lib/crunchrun/executor_test.go

   1 // Copyright (C) The Arvados Authors. All rights reserved.
   2 //
   3 // SPDX-License-Identifier: AGPL-3.0
   4
   5 package crunchrun
   6
   7 import (
   8         "bytes"
   9         "context"
  10         "fmt"
  11         "io"
  12         "io/ioutil"
  13         "net"
  14         "net/http"
  15         "net/netip"
  16         "os"
  17         "regexp"
  18         "strings"
  19         "time"
  20
  21         "git.arvados.org/arvados.git/lib/diagnostics"
  22         "git.arvados.org/arvados.git/sdk/go/arvados"
  23         "git.arvados.org/arvados.git/sdk/go/arvadostest"
  24         . "gopkg.in/check.v1"
  25 )
  26
  27 type nopWriteCloser struct{ io.Writer }
  28
  29 func (nopWriteCloser) Close() error { return nil }
  30
  31 // embedded by dockerSuite and singularitySuite so they can share
  32 // tests.
  33 type executorSuite struct {
  34         newExecutor func(*C) // embedding struct's SetUpSuite method must set this
  35         executor    containerExecutor
  36         spec        containerSpec
  37         stdout      bytes.Buffer
  38         stderr      bytes.Buffer
  39 }
  40
  41 func (s *executorSuite) SetUpTest(c *C) {
  42         s.newExecutor(c)
  43         s.stdout = bytes.Buffer{}
  44         s.stderr = bytes.Buffer{}
  45         s.spec = containerSpec{
  46                 Image:       "busybox:uclibc",
  47                 VCPUs:       1,
  48                 WorkingDir:  "",
  49                 Env:         map[string]string{"PATH": "/bin:/usr/bin"},
  50                 NetworkMode: "default",
  51                 Stdout:      nopWriteCloser{&s.stdout},
  52                 Stderr:      nopWriteCloser{&s.stderr},
  53         }
  54         err := s.executor.LoadImage("", arvadostest.BusyboxDockerImage(c), arvados.Container{}, "", nil)
  55         c.Assert(err, IsNil)
  56 }
  57
  58 func (s *executorSuite) TearDownTest(c *C) {
  59         s.executor.Close()
  60 }
  61
  62 func (s *executorSuite) TestExecTrivialContainer(c *C) {
  63         c.Logf("Using container runtime: %s", s.executor.Runtime())
  64         s.spec.Command = []string{"echo", "ok"}
  65         s.checkRun(c, 0)
  66         c.Check(s.stdout.String(), Equals, "ok\n")
  67         c.Check(s.stderr.String(), Equals, "")
  68 }
  69
  70 func (s *executorSuite) TestDiagnosticsImage(c *C) {
  71         imagefile := c.MkDir() + "/hello-world.tar"
  72         err := ioutil.WriteFile(imagefile, diagnostics.HelloWorldDockerImage, 0777)
  73         c.Assert(err, IsNil)
  74         err = s.executor.LoadImage("", imagefile, arvados.Container{}, "", nil)
  75         c.Assert(err, IsNil)
  76
  77         c.Logf("Using container runtime: %s", s.executor.Runtime())
  78         s.spec.Image = "hello-world"
  79         s.spec.Command = []string{"/hello"}
  80         s.checkRun(c, 0)
  81         c.Check(s.stdout.String(), Matches, `(?ms)\nHello from Docker!\n.*`)
  82 }
  83
  84 func (s *executorSuite) TestExitStatus(c *C) {
  85         s.spec.Command = []string{"false"}
  86         s.checkRun(c, 1)
  87 }
  88
  89 func (s *executorSuite) TestSignalExitStatus(c *C) {
  90         if _, isdocker := s.executor.(*dockerExecutor); isdocker {
  91                 // It's not quite this easy to make busybox kill
  92                 // itself in docker where it's pid 1.
  93                 c.Skip("kill -9 $$ doesn't work on busybox with pid=1 in docker")
  94                 return
  95         }
  96         s.spec.Command = []string{"sh", "-c", "kill -9 $$"}
  97         s.checkRun(c, 0x80+9)
  98 }
  99
 100 func (s *executorSuite) TestExecStop(c *C) {
 101         s.spec.Command = []string{"sh", "-c", "sleep 10; echo ok"}
 102         err := s.executor.Create(s.spec)
 103         c.Assert(err, IsNil)
 104         err = s.executor.Start()
 105         c.Assert(err, IsNil)
 106         go func() {
 107                 time.Sleep(time.Second / 10)
 108                 s.executor.Stop()
 109         }()
 110         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 111         defer cancel()
 112         code, err := s.executor.Wait(ctx)
 113         c.Check(code, Not(Equals), 0)
 114         c.Check(err, IsNil)
 115         c.Check(s.stdout.String(), Equals, "")
 116         c.Check(s.stderr.String(), Equals, "")
 117 }
 118
 119 func (s *executorSuite) TestExecCleanEnv(c *C) {
 120         s.spec.Command = []string{"env"}
 121         s.checkRun(c, 0)
 122         c.Check(s.stderr.String(), Equals, "")
 123         got := map[string]string{}
 124         for _, kv := range strings.Split(s.stdout.String(), "\n") {
 125                 if kv == "" {
 126                         continue
 127                 }
 128                 kv := strings.SplitN(kv, "=", 2)
 129                 switch kv[0] {
 130                 case "HOSTNAME", "HOME":
 131                         // docker sets these by itself
 132                 case "LD_LIBRARY_PATH", "SINGULARITY_NAME", "PWD", "LANG", "SHLVL", "SINGULARITY_INIT", "SINGULARITY_CONTAINER":
 133                         // singularity sets these by itself (cf. https://sylabs.io/guides/3.5/user-guide/environment_and_metadata.html)
 134                 case "SINGULARITY_APPNAME":
 135                         // singularity also sets this by itself (v3.5.2, but not v3.7.4)
 136                 case "PROMPT_COMMAND", "PS1", "SINGULARITY_BIND", "SINGULARITY_COMMAND", "SINGULARITY_ENVIRONMENT":
 137                         // singularity also sets these by itself (v3.7.4)
 138                 case "SINGULARITY_NO_EVAL":
 139                         // our singularity driver sets this to control
 140                         // singularity behavior, and it gets passed
 141                         // through to the container
 142                 default:
 143                         got[kv[0]] = kv[1]
 144                 }
 145         }
 146         c.Check(got, DeepEquals, s.spec.Env)
 147 }
 148 func (s *executorSuite) TestExecEnableNetwork(c *C) {
 149         for _, enable := range []bool{false, true} {
 150                 s.SetUpTest(c)
 151                 s.spec.Command = []string{"ip", "route"}
 152                 s.spec.EnableNetwork = enable
 153                 s.checkRun(c, 0)
 154                 if enable {
 155                         c.Check(s.stdout.String(), Matches, "(?ms).*default via.*")
 156                 } else {
 157                         c.Check(s.stdout.String(), Equals, "")
 158                 }
 159         }
 160 }
 161
 162 func (s *executorSuite) TestExecWorkingDir(c *C) {
 163         s.spec.WorkingDir = "/tmp"
 164         s.spec.Command = []string{"sh", "-c", "pwd"}
 165         s.checkRun(c, 0)
 166         c.Check(s.stdout.String(), Equals, "/tmp\n")
 167 }
 168
 169 func (s *executorSuite) TestExecStdoutStderr(c *C) {
 170         s.spec.Command = []string{"sh", "-c", "echo foo; echo -n bar >&2; echo baz; echo waz >&2"}
 171         s.checkRun(c, 0)
 172         c.Check(s.stdout.String(), Equals, "foo\nbaz\n")
 173         c.Check(s.stderr.String(), Equals, "barwaz\n")
 174 }
 175
 176 func (s *executorSuite) TestEnableNetwork_Listen(c *C) {
 177         // Listen on an available port on the host.
 178         ln, err := net.Listen("tcp", net.JoinHostPort("0.0.0.0", "0"))
 179         c.Assert(err, IsNil)
 180         defer ln.Close()
 181         _, port, err := net.SplitHostPort(ln.Addr().String())
 182         c.Assert(err, IsNil)
 183
 184         // Start a container that listens on the same port number that
 185         // is already in use on the host.
 186         s.spec.Command = []string{"nc", "-l", "-p", port, "-e", "printf", `HTTP/1.1 418 I'm a teapot\r\n\r\n`}
 187         s.spec.EnableNetwork = true
 188         c.Assert(s.executor.Create(s.spec), IsNil)
 189         c.Assert(s.executor.Start(), IsNil)
 190         starttime := time.Now()
 191
 192         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 193         defer cancel()
 194
 195         for {
 196                 time.Sleep(time.Second / 10)
 197                 if ctx.Err() != nil {
 198                         c.Error("timed out")
 199                         break
 200                 }
 201
 202                 ip, err := s.executor.IPAddress()
 203                 if err != nil {
 204                         c.Logf("s.executor.IPAddress: %s", err)
 205                         continue
 206                 }
 207                 c.Assert(ip, Not(Equals), "")
 208
 209                 // When we connect to the port using
 210                 // s.executor.IPAddress(), we should reach the nc
 211                 // process running inside the container, not the
 212                 // net.Listen() running outside the container, even
 213                 // though both listen on the same port.
 214                 ctx, cancel := context.WithDeadline(ctx, time.Now().Add(time.Second))
 215                 defer cancel()
 216                 req, err := http.NewRequestWithContext(ctx, "BREW", "http://"+net.JoinHostPort(ip, port), nil)
 217                 c.Assert(err, IsNil)
 218                 resp, err := http.DefaultClient.Do(req)
 219                 if err != nil {
 220                         c.Logf("%s (retrying...)", err)
 221                         continue
 222                 }
 223                 c.Check(resp.StatusCode, Equals, http.StatusTeapot)
 224                 c.Logf("%s %q: %s", req.Method, req.URL, resp.Status)
 225                 break
 226         }
 227
 228         s.executor.Stop()
 229         code, _ := s.executor.Wait(ctx)
 230         c.Logf("container ran for %v", time.Now().Sub(starttime))
 231         c.Check(code, Equals, -1)
 232
 233         c.Logf("stdout:\n%s\n\n", s.stdout.String())
 234         c.Logf("stderr:\n%s\n\n", s.stderr.String())
 235 }
 236
 237 func (s *executorSuite) TestEnableNetwork_IPAddress(c *C) {
 238         s.spec.Command = []string{"ip", "ad"}
 239         s.spec.EnableNetwork = true
 240         c.Assert(s.executor.Create(s.spec), IsNil)
 241         c.Assert(s.executor.Start(), IsNil)
 242         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 243         defer cancel()
 244         code, _ := s.executor.Wait(ctx)
 245         c.Check(code, Equals, 0)
 246         c.Logf("stdout:\n%s\n\n", s.stdout.String())
 247         c.Logf("stderr:\n%s\n\n", s.stderr.String())
 248
 249         found := false
 250         for _, m := range regexp.MustCompile(` inet (.+?)/`).FindAllStringSubmatch(s.stdout.String(), -1) {
 251                 if addr, err := netip.ParseAddr(m[1]); err == nil && !addr.IsLoopback() {
 252                         found = true
 253                         c.Logf("found non-loopback IP address %q", m[1])
 254                         break
 255                 }
 256         }
 257         c.Check(found, Equals, true, Commentf("container does not appear to have a non-loopback IP address"))
 258 }
 259
 260 func (s *executorSuite) TestInject(c *C) {
 261         hostdir := c.MkDir()
 262         c.Assert(os.WriteFile(hostdir+"/testfile", []byte("first tube"), 0777), IsNil)
 263         mountdir := fmt.Sprintf("/injecttest-%d", os.Getpid())
 264         s.spec.Command = []string{"sleep", "10"}
 265         s.spec.BindMounts = map[string]bindmount{mountdir: {HostPath: hostdir, ReadOnly: true}}
 266         c.Assert(s.executor.Create(s.spec), IsNil)
 267         c.Assert(s.executor.Start(), IsNil)
 268         starttime := time.Now()
 269
 270         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(2*time.Second))
 271         defer cancel()
 272
 273         // Allow InjectCommand to fail a few times while the container
 274         // is starting
 275         for ctx.Err() == nil {
 276                 _, err := s.executor.InjectCommand(ctx, "", "root", false, []string{"true"})
 277                 if err == nil {
 278                         break
 279                 }
 280                 time.Sleep(time.Second / 10)
 281         }
 282
 283         injectcmd := []string{"cat", mountdir + "/testfile"}
 284         cmd, err := s.executor.InjectCommand(ctx, "", "root", false, injectcmd)
 285         c.Assert(err, IsNil)
 286         out, err := cmd.CombinedOutput()
 287         c.Logf("inject %s => %q", injectcmd, out)
 288         c.Check(err, IsNil)
 289         c.Check(string(out), Equals, "first tube")
 290
 291         s.executor.Stop()
 292         code, _ := s.executor.Wait(ctx)
 293         c.Logf("container ran for %v", time.Now().Sub(starttime))
 294         c.Check(code, Equals, -1)
 295 }
 296
 297 func (s *executorSuite) checkRun(c *C, expectCode int) {
 298         c.Assert(s.executor.Create(s.spec), IsNil)
 299         c.Assert(s.executor.Start(), IsNil)
 300         ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second))
 301         defer cancel()
 302         code, err := s.executor.Wait(ctx)
 303         c.Assert(err, IsNil)
 304         c.Check(code, Equals, expectCode)
 305 }