luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Add PID namespacing and e2e test

This commit is contained in:
Kris Hicks 2021-01-25 13:57:17 -08:00 committed by Chris Baker
parent 74dcee0936
commit 87188f04de
4 changed files with 107 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
drivers/shared/executor/executor_linux.go
View File

@ -581,6 +581,7 @@ func configureIsolation(cfg *lconfigs.Config, command *ExecCommand) error {
// launch with mount namespace // launch with mount namespace
cfg.Namespaces = lconfigs.Namespaces{ cfg.Namespaces = lconfigs.Namespaces{
{Type: lconfigs.NEWNS}, {Type: lconfigs.NEWNS},
{Type: lconfigs.NEWPID},
} }
if command.NetworkIsolation != nil { if command.NetworkIsolation != nil {

1
e2e/e2e_test.go
View File

@ -17,6 +17,7 @@ import (
_ "github.com/hashicorp/nomad/e2e/deployment" _ "github.com/hashicorp/nomad/e2e/deployment"
_ "github.com/hashicorp/nomad/e2e/events" _ "github.com/hashicorp/nomad/e2e/events"
_ "github.com/hashicorp/nomad/e2e/example" _ "github.com/hashicorp/nomad/e2e/example"
_ "github.com/hashicorp/nomad/e2e/isolation"
_ "github.com/hashicorp/nomad/e2e/lifecycle" _ "github.com/hashicorp/nomad/e2e/lifecycle"
_ "github.com/hashicorp/nomad/e2e/metrics" _ "github.com/hashicorp/nomad/e2e/metrics"
_ "github.com/hashicorp/nomad/e2e/namespaces" _ "github.com/hashicorp/nomad/e2e/namespaces"

38
e2e/isolation/input/echo_pid.nomad Normal file
View File

@ -0,0 +1,38 @@
job "echo_pid" {
datacenters = ["dc1"]
type = "batch"
constraint {
attribute = "${attr.kernel.name}"
value = "linux"
}
group "echo_pid" {
task "echo_pid" {
driver = "exec"
config {
command = "bash"
args = [
"-c", "local/pid.sh"
]
}
template {
data = <<EOF
#!/usr/bin/env bash
echo my pid is $BASHPID
EOF
destination = "local/pid.sh"
perms = "777"
change_mode = "noop"
}
resources {
cpu = 100
memory = 64
}
}
}
}

67
e2e/isolation/isolation.go Normal file
View File

@ -0,0 +1,67 @@
package isolation
import (
"fmt"
"github.com/hashicorp/nomad/e2e/e2eutil"
"github.com/hashicorp/nomad/e2e/framework"
"github.com/hashicorp/nomad/helper/uuid"
"github.com/stretchr/testify/require"
)
type IsolationTest struct {
framework.TC
jobIDs []string
}
func init() {
framework.AddSuites(&framework.TestSuite{
Component: "Isolation",
CanRunLocal: true,
Cases: []framework.TestCase{
new(IsolationTest),
},
})
}
func (tc *IsolationTest) BeforeAll(f *framework.F) {
t := f.T()
e2eutil.WaitForLeader(t, tc.Nomad())
e2eutil.WaitForNodesReady(t, tc.Nomad(), 1)
}
func (tc *IsolationTest) AfterEach(f *framework.F) {
for _, jobID := range tc.jobIDs {
tc.Nomad().Jobs().Deregister(jobID, true, nil)
}
tc.jobIDs = []string{}
tc.Nomad().System().GarbageCollect()
}
func (tc *IsolationTest) TestIsolation_ExecDriver_PIDNamespacing(f *framework.F) {
t := f.T()
clientNodes, err := e2eutil.ListLinuxClientNodes(tc.Nomad())
require.Nil(t, err)
if len(clientNodes) == 0 {
t.Skip("no Linux clients")
}
uuid := uuid.Generate()
jobID := "isolation-pid-namespace-" + uuid[0:8]
file := "isolation/input/echo_pid.nomad"
allocs := e2eutil.RegisterAndWaitForAllocs(t, tc.Nomad(), file, jobID, "")
require.Equal(t, len(allocs), 1, fmt.Sprintf("failed to register %s", jobID))
tc.jobIDs = append(tc.jobIDs, jobID)
allocID := allocs[0].ID
e2eutil.WaitForAllocStopped(t, tc.Nomad(), allocID)
out, err := e2eutil.AllocLogs(allocID, e2eutil.LogsStdOut)
require.NoError(t, err, fmt.Sprintf("could not get logs for alloc %s", allocID))
require.Contains(t, out, "my pid is 1\n")
}