open-nomad/drivers/docker/fingerprint_test.go
Seth Hoenig 68894bdc62
docker: disable driver when running as non-root on cgroups v2 hosts (#16063)
* docker: disable driver when running as non-root on cgroups v2 hosts

This PR modifies the docker driver to behave like exec when being run
as a non-root user on a host machine with cgroups v2 enabled. Because
of how cpu resources are managed by the Nomad client, the nomad agent
must be run as root to manage docker-created cgroups.

* cl: update cl
2023-02-06 14:09:19 -06:00

48 lines
1.3 KiB
Go

package docker
import (
"context"
"testing"
"github.com/hashicorp/nomad/ci"
"github.com/hashicorp/nomad/client/testutil"
"github.com/hashicorp/nomad/helper/testlog"
"github.com/hashicorp/nomad/plugins/drivers"
"github.com/shoenig/test/must"
)
// TestDockerDriver_FingerprintHealth asserts that docker reports healthy
// whenever Docker is supported.
//
// In Linux CI and AppVeyor Windows environment, it should be enabled.
func TestDockerDriver_FingerprintHealth(t *testing.T) {
ci.Parallel(t)
testutil.DockerCompatible(t)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
d := NewDockerDriver(ctx, testlog.HCLogger(t)).(*Driver)
fp := d.buildFingerprint()
must.Eq(t, drivers.HealthStateHealthy, fp.Health)
}
// TestDockerDriver_NonRoot_CGV2 tests that the docker drivers is not enabled
// when running as a non-root user on a machine with a v2 cgroups controller.
func TestDockerDriver_NonRoot_CGV2(t *testing.T) {
ci.Parallel(t)
testutil.DockerCompatible(t)
testutil.CgroupsCompatibleV2(t)
testutil.RequireNonRoot(t)
ctx, cancel := context.WithCancel(context.Background())
defer cancel()
d := NewDockerDriver(ctx, testlog.HCLogger(t)).(*Driver)
fp := d.buildFingerprint()
must.Eq(t, drivers.HealthStateUndetected, fp.Health)
must.Eq(t, drivers.DriverRequiresRootMessage, fp.HealthDescription)
}