From 7cd6743ef8cae2584b26d4d065d803ceba7acbc7 Mon Sep 17 00:00:00 2001 From: Lokesh Mandvekar Date: Thu, 26 Dec 2024 21:15:03 +0530 Subject: [PATCH] TMT: Initial enablement Fetch tests from upstream. Includes tests enabled for RHIVOS on c9s. Resolves: RHEL-69441 Signed-off-by: Lokesh Mandvekar --- .fmf/version | 1 + gating.yaml | 15 ++- plans/main.fmf | 40 +++++++ tests/tmt/podman/system-test.fmf | 15 +++ tests/tmt/podman/system-test.sh | 16 +++ tests/tmt/sanity/config.json | 180 +++++++++++++++++++++++++++++++ tests/tmt/sanity/main.fmf | 5 + tests/tmt/sanity/runtest.sh | 91 ++++++++++++++++ 8 files changed, 360 insertions(+), 3 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/main.fmf create mode 100644 tests/tmt/podman/system-test.fmf create mode 100644 tests/tmt/podman/system-test.sh create mode 100644 tests/tmt/sanity/config.json create mode 100644 tests/tmt/sanity/main.fmf create mode 100644 tests/tmt/sanity/runtest.sh diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/gating.yaml b/gating.yaml index d75f6c7..4efb29f 100644 --- a/gating.yaml +++ b/gating.yaml @@ -1,6 +1,15 @@ -# recipients: jnovy, lsm5, santiago --- !Policy product_versions: - - rhel-10 + - fedora-* +decision_context: + - bodhi_update_push_stable + - bodhi_update_push_testing +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - rhel-* decision_context: osci_compose_gate -rules: [] +rules: + - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional} diff --git a/plans/main.fmf b/plans/main.fmf new file mode 100644 index 0000000..d87b1f7 --- /dev/null +++ b/plans/main.fmf @@ -0,0 +1,40 @@ +discover: + how: fmf +execute: + how: tmt +adjust: + - when: initiator == packit + because: "We need to test with updated packages from rhcontainerbot/podman-next copr" + prepare+: + how: shell + script: | + sed -i -n '/^priority=/!p;$apriority=1' /etc/yum.repos.d/*podman-next*.repo + dnf -y upgrade --allowerasing + # FIXME: Use epel10 once bats is available there + - when: distro == centos-stream-10 or distro == rhel-10 + because: "bats isn't yet available on epel10" + prepare+: + how: install + copr: rhcontainerbot/bats-el10 + package: bats + - when: distro == centos-stream-9 or distro == rhel-9 + because: "bats is present on EPEL on rhel9 / c9s" + prepare+: + how: feature + epel: enabled + +/upstream: + summary: Run crun specific Podman system tests on upstream PRs + discover+: + filter: tag:upstream + adjust+: + - enabled: false + when: initiator is not defined or initiator != packit + +/downstream: + summary: Run crun specific Podman system tests on bodhi / errata and dist-git PRs + discover+: + filter: tag:downstream + adjust+: + - enabled: false + when: initiator == packit diff --git a/tests/tmt/podman/system-test.fmf b/tests/tmt/podman/system-test.fmf new file mode 100644 index 0000000..9beb3c9 --- /dev/null +++ b/tests/tmt/podman/system-test.fmf @@ -0,0 +1,15 @@ +require: + - bats + - conmon + - crun + - make + - podman-tests + +adjust: + duration: 10m + when: arch == aarch64 + +/system_test: + tag: [ upstream, downstream ] + summary: Run crun specific Podman tests + test: bash ./system-test.sh diff --git a/tests/tmt/podman/system-test.sh b/tests/tmt/podman/system-test.sh new file mode 100644 index 0000000..4d04562 --- /dev/null +++ b/tests/tmt/podman/system-test.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +set -exo pipefail + +if [[ "$(id -u)" -ne 0 ]];then + echo "Please run this script as superuser" + exit 1 +fi + +cat /etc/redhat-release +rpm -q conmon containers-common crun podman podman-tests + +# Run crun specific podman tests +bats -t /usr/share/podman/test/system/030-run.bats +bats -t /usr/share/podman/test/system/075-exec.bats +bats -t /usr/share/podman/test/system/280-update.bats diff --git a/tests/tmt/sanity/config.json b/tests/tmt/sanity/config.json new file mode 100644 index 0000000..3a1f225 --- /dev/null +++ b/tests/tmt/sanity/config.json @@ -0,0 +1,180 @@ +{ + "ociVersion": "1.0.0", + "process": { + "terminal": false, + "user": { + "uid": 0, + "gid": 0 + }, + "args": [ + "sleep", "10" + ], + "env": [ + "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm" + ], + "cwd": "/", + "capabilities": { + "bounding": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "effective": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "inheritable": [ + ], + "permitted": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ], + "ambient": [ + "CAP_AUDIT_WRITE", + "CAP_KILL", + "CAP_NET_BIND_SERVICE" + ] + }, + "rlimits": [ + { + "type": "RLIMIT_NOFILE", + "hard": 1024, + "soft": 1024 + } + ], + "noNewPrivileges": true + }, + "root": { + "path": "rootfs", + "readonly": true + }, + "hostname": "crun", + "mounts": [ + { + "destination": "/proc", + "type": "proc", + "source": "proc" + }, + { + "destination": "/dev", + "type": "tmpfs", + "source": "tmpfs", + "options": [ + "nosuid", + "strictatime", + "mode=755", + "size=65536k" + ] + }, + { + "destination": "/dev/pts", + "type": "devpts", + "source": "devpts", + "options": [ + "nosuid", + "noexec", + "newinstance", + "ptmxmode=0666", + "mode=0620", + "gid=5" + ] + }, + { + "destination": "/dev/shm", + "type": "tmpfs", + "source": "shm", + "options": [ + "nosuid", + "noexec", + "nodev", + "mode=1777", + "size=65536k" + ] + }, + { + "destination": "/dev/mqueue", + "type": "mqueue", + "source": "mqueue", + "options": [ + "nosuid", + "noexec", + "nodev" + ] + }, + { + "destination": "/sys", + "type": "sysfs", + "source": "sysfs", + "options": [ + "nosuid", + "noexec", + "nodev", + "ro" + ] + }, + { + "destination": "/sys/fs/cgroup", + "type": "cgroup", + "source": "cgroup", + "options": [ + "nosuid", + "noexec", + "nodev", + "relatime", + "ro" + ] + } + ], + "linux": { + "resources": { + "devices": [ + { + "allow": false, + "access": "rwm" + } + ] + }, + "namespaces": [ + { + "type": "pid" + }, + { + "type": "network" + }, + { + "type": "ipc" + }, + { + "type": "uts" + }, + { + "type": "cgroup" + }, + { + "type": "mount" + } + ], + "maskedPaths": [ + "/proc/acpi", + "/proc/asound", + "/proc/kcore", + "/proc/keys", + "/proc/latency_stats", + "/proc/timer_list", + "/proc/timer_stats", + "/proc/sched_debug", + "/sys/firmware", + "/proc/scsi" + ], + "readonlyPaths": [ + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger" + ] + } +} diff --git a/tests/tmt/sanity/main.fmf b/tests/tmt/sanity/main.fmf new file mode 100644 index 0000000..f430351 --- /dev/null +++ b/tests/tmt/sanity/main.fmf @@ -0,0 +1,5 @@ +require: [crun, podman] +summary: Sanity test for crun +tag: ['upstream', 'downstream'] +test: bash ./runtest.sh +duration: 10m diff --git a/tests/tmt/sanity/runtest.sh b/tests/tmt/sanity/runtest.sh new file mode 100644 index 0000000..d1d453c --- /dev/null +++ b/tests/tmt/sanity/runtest.sh @@ -0,0 +1,91 @@ +#!/usr/bin/env bash + +set -exo pipefail + +TEMPDIR=$(mktemp -d) +TESTIMG="quay.io/libpod/busybox" +CNAME="mycont-$RANDOM" + +cat /etc/redhat-release +uname -r +rpm -q crun criu + +crun --version +[ $? -ne 0 ] && exit 1 + +crun features +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +# create the top most bundle and rootfs directory +mkdir -p $TEMPDIR/rootfs + +# export busybox via podman into the rootfs directory +podman export $(podman create $TESTIMG) | tar -C $TEMPDIR/rootfs -xvf - +[ $? -ne 0 ] && exit 1 + +# use existing spec +cp ./config.json $TEMPDIR +ls $TEMPDIR +cd $TEMPDIR + +crun create $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun start $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +crun ps $CNAME +[ $? -ne 0 ] && exit 1 + +ret=$(crun exec $CNAME pwd) +[ $? -ne 0 ] || [ $ret != '/' ] && exit 1 + +crun pause $CNAME +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +crun resume $CNAME +[ $? -ne 0 ] && exit 1 + +crun state $CNAME +[ $? -ne 0 ] && exit 1 + +ret=$(crun exec $CNAME pwd) +[ $? -ne 0 ] || [ $ret != '/' ] && exit 1 + +crun delete --force $CNAME +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +crun run $CNAME & +[ $? -ne 0 ] && exit 1 + +crun list +[ $? -ne 0 ] && exit 1 + +# make sure the container is running state +sleep 2 + +ret=$(crun exec $CNAME echo 'ok') +[ $? -ne 0 ] || [ $ret != 'ok' ] && exit 1 + +crun kill $CNAME +[ $? -ne 0 ] && exit 1 + +exit 0