projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '19099-singularity-container-shell'
[arvados.git] / lib / crunchrun / singularity_test.go
diff --git a/lib/crunchrun/singularity_test.go b/lib/crunchrun/singularity_test.go
index a1263da3215ad6d07d7fcf2db444c06528d7dd72..e4c7cdb308ede92a3456fc253444b1f61aed79ad 100644 (file)
--- a/lib/crunchrun/singularity_test.go
+++ b/lib/crunchrun/singularity_test.go
@@ -5,9 +5,11 @@
 package crunchrun
 
 import (
+       "os"
        "os/exec"
 
        . "gopkg.in/check.v1"
+       check "gopkg.in/check.v1"
 )
 
 var _ = Suite(&singularitySuite{})
@@ -27,3 +29,54 @@ func (s *singularitySuite) SetUpSuite(c *C) {
                c.Assert(err, IsNil)
        }
 }
+
+func (s *singularitySuite) TearDownSuite(c *C) {
+       if s.executor != nil {
+               s.executor.Close()
+       }
+}
+
+func (s *singularitySuite) TestIPAddress(c *C) {
+       // In production, executor will choose --network=bridge
+       // because uid=0 under arvados-dispatch-cloud. But in test
+       // cases, uid!=0, which means --network=bridge is conditional
+       // on --fakeroot.
+       uuc, err := os.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
+       c.Check(err, check.IsNil)
+       if string(uuc) == "0\n" {
+               c.Skip("insufficient privileges to run this test case -- `singularity exec --fakeroot` requires /proc/sys/kernel/unprivileged_userns_clone = 1")
+       }
+       s.executor.(*singularityExecutor).fakeroot = true
+       s.executorSuite.TestIPAddress(c)
+}
+
+func (s *singularitySuite) TestInject(c *C) {
+       path, err := exec.LookPath("nsenter")
+       if err != nil || path != "/var/lib/arvados/bin/nsenter" {
+               c.Skip("looks like /var/lib/arvados/bin/nsenter is not installed -- re-run `arvados-server install`?")
+       }
+       s.executorSuite.TestInject(c)
+}
+
+var _ = Suite(&singularityStubSuite{})
+
+// singularityStubSuite tests don't really invoke singularity, so we
+// can run them even if singularity is not installed.
+type singularityStubSuite struct{}
+
+func (s *singularityStubSuite) TestSingularityExecArgs(c *C) {
+       e, err := newSingularityExecutor(c.Logf)
+       c.Assert(err, IsNil)
+       err = e.Create(containerSpec{
+               WorkingDir:      "/WorkingDir",
+               Env:             map[string]string{"FOO": "bar"},
+               BindMounts:      map[string]bindmount{"/mnt": {HostPath: "/hostpath", ReadOnly: true}},
+               EnableNetwork:   false,
+               CUDADeviceCount: 3,
+       })
+       c.Check(err, IsNil)
+       e.imageFilename = "/fake/image.sif"
+       cmd := e.execCmd("./singularity")
+       c.Check(cmd.Args, DeepEquals, []string{"./singularity", "exec", "--containall", "--cleanenv", "--pwd=/WorkingDir", "--net", "--network=none", "--nv", "--bind", "/hostpath:/mnt:ro", "/fake/image.sif"})
+       c.Check(cmd.Env, DeepEquals, []string{"SINGULARITYENV_FOO=bar", "SINGULARITY_NO_EVAL=1"})
+}