running tests in a container#1957
Conversation
There was a problem hiding this comment.
Is this necessary? I think we mostly expect a tmpfs here. Were there problems with that?
There was a problem hiding this comment.
It's the same issue that /var/lib/containerd-test was having, the overlay tests attempt to mount to /tmp but fail to.
There was a problem hiding this comment.
Docker has a dind script that mounts cgroups and /tmp as tmpfs, I think we should run that as the entrypoint.
There was a problem hiding this comment.
Should the entry point be make test or make or go test ./...?
There was a problem hiding this comment.
Each of the "install x" blocks could be separate build stages. That should help with "optimize getting protobuf".
For the protobuf stage, I would personally make that a COPY script/install-protobuf /tmp/; RUN /tmp/install-protobuf and in that script have logic to use the binary release on amd64, and compile it from source otherwise. At least that way amd64 is faster.
The multi-stage build will help with caching on other platforms.
There was a problem hiding this comment.
I generally avoid this "git checkout of the source repo" in a Dockerfile. I think it's safe to assume that this Dockerfile will only be used with a build context of a containerd checkout, so it should use COPY . /go/src/github.com/containerd/containerd or a bind mount to get the source.
make binaries install can be done as part of the ENTRYPOINT or omitted entirely.
There was a problem hiding this comment.
I think this should use the pinned version from RUNC.md since that's what we document as being supported.
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
3 times, most recently
from
cb15839 to
018ad60
Compare
Codecov Report
@@ Coverage Diff @@
## master #1957 +/- ##
=======================================
Coverage 45.35% 45.35%
=======================================
Files 96 96
Lines 9453 9453
=======================================
Hits 4287 4287
Misses 4455 4455
Partials 711 711
Continue to review full report at Codecov.
|
|
@tophj-ibm whats the status on this one now that the tests are passing? |
|
I believe the 3 bullet points in the description are still relevant and need to be fixed. The tests aren't running using this image just yet, but we should be able to use it with #634 |
|
@crosbymichael bullet points are still relevant, while the non-root tests pass, I'm still having issues with the root-ones. I have a patch for downloading protobuf on amd64 only, |
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
2 times, most recently
from
f41c71d to
695b143
Compare
|
Fixed the first two. Anyone have any ideas on the last point? No matter what I try or how big a mount I give it, |
|
Are you enabling btrfs by default? |
|
I'm not doing anything special. Building containerd with or without it doesn't make a difference. Does the host docker mount and graphdriver need to be btrfs? |
|
It shouldn't. I guess we need to figureout where in the code that error is coming from. |
|
@tophj-ibm the problem with item 3 is discussed here: moby/moby#27886 If I add
|
|
Thanks for testing @estesp! I'll update those things I found the underlying issue ended up being I think I'm close to being done with this, running into a small issue now with running out of space because the parallel tests all create filesystems that aren't being cleaned up immediately but I have a few things I can do. |
There was a problem hiding this comment.
Maybe just ignore the remove error instead of skipping remove?
If someone uses a bind mount for this directory, or runs a shell and does multiple test runs in the same container, they'll still want the files inside the directory cleaned up (even if the directory itself can't be removed).
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
3 times, most recently
from
ecf6bd7 to
5f40539
Compare
|
Got all the tests to pass, feel free to review! |
tophj-ibm
changed the title
There was a problem hiding this comment.
I can leave a code comment here if you want, but this was the minimum size I could get btrfs to work in a container on ppc64le. I tested with s390x and it worked with an even smaller value. I don't have the right hardware to test this with arm*
There was a problem hiding this comment.
Why the required size significantly differs across architectures?
Is there ppc-specific bug in our code or in kernel?
There was a problem hiding this comment.
I couldn't find any information / bugs reported on this, but it's definitely a kernel issue and not a containerd one because I can replicate this anywhere.
There was a problem hiding this comment.
Could you open a github issue?
There was a problem hiding this comment.
Please fix this for systems that work under this size. This is way too big to be allocating on small hosts.
dnephin
left a comment
dnephin
left a comment
There was a problem hiding this comment.
We could use some of the new install scripts in CI, but I guess that could be a follow up as well.
There was a problem hiding this comment.
There's a line in .travis.yml which installs runc, it should probably be replaced with ./script/setup/install-runc
There was a problem hiding this comment.
Remove -x by default? could be enabled with $DEBUG, but I'm not sure if it's necessary.
There was a problem hiding this comment.
There are a few lines in .travis.yml that could be replaced by ./script/setup/install-protobuf
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
4 times, most recently
from
a7b3998 to
8088eb1
Compare
There was a problem hiding this comment.
Let's create the root within the volume and remove this code
There was a problem hiding this comment.
I think we can just remove this code anyway, we don't need to change the path.
There's no reason to os.Exit(1) if the RemoveAll fails, just ignore the error in all cases. We already do that in dozens of places in the test suite.
There was a problem hiding this comment.
s/Dockerfile/Dockerfile.test/ , as this Dockerfile is not suitable for other purposes
There was a problem hiding this comment.
In a follow up we could add another stage which runs script/setup/install-dev-tools. That would make this Dockerfile usable for just about every project task. Then do you think we could keep it Dockerfile or Dockerfile.dev ?
There was a problem hiding this comment.
I would rather expect (the last stage of) Dockerfile to have minimum dependencies.
Probably Dockerfile should be as follows
FROM golang:x.y.z AS proto3
...
FROM golang:x.y.z AS runc
...
# `docker build` with `--target test` for testing
FROM golang:x.y.z AS test
...
# should be added in follow-up PR
FROM test AS test-extra
COPY script/setup/install-dev-tools .
RUN install-dev-tools
...
# the last stage has minimum dependency.
# this stage needs to be the last so that Docker Hub can build automatically.
FROM golang:x.y.z.-alpine
RUN apt --no-cache add some-minimum-deps
# no `COPY .` here
...
|
Off-topic: I think we should register |
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
2 times, most recently
from
8696987 to
3a9f45b
Compare
There was a problem hiding this comment.
@AkihiroSuda what do you think about this?
There was a problem hiding this comment.
Generally vendor.conf != RUNC.md, but I think it is ok to call it a day
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
from
3a9f45b to
fbb36f8
Compare
|
What's the status of this PR? It seems like it creates a bunch of dependencies on docker, which seems pretty backwards for the goals of this project. I really don't want to bring the testing experience of moby/moby to this project. If we want to self-host test inside of a container for containerd, that is great, but we need to have a plan that doesn't create a dependency on docker. |
|
I don't think this was proposed to be a replacement for any of the development processes we are following today in containerd. We've said multiple times (in now closed issues) if someone wants to contribute a To me this is simply a convenience offering for those who want to leave their system unmodified and yet do development and test related activities with containerd in an isolated container. That was kind of one of the promises of that Docker thing. :) |
|
@stevvooe I see your concerns and I think @estesp had a good suggestion, what do you think about I created this PR to make it easy to run containerd, and more specifically for me, all the tests, in a container. The dockerfile and subsequent scripts solves issues that I ran into while building and testing, including making sure specific directories such as As for the state of this PR: all the tests pass, feel free to try it yourself. I am tracking down a probable bug with btrfs-progs where |
There is no dependency on docker. The Dockerfile can be added as a convenience for contributors, but there is no requirement to use it. I will replace my adhoc Dockerfile with this one if it merges. I sure there are other contributors who will benefit.
No one does. There are thousands of projects that use Docker as a development tool, many of which have much better dev/testing experiences than the moby/moby project.
This sounds like a lot more work to develop and maintain. We already have a tool for this. |
|
Fair enough. Place these in contrib/ and let’s keep them out of the Makefile. This process needs to be updated in the building.md file so people know how to use it. |
There was a problem hiding this comment.
This changes the behavior of testmain.
There was a problem hiding this comment.
We had some discussion about this previously in this PR. I suggested that there shouldn't be any reason to exit(1) here. Am I mistaken? What's the reason for an Exit(1) if the remove fails?
There was a problem hiding this comment.
Ok, can we fix in another PR? This is an area where we previously exited but do not now. I have no clue why this is the way it is, so let's see if we can figure that out.
There was a problem hiding this comment.
I've removed it for the time being. It does cause the integration tests to fail at the end, but it's pretty obvious it fails because of a umount. Still, should investigate further
There was a problem hiding this comment.
This is confusing to have all these mentions of docker but actually this is containerd in docker. Is this script still necessary? You might be able to get it running with just privileged and a few bind mounts.
There was a problem hiding this comment.
Looks like arm and windows have binary releases, as well.
There was a problem hiding this comment.
Does this need to be built with seccomp and apparmor enabled?
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
3 times, most recently
from
3418316 to
6eb50fd
Compare
There was a problem hiding this comment.
I'm not 100% sure on this one, does 64-bit windows run win32 binaries? EDIT: looks like it
There was a problem hiding this comment.
Does this match what is in RUNC.md?
There was a problem hiding this comment.
Generally no. I think we should replace RUNC.md with TOML/YAML that is readable for both machine and human. (Can be done in a separate PR)
There was a problem hiding this comment.
Well, it does match as long as PR changes are changing both locations. So far that is the case, but if we are worried about manual sync, then @AkihiroSuda might have a good idea to make a runc commit hash definition parseable. Of course, I assume we hope this goes away at some point as stable released runc will be viable for (hopefully) all releases of containerd.
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
from
6eb50fd to
b9ae074
Compare
This provides a dockerfile for building a container to run the containerd tests Signed-off-by: Christopher Jones <[email protected]>
Cleans up loop devices if part of the test or mount process fails. Also increases btrfs default file size to 650MB to accommodate minimum btrfs size on ppc64le and s390x Signed-off-by: Christopher Jones <[email protected]>
Signed-off-by: Christopher Jones <[email protected]>
tophj-ibm
force-pushed
the
check-for-mounts-tests
branch
from
b9ae074 to
f65cdc1
Compare
|
LGTM |
Why was this merged without an update to building.md? |
7 participants
This provides a dockerfile for building an image to run the containerd tests.
Signed-off-by: Christopher Jones [email protected]
few WIP issues:
make integrationfails at the end because it tries to unmount the test dir which is a mounted volmake root-testfailsbecause it runs of out of loop devices, this isbecause previous tests devices are erroring out and not being freed because of :