// Copyright (C) The Arvados Authors. All rights reserved. // // SPDX-License-Identifier: AGPL-3.0 package crunchrun import ( "bytes" "context" "fmt" "io" "io/ioutil" "net" "net/http" "net/netip" "os" "regexp" "strings" "time" "git.arvados.org/arvados.git/lib/diagnostics" "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/arvadostest" . "gopkg.in/check.v1" ) type nopWriteCloser struct{ io.Writer } func (nopWriteCloser) Close() error { return nil } // embedded by dockerSuite and singularitySuite so they can share // tests. type executorSuite struct { newExecutor func(*C) // embedding struct's SetUpSuite method must set this executor containerExecutor spec containerSpec stdout bytes.Buffer stderr bytes.Buffer } func (s *executorSuite) SetUpTest(c *C) { s.newExecutor(c) s.stdout = bytes.Buffer{} s.stderr = bytes.Buffer{} s.spec = containerSpec{ Image: "busybox:uclibc", VCPUs: 1, WorkingDir: "", Env: map[string]string{"PATH": "/bin:/usr/bin"}, NetworkMode: "default", Stdout: nopWriteCloser{&s.stdout}, Stderr: nopWriteCloser{&s.stderr}, } err := s.executor.LoadImage("", arvadostest.BusyboxDockerImage(c), arvados.Container{}, "", nil) c.Assert(err, IsNil) } func (s *executorSuite) TearDownTest(c *C) { s.executor.Close() } func (s *executorSuite) TestExecTrivialContainer(c *C) { c.Logf("Using container runtime: %s", s.executor.Runtime()) s.spec.Command = []string{"echo", "ok"} s.checkRun(c, 0) c.Check(s.stdout.String(), Equals, "ok\n") c.Check(s.stderr.String(), Equals, "") } func (s *executorSuite) TestDiagnosticsImage(c *C) { s.newExecutor(c) imagefile := c.MkDir() + "/hello-world.tar" err := ioutil.WriteFile(imagefile, diagnostics.HelloWorldDockerImage, 0777) c.Assert(err, IsNil) err = s.executor.LoadImage("", imagefile, arvados.Container{}, "", nil) c.Assert(err, IsNil) c.Logf("Using container runtime: %s", s.executor.Runtime()) s.spec.Image = "hello-world" s.spec.Command = []string{"/hello"} s.checkRun(c, 0) c.Check(s.stdout.String(), Matches, `(?ms)\nHello from Docker!\n.*`) } func (s *executorSuite) TestExitStatus(c *C) { s.spec.Command = []string{"false"} s.checkRun(c, 1) } func (s *executorSuite) TestSignalExitStatus(c *C) { if _, isdocker := s.executor.(*dockerExecutor); isdocker { // It's not quite this easy to make busybox kill // itself in docker where it's pid 1. c.Skip("kill -9 $$ doesn't work on busybox with pid=1 in docker") return } s.spec.Command = []string{"sh", "-c", "kill -9 $$"} s.checkRun(c, 0x80+9) } func (s *executorSuite) TestExecStop(c *C) { s.spec.Command = []string{"sh", "-c", "sleep 10; echo ok"} err := s.executor.Create(s.spec) c.Assert(err, IsNil) err = s.executor.Start() c.Assert(err, IsNil) go func() { time.Sleep(time.Second / 10) s.executor.Stop() }() ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second)) defer cancel() code, err := s.executor.Wait(ctx) c.Check(code, Not(Equals), 0) c.Check(err, IsNil) c.Check(s.stdout.String(), Equals, "") c.Check(s.stderr.String(), Equals, "") } func (s *executorSuite) TestExecCleanEnv(c *C) { s.spec.Command = []string{"env"} s.checkRun(c, 0) c.Check(s.stderr.String(), Equals, "") got := map[string]string{} for _, kv := range strings.Split(s.stdout.String(), "\n") { if kv == "" { continue } kv := strings.SplitN(kv, "=", 2) switch kv[0] { case "HOSTNAME", "HOME": // docker sets these by itself case "LD_LIBRARY_PATH", "SINGULARITY_NAME", "PWD", "LANG", "SHLVL", "SINGULARITY_INIT", "SINGULARITY_CONTAINER": // singularity sets these by itself (cf. https://sylabs.io/guides/3.5/user-guide/environment_and_metadata.html) case "SINGULARITY_APPNAME": // singularity also sets this by itself (v3.5.2, but not v3.7.4) case "PROMPT_COMMAND", "PS1", "SINGULARITY_BIND", "SINGULARITY_COMMAND", "SINGULARITY_ENVIRONMENT": // singularity also sets these by itself (v3.7.4) case "SINGULARITY_NO_EVAL": // our singularity driver sets this to control // singularity behavior, and it gets passed // through to the container default: got[kv[0]] = kv[1] } } c.Check(got, DeepEquals, s.spec.Env) } func (s *executorSuite) TestExecEnableNetwork(c *C) { for _, enable := range []bool{false, true} { s.SetUpTest(c) s.spec.Command = []string{"ip", "route"} s.spec.EnableNetwork = enable s.checkRun(c, 0) if enable { c.Check(s.stdout.String(), Matches, "(?ms).*default via.*") } else { c.Check(s.stdout.String(), Equals, "") } } } func (s *executorSuite) TestExecWorkingDir(c *C) { s.spec.WorkingDir = "/tmp" s.spec.Command = []string{"sh", "-c", "pwd"} s.checkRun(c, 0) c.Check(s.stdout.String(), Equals, "/tmp\n") } func (s *executorSuite) TestExecStdoutStderr(c *C) { s.spec.Command = []string{"sh", "-c", "echo foo; echo -n bar >&2; echo baz; echo waz >&2"} s.checkRun(c, 0) c.Check(s.stdout.String(), Equals, "foo\nbaz\n") c.Check(s.stderr.String(), Equals, "barwaz\n") } func (s *executorSuite) TestEnableNetwork_Listen(c *C) { // Listen on an available port on the host. ln, err := net.Listen("tcp", net.JoinHostPort("0.0.0.0", "0")) c.Assert(err, IsNil) defer ln.Close() _, port, err := net.SplitHostPort(ln.Addr().String()) c.Assert(err, IsNil) // Start a container that listens on the same port number that // is already in use on the host. s.spec.Command = []string{"nc", "-l", "-p", port, "-e", "printf", `HTTP/1.1 418 I'm a teapot\r\n\r\n`} s.spec.EnableNetwork = true c.Assert(s.executor.Create(s.spec), IsNil) c.Assert(s.executor.Start(), IsNil) starttime := time.Now() ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second)) defer cancel() for { time.Sleep(time.Second / 10) if ctx.Err() != nil { c.Error("timed out") break } ip, err := s.executor.IPAddress() if err != nil { c.Logf("s.executor.IPAddress: %s", err) continue } c.Assert(ip, Not(Equals), "") // When we connect to the port using // s.executor.IPAddress(), we should reach the nc // process running inside the container, not the // net.Listen() running outside the container, even // though both listen on the same port. ctx, cancel := context.WithDeadline(ctx, time.Now().Add(time.Second)) defer cancel() req, err := http.NewRequestWithContext(ctx, "BREW", "http://"+net.JoinHostPort(ip, port), nil) c.Assert(err, IsNil) resp, err := http.DefaultClient.Do(req) if err != nil { c.Logf("%s (retrying...)", err) continue } c.Check(resp.StatusCode, Equals, http.StatusTeapot) c.Logf("%s %q: %s", req.Method, req.URL, resp.Status) break } s.executor.Stop() code, _ := s.executor.Wait(ctx) c.Logf("container ran for %v", time.Now().Sub(starttime)) c.Check(code, Equals, -1) c.Logf("stdout:\n%s\n\n", s.stdout.String()) c.Logf("stderr:\n%s\n\n", s.stderr.String()) } func (s *executorSuite) TestEnableNetwork_IPAddress(c *C) { s.spec.Command = []string{"ip", "ad"} s.spec.EnableNetwork = true c.Assert(s.executor.Create(s.spec), IsNil) c.Assert(s.executor.Start(), IsNil) ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second)) defer cancel() code, _ := s.executor.Wait(ctx) c.Check(code, Equals, 0) c.Logf("stdout:\n%s\n\n", s.stdout.String()) c.Logf("stderr:\n%s\n\n", s.stderr.String()) found := false for _, m := range regexp.MustCompile(` inet (.+?)/`).FindAllStringSubmatch(s.stdout.String(), -1) { if addr, err := netip.ParseAddr(m[1]); err == nil && !addr.IsLoopback() { found = true c.Logf("found non-loopback IP address %q", m[1]) break } } c.Check(found, Equals, true, Commentf("container does not appear to have a non-loopback IP address")) } func (s *executorSuite) TestInject(c *C) { hostdir := c.MkDir() c.Assert(os.WriteFile(hostdir+"/testfile", []byte("first tube"), 0777), IsNil) mountdir := fmt.Sprintf("/injecttest-%d", os.Getpid()) s.spec.Command = []string{"sleep", "10"} s.spec.BindMounts = map[string]bindmount{mountdir: {HostPath: hostdir, ReadOnly: true}} c.Assert(s.executor.Create(s.spec), IsNil) c.Assert(s.executor.Start(), IsNil) starttime := time.Now() ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(2*time.Second)) defer cancel() // Allow InjectCommand to fail a few times while the container // is starting for ctx.Err() == nil { _, err := s.executor.InjectCommand(ctx, "", "root", false, []string{"true"}) if err == nil { break } time.Sleep(time.Second / 10) } injectcmd := []string{"cat", mountdir + "/testfile"} cmd, err := s.executor.InjectCommand(ctx, "", "root", false, injectcmd) c.Assert(err, IsNil) out, err := cmd.CombinedOutput() c.Logf("inject %s => %q", injectcmd, out) c.Check(err, IsNil) c.Check(string(out), Equals, "first tube") s.executor.Stop() code, _ := s.executor.Wait(ctx) c.Logf("container ran for %v", time.Now().Sub(starttime)) c.Check(code, Equals, -1) } func (s *executorSuite) checkRun(c *C, expectCode int) { c.Assert(s.executor.Create(s.spec), IsNil) c.Assert(s.executor.Start(), IsNil) ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(10*time.Second)) defer cancel() code, err := s.executor.Wait(ctx) c.Assert(err, IsNil) c.Check(code, Equals, expectCode) }