TMT: Initial enablement

Fetch tests from upstream. Includes tests enabled for RHIVOS on c9s.

Resolves: RHEL-69441

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>

.fmf/version

@@ -0,0 +1 @@
+1

gating.yaml

@@ -1,6 +1,15 @@
-# recipients: jnovy, lsm5, santiago
 --- !Policy
 product_versions:
-  - rhel-10
+  - fedora-*
+decision_context:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+
+--- !Policy
+product_versions:
+  - rhel-*
 decision_context: osci_compose_gate
-rules: []
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans/main.fmf

@@ -0,0 +1,40 @@
+discover:
+    how: fmf
+execute:
+    how: tmt
+adjust:
+    - when: initiator == packit
+      because: "We need to test with updated packages from rhcontainerbot/podman-next copr"
+      prepare+:
+        how: shell
+        script: |
+            sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo
+            dnf -y upgrade --allowerasing
+    # FIXME: Use epel10 once bats is available there
+    - when: distro == centos-stream-10 or distro == rhel-10
+      because: "bats isn't yet available on epel10"
+      prepare+:
+        how: install
+        copr: rhcontainerbot/bats-el10
+        package: bats
+    - when: distro == centos-stream-9 or distro == rhel-9
+      because: "bats is present on EPEL on rhel9 / c9s"
+      prepare+:
+        how: feature
+        epel: enabled
+
+/upstream:
+    summary: Run crun specific Podman system tests on upstream PRs
+    discover+:
+        filter: tag:upstream
+    adjust+:
+        - enabled: false
+          when: initiator is not defined or initiator != packit
+
+/downstream:
+    summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs
+    discover+:
+        filter: tag:downstream
+    adjust+:
+        - enabled: false
+          when: initiator == packit

tests/tmt/podman/system-test.fmf

@@ -0,0 +1,15 @@
+require:
+    - bats
+    - conmon
+    - crun
+    - make
+    - podman-tests
+
+adjust:
+    duration: 10m
+    when: arch == aarch64
+
+/system_test:
+    tag: [ upstream, downstream ]
+    summary: Run crun specific Podman tests
+    test: bash ./system-test.sh

tests/tmt/podman/system-test.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+if [[ "$(id -u)" -ne 0 ]];then
+    echo "Please run this script as superuser"
+    exit 1
+fi
+
+cat /etc/redhat-release
+rpm -q conmon containers-common crun podman podman-tests
+
+# Run crun specific podman tests
+bats -t /usr/share/podman/test/system/030-run.bats
+bats -t /usr/share/podman/test/system/075-exec.bats
+bats -t /usr/share/podman/test/system/280-update.bats

tests/tmt/sanity/config.json

@@ -0,0 +1,180 @@
+{
+	"ociVersion": "1.0.0",
+	"process": {
+		"terminal": false,
+		"user": {
+			"uid": 0,
+			"gid": 0
+		},
+		"args": [
+			"sleep", "10"
+		],
+		"env": [
+			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+			"TERM=xterm"
+		],
+		"cwd": "/",
+		"capabilities": {
+			"bounding": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"effective": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"inheritable": [
+			],
+			"permitted": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			],
+			"ambient": [
+				"CAP_AUDIT_WRITE",
+				"CAP_KILL",
+				"CAP_NET_BIND_SERVICE"
+			]
+		},
+		"rlimits": [
+			{
+				"type": "RLIMIT_NOFILE",
+				"hard": 1024,
+				"soft": 1024
+			}
+		],
+		"noNewPrivileges": true
+	},
+	"root": {
+		"path": "rootfs",
+		"readonly": true
+	},
+	"hostname": "crun",
+	"mounts": [
+		{
+			"destination": "/proc",
+			"type": "proc",
+			"source": "proc"
+		},
+		{
+			"destination": "/dev",
+			"type": "tmpfs",
+			"source": "tmpfs",
+			"options": [
+				"nosuid",
+				"strictatime",
+				"mode=755",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/pts",
+			"type": "devpts",
+			"source": "devpts",
+			"options": [
+				"nosuid",
+				"noexec",
+				"newinstance",
+				"ptmxmode=0666",
+				"mode=0620",
+				"gid=5"
+			]
+		},
+		{
+			"destination": "/dev/shm",
+			"type": "tmpfs",
+			"source": "shm",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"mode=1777",
+				"size=65536k"
+			]
+		},
+		{
+			"destination": "/dev/mqueue",
+			"type": "mqueue",
+			"source": "mqueue",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev"
+			]
+		},
+		{
+			"destination": "/sys",
+			"type": "sysfs",
+			"source": "sysfs",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"ro"
+			]
+		},
+		{
+			"destination": "/sys/fs/cgroup",
+			"type": "cgroup",
+			"source": "cgroup",
+			"options": [
+				"nosuid",
+				"noexec",
+				"nodev",
+				"relatime",
+				"ro"
+			]
+		}
+	],
+	"linux": {
+		"resources": {
+			"devices": [
+				{
+					"allow": false,
+					"access": "rwm"
+				}
+			]
+		},
+		"namespaces": [
+			{
+				"type": "pid"
+			},
+			{
+				"type": "network"
+			},
+			{
+				"type": "ipc"
+			},
+			{
+				"type": "uts"
+			},
+			{
+				"type": "cgroup"
+			},
+			{
+				"type": "mount"
+			}
+		],
+		"maskedPaths": [
+			"/proc/acpi",
+			"/proc/asound",
+			"/proc/kcore",
+			"/proc/keys",
+			"/proc/latency_stats",
+			"/proc/timer_list",
+			"/proc/timer_stats",
+			"/proc/sched_debug",
+			"/sys/firmware",
+			"/proc/scsi"
+		],
+		"readonlyPaths": [
+			"/proc/bus",
+			"/proc/fs",
+			"/proc/irq",
+			"/proc/sys",
+			"/proc/sysrq-trigger"
+		]
+	}
+}

tests/tmt/sanity/main.fmf

@@ -0,0 +1,5 @@
+require: [crun, podman]
+summary: Sanity test for crun
+tag: ['upstream', 'downstream']
+test: bash ./runtest.sh
+duration: 10m

tests/tmt/sanity/runtest.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+
+set -exo pipefail
+
+TEMPDIR=$(mktemp -d)
+TESTIMG="quay.io/libpod/busybox"
+CNAME="mycont-$RANDOM"
+
+cat /etc/redhat-release
+uname -r
+rpm -q crun criu
+
+crun --version
+[ $? -ne 0 ] && exit 1
+
+crun features
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+# create the top most bundle and rootfs directory
+mkdir -p $TEMPDIR/rootfs
+
+# export busybox via podman into the rootfs directory
+podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf -
+[ $? -ne 0 ] && exit 1
+
+# use existing spec
+cp ./config.json $TEMPDIR
+ls $TEMPDIR
+cd $TEMPDIR
+
+crun create $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun start $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun ps $CNAME
+[ $? -ne 0 ] && exit 1
+
+ret=$(crun exec $CNAME pwd)
+[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
+
+crun pause $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun resume $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun state $CNAME
+[ $? -ne 0 ] && exit 1
+
+ret=$(crun exec $CNAME pwd)
+[ $? -ne 0 ] || [ $ret != '/' ] && exit 1
+
+crun delete --force $CNAME
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+crun run $CNAME &
+[ $? -ne 0 ] && exit 1
+
+crun list
+[ $? -ne 0 ] && exit 1
+
+# make sure the container is running state
+sleep 2
+
+ret=$(crun exec $CNAME echo 'ok')
+[ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1
+
+crun kill $CNAME
+[ $? -ne 0 ] && exit 1
+
+exit 0