opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-22 18:08:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18948 from edsantiago/getsafe_comment

Browse Source 
e2e: GetSafeIPAddress(): discourage its use
This commit is contained in:
OpenShift Merge Robot
2023-06-21 17:34:58 +02:00
committed by GitHub
parent 692c35f06d 26721b0a06
commit 5f9920ccf2
2 changed files with 29 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
test/e2e/checkpoint_test.go
View File

@ -21,9 +21,10 @@ import (
. "github.com/onsi/gomega/gexec" . "github.com/onsi/gomega/gexec"
) )
var netname string
func getRunString(input []string) []string { func getRunString(input []string) []string {
// CRIU does not work with seccomp correctly on RHEL7 : seccomp=unconfined runString := []string{"run", "-d", "--network", netname}
runString := []string{"run", "--security-opt", "seccomp=unconfined", "-d", "--ip", GetSafeIPAddress()}
return append(runString, input...) return append(runString, input...)
} }
@ -46,12 +47,18 @@ var _ = Describe("Podman checkpoint", func() {
if err := criu.CheckForCriu(criu.MinCriuVersion); err != nil { if err := criu.CheckForCriu(criu.MinCriuVersion); err != nil {
Skip(fmt.Sprintf("check CRIU version error: %v", err)) Skip(fmt.Sprintf("check CRIU version error: %v", err))
} }
// Only Fedora 29 and newer has a new enough selinux-policy and
// container-selinux package to support CRIU in correctly session := podmanTest.Podman([]string{"network", "create"})
// restoring threaded processes session.WaitWithDefaultTimeout()
hostInfo := podmanTest.Host Expect(session).Should(Exit(0))
if hostInfo.Distribution == "fedora" && hostInfo.Version < "29" { netname = session.OutputToString()
Skip("Checkpoint/Restore with SELinux only works on Fedora >= 29") })
AfterEach(func() {
if netname != "" {
session := podmanTest.Podman([]string{"network", "rm", "-f", netname})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
} }
}) })
@ -346,7 +353,8 @@ var _ = Describe("Podman checkpoint", func() {
Fail("Container failed to get ready") Fail("Container failed to get ready")
} }
IP := podmanTest.Podman([]string{"inspect", cid, "--format={{.NetworkSettings.IPAddress}}"}) // clunky format needed because CNI uses dashes in net names
IP := podmanTest.Podman([]string{"inspect", cid, fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").IPAddress}}", netname)})
IP.WaitWithDefaultTimeout() IP.WaitWithDefaultTimeout()
Expect(IP).Should(Exit(0)) Expect(IP).Should(Exit(0))
@ -438,13 +446,16 @@ var _ = Describe("Podman checkpoint", func() {
session.WaitWithDefaultTimeout() session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0)) Expect(session).Should(Exit(0))
IPBefore := podmanTest.Podman([]string{"inspect", "test_name", "--format={{.NetworkSettings.IPAddress}}"}) // clunky format needed because CNI uses dashes in net names
IPBefore := podmanTest.Podman([]string{"inspect", "test_name", fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").IPAddress}}", netname)})
IPBefore.WaitWithDefaultTimeout() IPBefore.WaitWithDefaultTimeout()
Expect(IPBefore).Should(Exit(0)) Expect(IPBefore).Should(Exit(0))
Expect(IPBefore.OutputToString()).To(MatchRegexp("^[0-9]+(\\.[0-9]+){3}$"))
MACBefore := podmanTest.Podman([]string{"inspect", "test_name", "--format={{.NetworkSettings.MacAddress}}"}) MACBefore := podmanTest.Podman([]string{"inspect", "test_name", fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").MacAddress}}", netname)})
MACBefore.WaitWithDefaultTimeout() MACBefore.WaitWithDefaultTimeout()
Expect(MACBefore).Should(Exit(0)) Expect(MACBefore).Should(Exit(0))
Expect(MACBefore.OutputToString()).To(MatchRegexp("^[0-9a-f]{2}(:[0-9a-f]{2}){5}$"))
result := podmanTest.Podman([]string{"container", "checkpoint", "test_name"}) result := podmanTest.Podman([]string{"container", "checkpoint", "test_name"})
result.WaitWithDefaultTimeout() result.WaitWithDefaultTimeout()
@ -456,19 +467,19 @@ var _ = Describe("Podman checkpoint", func() {
result = podmanTest.Podman([]string{"container", "restore", "test_name"}) result = podmanTest.Podman([]string{"container", "restore", "test_name"})
result.WaitWithDefaultTimeout() result.WaitWithDefaultTimeout()
IPAfter := podmanTest.Podman([]string{"inspect", "test_name", "--format={{.NetworkSettings.IPAddress}}"}) IPAfter := podmanTest.Podman([]string{"inspect", "test_name", fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").IPAddress}}", netname)})
IPAfter.WaitWithDefaultTimeout() IPAfter.WaitWithDefaultTimeout()
Expect(IPAfter).Should(Exit(0)) Expect(IPAfter).Should(Exit(0))
MACAfter := podmanTest.Podman([]string{"inspect", "test_name", "--format={{.NetworkSettings.MacAddress}}"}) MACAfter := podmanTest.Podman([]string{"inspect", "test_name", fmt.Sprintf("--format={{(index .NetworkSettings.Networks \"%s\").MacAddress}}", netname)})
MACAfter.WaitWithDefaultTimeout() MACAfter.WaitWithDefaultTimeout()
Expect(MACAfter).Should(Exit(0)) Expect(MACAfter).Should(Exit(0))
// Check that IP address did not change between checkpointing and restoring // Check that IP address did not change between checkpointing and restoring
Expect(IPBefore.OutputToString()).To(Equal(IPAfter.OutputToString())) Expect(IPAfter.OutputToString()).To(Equal(IPBefore.OutputToString()))
// Check that MAC address did not change between checkpointing and restoring // Check that MAC address did not change between checkpointing and restoring
Expect(MACBefore.OutputToString()).To(Equal(MACAfter.OutputToString())) Expect(MACAfter.OutputToString()).To(Equal(MACBefore.OutputToString()))
Expect(result).Should(Exit(0)) Expect(result).Should(Exit(0))
Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1))

3
test/e2e/common_test.go
View File

@ -497,6 +497,9 @@ func GetPortLock(port string) *lockfile.LockFile {
// one test calls us more than 25 times or if some other test runs more // one test calls us more than 25 times or if some other test runs more
// than ten networked containers at the same time as any test that // than ten networked containers at the same time as any test that
// relies on GetSafeIPAddress(). I'm finding it hard to care. // relies on GetSafeIPAddress(). I'm finding it hard to care.
//
// DO NOT USE THIS FUNCTION unless there is no possible alternative. In
// most cases you should use 'podman network create' + 'podman run --network'.
func GetSafeIPAddress() string { func GetSafeIPAddress() string {
safeIPOctets[1] += 10 safeIPOctets[1] += 10
return fmt.Sprintf("10.88.%d.%d", safeIPOctets[0], safeIPOctets[1]) return fmt.Sprintf("10.88.%d.%d", safeIPOctets[0], safeIPOctets[1])