package e2e tests in rpm #22395
package e2e tests in rpm #22395
Conversation
openshift-ci
bot
added
the
do-not-merge/release-note-label-needed
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
approved
|
Ephemeral COPR build failed. @containers/packit-build please check. |
1 similar comment
|
Ephemeral COPR build failed. @containers/packit-build please check. |
| // Verify that id is correct | ||
| inspect := podmanTest.Podman([]string{"inspect", string(id)}) | ||
| inspect.WaitWithDefaultTimeout() | ||
| data := inspect.InspectImageJSON() | ||
| Expect("sha256:" + data[0].ID).To(Equal(string(id))) |
There was a problem hiding this comment.
Judgment call: I see no reason to test this
| podmanTest.StopRemoteService() | ||
| podmanTest.StartRemoteService() |
There was a problem hiding this comment.
Judgment call: I have no idea why this was necessary, and I deem it pointless. Nuked.
| podmanTest.StopRemoteService() | ||
| podmanTest.StartRemoteService() | ||
| } else { | ||
| Skip("Only valid at remote test") |
There was a problem hiding this comment.
Judgment call: I see no reason to test this only in remote.
| cwd, _ := os.Getwd() | ||
| INTEGRATION_ROOT = filepath.Join(cwd, "../../") |
There was a problem hiding this comment.
Any reason not to nuke this now-empty function?
There was a problem hiding this comment.
no good to remove, and thanks to ab29ff2 it only needs to happen in one place.
| @@ -1424,10 +1416,6 @@ func CopyDirectory(srcDir, dest string) error { | |||
| } | |||
| } | |||
|
|
|||
| if err := os.Lchown(destPath, int(stat.Uid), int(stat.Gid)); err != nil { | |||
There was a problem hiding this comment.
Doesn't work rootless. I suspect this was a copy-pasteism.
| @@ -48,11 +48,10 @@ var _ = Describe("Podman login and logout", func() { | |||
|
|
|||
| testImg = strings.Join([]string{server, "test-alpine"}, "/") | |||
|
|
|||
| certDirPath = filepath.Join(os.Getenv("HOME"), ".config/containers/certs.d", server) | |||
There was a problem hiding this comment.
Yuk. Let's try not to do this.
| @@ -61,7 +60,7 @@ var _ = Describe("Podman login and logout", func() { | |||
| "-e", strings.Join([]string{"REGISTRY_HTTP_ADDR=0.0.0.0", strconv.Itoa(port)}, ":"), "--name", "registry", "-v", | |||
| strings.Join([]string{authPath, "/auth:Z"}, ":"), "-e", "REGISTRY_AUTH=htpasswd", "-e", | |||
| "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm", "-e", "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd", | |||
| "-v", strings.Join([]string{certPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt", | |||
| "-v", strings.Join([]string{certDirPath, "/certs:Z"}, ":"), "-e", "REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt", | |||
There was a problem hiding this comment.
For ease of review: this was an oops. certPath is in cwd, which in rpm is /usr/share/podman/tests/e2e, which is not writable by rootless and cannot be relabeled. The intention here was obviously to volume mount the copy, it just sort of never happened that way and nobody ever noticed.
test/e2e/play_kube_test.go
Outdated
| @@ -4093,7 +4093,7 @@ o: {{ .Options.o }}`}) | |||
| It("persistentVolumeClaim with source", func() { | |||
| fileName := "data" | |||
| expectedFileContent := "Test" | |||
| tarFilePath := filepath.Join(os.TempDir(), "podmanVolumeSource.tgz") | |||
| tarFilePath := filepath.Join(podmanTest.TempDir, "podmanVolumeSource.tgz") | |||
There was a problem hiding this comment.
Yuk. This was creating a file in $TMPDIR and never cleaning it up. Not just littering: this prevented running rootless after running as root.
| @@ -625,7 +625,7 @@ VOLUME /test/`, ALPINE) | |||
|
|
|||
| session = podmanTest.Podman([]string{"run", "--rm", "-v", ".:/app:O", ALPINE, "ls", "/app"}) | |||
| session.WaitWithDefaultTimeout() | |||
| Expect(session.OutputToString()).To(ContainSubstring(filepath.Base(CurrentSpecReport().FileName()))) | |||
| Expect(session.OutputToString()).To(ContainSubstring(" quadlet ")) | |||
There was a problem hiding this comment.
rpm package includes a compiled ginkgo binary, but no source files. I could or(source or binary), but this seems good enough.
|
Blue-robot failures look real: ...but it's not something I'm going to look into today. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
edsantiago
force-pushed
the
package-e2e
branch
2 times, most recently
from
d3b9c75 to
9d25e9e
Compare
test/e2e/common_test.go
Outdated
| cwd, _ := os.Getwd() | ||
| INTEGRATION_ROOT = filepath.Join(cwd, "../../") |
There was a problem hiding this comment.
This is breaking parallel runs, if you touch these things you should be familiar with how the parallel ginkgo nodes work.
The first function is only run on node 1 while the second one is run on all nodes, so yes this duplication is indeed required here.
One example 5eb99a0
| cwd, _ := os.Getwd() | ||
| INTEGRATION_ROOT = filepath.Join(cwd, "../../") |
There was a problem hiding this comment.
no good to remove, and thanks to ab29ff2 it only needs to happen in one place.
| INTEGRATION_ROOT = os.Getenv("PODMAN_INTEGRATION_ROOT") | ||
| if INTEGRATION_ROOT == "" { | ||
| cwd, _ := os.Getwd() | ||
| INTEGRATION_ROOT = filepath.Join(cwd, "../") | ||
| } |
There was a problem hiding this comment.
this should be set once per node in the second function of SynchronizedBeforeSuite() instead of doing the same logic for every single test
There was a problem hiding this comment.
I totally agree, except, shouldn't that apply to all the settings here in this block also? It's not likely that $PODMAN_REMOTE_BINARY, QUADLET, OCI_RUNTIME, etc will change? May I leave that for a future cleanup?
There was a problem hiding this comment.
I think it is better to leave this for a future cleanup
There was a problem hiding this comment.
Why do we have to distribute these e2e test pre-compiled, I have strong concerns that this will just end up a big maintenance headache. Why exactly must this be an rpm? What is preventing them from checking out the source and using the make target to run the tests?
| # The compiled set of ginkgo tests, and a helper script | ||
| install -d -p %{buildroot}/%{_datadir}/%{name}/test/e2e | ||
| cp test/e2e/e2e.test hack/podman-registry %{buildroot}/%{_datadir}/%{name}/test/e2e | ||
|
|
||
| # Files and subdirectories used by those tests | ||
| for testfiles in certs deny.json policy.json redhat_sigstore.yaml registries.conf; do | ||
| cp -pav test/$testfiles %{buildroot}/%{_datadir}/%{name}/test/e2e/ | ||
| done | ||
| for subdir in build cdi config quadlet sign testdata; do | ||
| cp -pav test/e2e/$subdir %{buildroot}/%{_datadir}/%{name}/test/e2e/ | ||
| done |
There was a problem hiding this comment.
All these spec changes look rather unmaintainable to me. Adding a new file dependencies in different locations will break this easily, sure it shouldn't happen often but there is no way to guarantee that it keeps working.
| # Needed for podman-registry script | ||
| export PATH=\$PATH:\$PODMAN_INTEGRATION_ROOT | ||
|
|
||
| exec ./e2e.test --ginkgo.trace --ginkgo.v "\$@" |
There was a problem hiding this comment.
without proper build tags this has low changes of success, or maybe these need to bet set at compile time already?
There was a problem hiding this comment.
The build tags are set at compile time; I've just pushed a change that should take care of that. I did not understand that yesterday.
MAke sure you are using the proper build tags, devmapper should not be used. |
|
Why package these? That's the big question. I'm not completely sold on it; I just want to see if it can be done. And if it can, offer it to the FuSa people and see if they find it useful. I do believe there is value in test packages that track released packages. For instance, two years from now someone is tracking down a failure in 5.2, installs test rpm on latest Fedora, it fails, that could point to a different component (something else got upgraded, maybe systemd or kernel). With an rpm-maintained test suite, it can be easier to bisect the responsible component. I'm a big fan of bundling tests with builds. What I really hate is bundling a binary without sources. Yuk. That makes it much harder, probably impossible, for a future maintainer to instrument failing tests. I don't see this as a fixable problem, because Go compilers change so frequently and beyond our control. Thank you for your feedback! |
Fair but I guess this is where my disconnect is, for me as upstream developer I can just as well checkout v5.2 branch/tag and run the suite that way. |
edsantiago
force-pushed
the
package-e2e
branch
3 times, most recently
from
2489f41 to
184e201
Compare
|
rpm-build jobs succeeded. I chased the rabbit down to a page with .repo files, set up the rawhide repo on a VM, and ran: # dnf install podman-tests podman-remote slirp4netns
...
# /usr/share/podman/test/e2e/run-tests &> /var/tmp/e2e-tests.root.01.log
# echo $?
0 <---- yay! |
|
Rootless: # loginctl enable-linger fedora
# su - fedora
$ /usr/share/podman/test/e2e/run-tests &> /var/tmp/e2e-tests.rootless.01.log
$ echo $?
1
...failed the expected three tests, which I choose not to bother with right now:
Summarizing 3 Failures:
[FAIL] podman system connection sshd and API services required [It] add ssh:// socket path using connection heuristic
/builddir/build/BUILD/podman-5.1.0-dev/test/e2e/system_connection_test.go:350
[FAIL] Podman run with --cgroup-parent [It] no --cgroup-parent
/builddir/build/BUILD/podman-5.1.0-dev/test/e2e/run_cgroup_parent_test.go:45
[FAIL] Podman systemd [It] podman run container with systemd PID1
/builddir/build/BUILD/podman-5.1.0-dev/test/e2e/systemd_test.go:115 |
| # The executables we're testing are the ones delivered in RPM | ||
| export PODMAN_BINARY=%{_bindir}/%{name} | ||
| export PODMAN_REMOTE_BINARY=%{_bindir}/%{name}-remote | ||
| export QUADLET_BINARY=%{_libexecdir}/%{name}/quadlet |
There was a problem hiding this comment.
Do we consider the parameters that related with different releases? Just like the runtime(runc/crun) in different releases? In our rpm testing we also setup NETWORK_BACKEND and OCI_RUNTIME for it.
There was a problem hiding this comment.
Those envariables are evaluated at runtime, so yes, they should work as expected.
|
This is very helpful for user to run e2e related tests without setup a compile env especially for some env that leak of related packages and resources. But if we want to make sure all tests are passed, there still lots of work to do. |
edsantiago
force-pushed
the
package-e2e
branch
2 times, most recently
from
fbb7760 to
445ed42
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@containers/podman-maintainers I think this is ready [EDIT: this is impossible to review in toto. Please be sure to review commit-by-commit] |
Purpose: allow other parties (specifically, FuSa team) to run them. Exercise turned out to be much more complicated than expected, so I've broken it into three parts. Part 1: refactor INTEGRATION_ROOT - allow it to be obtained from environment variable. - remove triplicate definition - redefine it to point one directory level below where it was. This allows cleaning up every instance where it was used, removing a now-unnecessary "test" directory. Purpose of this cleanup is allowing e2e tests to be run from outside the git source tree. The next two commits will move closer toward that goal. Signed-off-by: Ed Santiago <[email protected]>
Part 2: specfile work:
- add tests/e2e to existing podman-tests package
- build a static ginkgo test binary
- copy files needed by tests (registries, certs, build dirs)
- create a run-tests script, because otherwise it'd be
impossible for humans to figure out
- fix tests that were assuming github source tree layout
This commit allows e2e tests to pass as root.
Signed-off-by: Ed Santiago <[email protected]>
Part 3: get tests passing. Mostly by fixing tests that assume
that cwd is writable. I, um, have taken some liberties in
fixing a couple of broken tests.
Not all tests pass rootless. In particular, these three still fail:
Podman run with --cgroup-parent [It] no --cgroup-parent
Podman systemd [It] podman run container with systemd PID1
-- both with cgroup errors
podman system connection sshd and API services required [It] add ssh:// socket path using connection heuristic
-- assumes too much about rootless user's ssh setup
I call this good enough.
Signed-off-by: Ed Santiago <[email protected]>
|
Hearing no demand for this... |
stale-locking-app
bot
added
the
locked - please file new issue/PR
Allow other parties to run e2e tests against an rpm-installed podman.
Much trickier than I'd predicted. Split into three commits. Please review those separately for your sanity.
Judgment call: I'm shoehorning these into the existing
podman-testsrpm which until now has only had system tests. If there's any objection, or any strong argument for breaking out yet another new subpackage, please speak now.