Add PID namespacing and e2e test
This commit is contained in:
parent
74dcee0936
commit
87188f04de
|
@ -581,6 +581,7 @@ func configureIsolation(cfg *lconfigs.Config, command *ExecCommand) error {
|
||||||
// launch with mount namespace
|
// launch with mount namespace
|
||||||
cfg.Namespaces = lconfigs.Namespaces{
|
cfg.Namespaces = lconfigs.Namespaces{
|
||||||
{Type: lconfigs.NEWNS},
|
{Type: lconfigs.NEWNS},
|
||||||
|
{Type: lconfigs.NEWPID},
|
||||||
}
|
}
|
||||||
|
|
||||||
if command.NetworkIsolation != nil {
|
if command.NetworkIsolation != nil {
|
||||||
|
|
|
@ -17,6 +17,7 @@ import (
|
||||||
_ "github.com/hashicorp/nomad/e2e/deployment"
|
_ "github.com/hashicorp/nomad/e2e/deployment"
|
||||||
_ "github.com/hashicorp/nomad/e2e/events"
|
_ "github.com/hashicorp/nomad/e2e/events"
|
||||||
_ "github.com/hashicorp/nomad/e2e/example"
|
_ "github.com/hashicorp/nomad/e2e/example"
|
||||||
|
_ "github.com/hashicorp/nomad/e2e/isolation"
|
||||||
_ "github.com/hashicorp/nomad/e2e/lifecycle"
|
_ "github.com/hashicorp/nomad/e2e/lifecycle"
|
||||||
_ "github.com/hashicorp/nomad/e2e/metrics"
|
_ "github.com/hashicorp/nomad/e2e/metrics"
|
||||||
_ "github.com/hashicorp/nomad/e2e/namespaces"
|
_ "github.com/hashicorp/nomad/e2e/namespaces"
|
||||||
|
|
38
e2e/isolation/input/echo_pid.nomad
Normal file
38
e2e/isolation/input/echo_pid.nomad
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
job "echo_pid" {
|
||||||
|
datacenters = ["dc1"]
|
||||||
|
type = "batch"
|
||||||
|
|
||||||
|
constraint {
|
||||||
|
attribute = "${attr.kernel.name}"
|
||||||
|
value = "linux"
|
||||||
|
}
|
||||||
|
|
||||||
|
group "echo_pid" {
|
||||||
|
task "echo_pid" {
|
||||||
|
driver = "exec"
|
||||||
|
|
||||||
|
config {
|
||||||
|
command = "bash"
|
||||||
|
args = [
|
||||||
|
"-c", "local/pid.sh"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
|
template {
|
||||||
|
data = <<EOF
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
echo my pid is $BASHPID
|
||||||
|
EOF
|
||||||
|
|
||||||
|
destination = "local/pid.sh"
|
||||||
|
perms = "777"
|
||||||
|
change_mode = "noop"
|
||||||
|
}
|
||||||
|
|
||||||
|
resources {
|
||||||
|
cpu = 100
|
||||||
|
memory = 64
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
67
e2e/isolation/isolation.go
Normal file
67
e2e/isolation/isolation.go
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
package isolation
|
||||||
|
|
||||||
|
import (
|
||||||
|
"fmt"
|
||||||
|
|
||||||
|
"github.com/hashicorp/nomad/e2e/e2eutil"
|
||||||
|
"github.com/hashicorp/nomad/e2e/framework"
|
||||||
|
"github.com/hashicorp/nomad/helper/uuid"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
type IsolationTest struct {
|
||||||
|
framework.TC
|
||||||
|
|
||||||
|
jobIDs []string
|
||||||
|
}
|
||||||
|
|
||||||
|
func init() {
|
||||||
|
framework.AddSuites(&framework.TestSuite{
|
||||||
|
Component: "Isolation",
|
||||||
|
CanRunLocal: true,
|
||||||
|
Cases: []framework.TestCase{
|
||||||
|
new(IsolationTest),
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func (tc *IsolationTest) BeforeAll(f *framework.F) {
|
||||||
|
t := f.T()
|
||||||
|
e2eutil.WaitForLeader(t, tc.Nomad())
|
||||||
|
e2eutil.WaitForNodesReady(t, tc.Nomad(), 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (tc *IsolationTest) AfterEach(f *framework.F) {
|
||||||
|
for _, jobID := range tc.jobIDs {
|
||||||
|
tc.Nomad().Jobs().Deregister(jobID, true, nil)
|
||||||
|
}
|
||||||
|
tc.jobIDs = []string{}
|
||||||
|
tc.Nomad().System().GarbageCollect()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (tc *IsolationTest) TestIsolation_ExecDriver_PIDNamespacing(f *framework.F) {
|
||||||
|
t := f.T()
|
||||||
|
|
||||||
|
clientNodes, err := e2eutil.ListLinuxClientNodes(tc.Nomad())
|
||||||
|
require.Nil(t, err)
|
||||||
|
|
||||||
|
if len(clientNodes) == 0 {
|
||||||
|
t.Skip("no Linux clients")
|
||||||
|
}
|
||||||
|
|
||||||
|
uuid := uuid.Generate()
|
||||||
|
jobID := "isolation-pid-namespace-" + uuid[0:8]
|
||||||
|
file := "isolation/input/echo_pid.nomad"
|
||||||
|
allocs := e2eutil.RegisterAndWaitForAllocs(t, tc.Nomad(), file, jobID, "")
|
||||||
|
require.Equal(t, len(allocs), 1, fmt.Sprintf("failed to register %s", jobID))
|
||||||
|
|
||||||
|
tc.jobIDs = append(tc.jobIDs, jobID)
|
||||||
|
|
||||||
|
allocID := allocs[0].ID
|
||||||
|
e2eutil.WaitForAllocStopped(t, tc.Nomad(), allocID)
|
||||||
|
|
||||||
|
out, err := e2eutil.AllocLogs(allocID, e2eutil.LogsStdOut)
|
||||||
|
require.NoError(t, err, fmt.Sprintf("could not get logs for alloc %s", allocID))
|
||||||
|
|
||||||
|
require.Contains(t, out, "my pid is 1\n")
|
||||||
|
}
|
Loading…
Reference in a new issue