One of the combinations (SYSTEMD_NSPAWN_USE_CGNS=yes -U --private-network) does not work for me here, so I added a patch to skip that test. After all outstanding pull requests go in, it should be fixed and we can enable it again.

I also reworked the code a bit to make it easier understand what failed, when something fails.

In my testing of your original patch, not all logs ended up in the journal. At some point the output from the script was cut off. Maybe it's a bug, but it's not central to the problem at hand.

OK, so you don't like my changes. Can you repush with just my documentation patch, and incorporate the missing return fix into your patch?

... and maybe also the last patch which disables the failing test. It'll probably look different, but I think we need something like this to have the CI pass.

the last patch which disables the failing test.

I think we should disable those cases: #4352

At some point the output from the script was cut off

This looks like #2913
And, indeed, sleep at the end of the script fixes this (sometimes :-))

Can you repush with just my documentation patch, and incorporate the missing return fix into your patch?

OK. I guess we should add strace and nc to the documentation too

#2913 is different — I was not seeing the messages at all. But it's possible I messed something up. I'll retest when you push a new version...

I was not seeing the messages at all

Oh, looks like #1812 (comment)

I don't know why but it doesn't work for me. I always lose the output of the testsuite.service.

Maybe, again

@keszybz , updated

I've tested on:

• Fedora 24 (4.7.6-200.fc24.x86_64)
• Fedora 24 (vanilla 4.8)
• Ubuntu Xenial (4.4.0-43-generic)
• Ubuntu Yaketty (4.8.0-22-generic)

F: Failed to install ./has-overflow
autopkgtest [04:58:13]: test upstream: -----------------------]
autopkgtest [04:58:14]: test upstream:  - - - - - - - - - - results - - - - - - - - - -
upstream             FAIL non-zero exit status 1

@martinpitt ,
https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/tests/upstream#n23

        if ! (cd $t; TEST_BASE_DIR=../ INITRD=/initrd.img ./test.sh --$op); then

Why not

       if ! (cd $t; make $op INITRD=/initrd.img); then

?

Why not

  if ! (cd $t; make $op INITRD=/initrd.img); then

?

And we don't need INITRD=/initrd.img
See 61fea35

Patch: https://gist.githubusercontent.com/evverx/9a7de60edfc0049345b8da09235e9c2e/raw/fb99b101d4ac7a9173f65681a809011489d6a05e/0001-debian-tests-upstream-run-make-instead-of-the-.-test.patch

Why not make

Because this should work on an unbuilt tree as well (for testing distro packages), and then there simply is no Makefile. Does this get in the way somehow?

we don't need INITRD=/initrd.img

Thanks! Pushed: https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=068efe4aac

Because this should work on an unbuilt tree as well (for testing distro packages)

Oh, indeed, thanks! So, I can

• install gcc on the testbed via tests/control
• run gcc inside the test.sh

Is it OK?

F: Failed to install ./has-overflow

I don't see a rule in test/TEST-13-NSPAWN-SMOKE/Makefile (or anywhere else) to actually build that? Or does that magically happen through some implicit rules?

I guess that's why you asked about running this through make. If the tree is not built, we could run a minimal ./configure and install the extra build deps. The approach until now was to actually build these helper binaries as part of the normal package build, and ship them in the development package; but if we can restrict the build to just these helper binaries without having to build systemd completely all over again (which takes too much time), I'm open to the above as well.

If the tree is not built, we could run a minimal ./configure

Actually not -- test/*/Makefile runs make -C ../.. all, i. e. it first builds the entire systemd tree. This will add an extra 20 mins or so to every downstream test which is too expensive. However, with the seddery in debian/tests/upstream these make all rules are not actually required at all -- so we could just drop them. This is a good idea anyway IMHO -- you really don't want to run the entire build as root if you don't have a built tree already. WDYT?

I committed https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=f142ef34c for now, as this is conceptually cleaner than replicating the logic from the Makefile, and if you agree, we can remove the make all in upstream master and drop that "FIXME" again.

I can run gcc inside the test.sh

Yes, that's fine too.

I'll restart the failed tests, as with running this through make this actually ought to work now?

Also, please let me know if/where you want/need tests on Ubuntu 16.10 (I can only start them manually for now, if we want to do this permanently we need to ask @zonque to reconfigure the web hooks).

I also started an amd64 test on 16.10, as you requested in the description.

we can remove the make all in upstream master and drop that "FIXME" again.

I think we don't need @make -s --no-print-directory -C ../.. all. But I don't really know how do people run our tests :-)

I'll restart the failed tests, as with running this through make this actually ought to work now?

Yes (if make and gcc installed on the testbed)

I also started an amd64 test on 16.10

Thanks!
This test doesn't fail on Yaketty. I've added an expected failure check: https://github.com/systemd/systemd/pull/4378/files#diff-16c7d2b78656b2bcbee324db72cd948fR97

#4378 (comment)

... and maybe also the last patch which disables the failing test. It'll probably look different, but I think we need something like this to have the CI pass.

Updated the PR description.

Also, please let me know if/where you want/need tests on Ubuntu 16.10

I believe we need tests on Ubuntu 16.10 (Ubuntu 16.04 and CentOS 7 don't support the unified cgroup hierarchy for example, so, we don't really touch the "unified" hierarchy code paths)

@martinpitt ,

TEST CLEANUP: systemd-nspawn smoke test
cc -O0    has-overflow.c   -o has-overflow
make: cc: Command not found

Can we add gcc to the https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/tree/debian/tests/control#n86 ?

Actually, the has-overflow is the workaround for #4352 (I can remove gcc and has-overflow later)

But I think we should merge this test "as is". This helps to detect other regressions (for example, see #4395, #4372)

Test deps added (https://anonscm.debian.org/cgit/pkg-systemd/systemd.git/commit/?id=5fc1668) and tests restarted.

• xenial-i386

========== TEST-13-NSPAWN-SMOKE ==========
make: Entering directory '/tmp/autopkgtest.lfYvPR/build.SnX/systemd-debian/test/TEST-13-NSPAWN-SMOKE'
TEST CLEANUP: systemd-nspawn smoke test
cc -O0    has-overflow.c   -o has-overflow
<builtin>: recipe for target 'has-overflow' failed
make: Leaving directory '/tmp/autopkgtest.lfYvPR/build.SnX/systemd-debian/test/TEST-13-NSPAWN-SMOKE'
make: cc: Command not found
make: *** [has-overflow] Error 127
autopkgtest [09:32:10]: test upstream: -----------------------]
autopkgtest [09:32:10]: test upstream:  - - - - - - - - - - results - - - - - - - - - -
upstream             FAIL non-zero exit status 1

I'm not sure why "make: cc: Command not found"

• yakkety-amd64

yakkety-amd64
upstream             PASS # expected
boot-and-services    FAIL # unrelated

-- Logs begin at Tue 2016-10-18 09:42:55 UTC, end at Tue 2016-10-18 09:43:13 UTC. --
Oct 18 09:43:12 autopkgtest systemd[1]: Starting Container c1...
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Selected user namespace base 239403008 and range 65536.
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount n/a on /var/lib/machines/c1/sys/fs/selinux (MS_BIND ""): No such file or directory
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount n/a on /var/lib/machines/c1/sys/fs/selinux (MS_RDONLY|MS_NOSUID|MS_NODEV|MS_NOEXEC|MS_REMOUNT|MS_BIND ""): Invalid argument
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Timezone Etc/UTC does not exist in container, not updating container timezone.
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Failed to mount cgroup on /sys/fs/cgroup/net_cls,net_prio (MS_NOSUID|MS_NODEV|MS_NOEXEC "net_cls,net_prio"): No such file or directory
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Main process exited, code=exited, status=1/FAILURE
Oct 18 09:43:12 autopkgtest systemd-nspawn[1293]: Child died too early.
Oct 18 09:43:12 autopkgtest systemd[1]: Failed to start Container c1.
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Unit entered failed state.
Oct 18 09:43:12 autopkgtest systemd[1]: [email protected]: Failed with result 'exit-code'.

Well, #4310 isn't working now (we should bump to 232). So, the systemd-nspawn tries to mount the legacy hierarchy and boom #4352 :-)

• xenial-amd64 - PASSED :-)

xenial-i386> this is still the previous run before I added the gcc/make test deps, retried.

yakkety-amd64 is expected (nspawn failure) as you said. As long as we don't regularly run tests on 16.10, this PR is fine then -- but I figure we should soon clean that up as we actually want to run tests on 16.10 soon to test cgroups v2 on a current kernel?

yakkety-amd64 is expected (nspawn failure) as you said.

Oh, I was wrong. There is no systemd in the container (and bump to 232 will not fix the test).
@keszybz , do we really want to mount the legacy hierarchy if we can't find lib/systemd/libsystemd-shared-*.so and usr/lib/systemd/libsystemd-shared-*.so?

should soon clean that up as we actually want to run tests on 16.10 soon to test cgroups v2 on a current kernel?

Yes, we should fix #4352. (or we should use SYSTEMD_NSPAWN_USE_CGNS=no as a workaround)
Or we can disable -U. I'm not sure that -U by default is the right thing to do

There is no systemd in the container

Right, it's just a teensy busybox one; I'd like to keep this as we shouldn't make too many assumptions on what is in a container. We can also test a full OS container if we can get an image easily (like downloading the standard LXD ones).

@keszybz , do we really want to mount the legacy hierarchy if we can't find lib/systemd/libsystemd-shared-.so and usr/lib/systemd/libsystemd-shared-.so?

IIUC, the hybrid hierarchy will break older systemd releases and probably other code which only supports legacy. So I think we have no choice to do hybrid only when we can detect that the container system supports it.

FWIW, I think we should merge this, even if some hacks are required to tests pass, and do incremental improvements later. We have too many unmerged patches which touch the same area and it's just hard to follow.

No objection from me either -- the packaging has been fixed, so tests succeed on xenial, i. e. this won't break other PRs.

@keszybz

IIUC

Sorry, I asked the wrong question. I mean, why do we mount the systemd hierarchy at all if there is no systemd inside the container?

the hybrid hierarchy will break older systemd releases

This is true, of course.

Can I press the merge button? :-)