printenv && echo READY; trap 'exit' SIGTERM; while :; do sleep 0.1; done' # Start systemd service to run this container service_setup - # Give container time to start; make sure output looks top-like - sleep 2 - run_podman logs $cname + # Give container time to start and print output + # wait_for_ready returns directly if the logs matches and preserves $output + # for us so we do not have to call podman logs again here if we match the env below. + wait_for_ready $cname + is "$output" ".*FOO=value.*" "FOO environment variable set" is "$output" ".*BAR=%s.*" "BAR environment variable set" is "$output" ".*MYVAR=myval.*" "MYVAL environment variable set"