"context"
"crypto/sha256"
_ "embed"
+ "encoding/json"
"flag"
"fmt"
"io"
"net/url"
"os"
"os/exec"
+ "regexp"
"strings"
"time"
f.StringVar(&diag.projectName, "project-name", "scratch area for diagnostics", "`name` of project to find/create in home project and use for temporary/test objects")
f.StringVar(&diag.logLevel, "log-level", "info", "logging `level` (debug, info, warning, error)")
f.StringVar(&diag.dockerImage, "docker-image", "", "`image` (tag or portable data hash) to use when running a test container, or \"hello-world\" to use embedded hello-world image (default: build a custom image containing this executable, and run diagnostics inside the container too)")
- f.StringVar(&diag.dockerImageFrom, "docker-image-from", "debian:stable-slim", "`base` image to use when building a custom image (use a debian-based image similar this host's OS for best results)")
+ f.StringVar(&diag.dockerImageFrom, "docker-image-from", "debian:stable-slim", "`base` image to use when building a custom image (see https://doc.arvados.org/main/admin/diagnostics.html#container-options)")
f.BoolVar(&diag.checkInternal, "internal-client", false, "check that this host is considered an \"internal\" client")
f.BoolVar(&diag.checkExternal, "external-client", false, "check that this host is considered an \"external\" client")
f.BoolVar(&diag.verbose, "v", false, "verbose: include more information in report")
}
defer os.RemoveAll(tempdir)
+ var imageSHA2 string
var dockerImageData []byte
if diag.dockerImage != "" || diag.priority < 1 {
// We won't be using the self-built docker image, so
// upload/download, whether or not we're using it as a
// docker image.
dockerImageData = HelloWorldDockerImage
+
+ if diag.priority > 0 {
+ imageSHA2, err = getSHA2FromImageData(dockerImageData)
+ if err != nil {
+ diag.errorf("internal error/bug: %s", err)
+ return
+ }
+ }
} else if selfbin, err := os.Readlink("/proc/self/exe"); err != nil {
diag.errorf("readlink /proc/self/exe: %s", err)
return
}
dockerfile := "FROM " + diag.dockerImageFrom + "\n"
- dockerfile += "RUN apt-get update && apt-get install --yes --no-install-recommends libfuse2 ca-certificates && apt-get clean\n"
+ dockerfile += "RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends libfuse2 ca-certificates && apt-get clean\n"
dockerfile += "COPY /arvados-client /arvados-client\n"
cmd := exec.Command("docker", "build", "--tag", tag, "-f", "-", tempdir)
cmd.Stdin = strings.NewReader(dockerfile)
}
diag.infof("arvados-client version: %s", checkversion)
- buf, err := exec.Command("docker", "save", tag).Output()
+ buf, err := exec.Command("docker", "inspect", "--format={{.Id}}", tag).Output()
+ if err != nil {
+ diag.errorf("docker inspect --format={{.Id}} %s: %s", tag, err)
+ return
+ }
+ imageSHA2 = min64HexDigits.FindString(string(buf))
+ if len(imageSHA2) != 64 {
+ diag.errorf("docker inspect --format={{.Id}} output %q does not seem to contain sha256 digest", buf)
+ return
+ }
+
+ buf, err = exec.Command("docker", "save", tag).Output()
if err != nil {
diag.errorf("docker save %s: %s", tag, err)
return
dockerImageData = buf
}
- // Read image tarball to find image ID, so we can upload it as
- // "sha256:{...}.tar"
- var imageSHA2 string
- {
- tr := tar.NewReader(bytes.NewReader(dockerImageData))
- for {
- hdr, err := tr.Next()
- if err == io.EOF {
- break
- }
- if err != nil {
- diag.errorf("internal error/bug: cannot read docker image tar file: %s", err)
- return
- }
- if s := strings.TrimSuffix(hdr.Name, ".json"); len(s) == 64 && s != hdr.Name {
- imageSHA2 = s
- }
- }
- if imageSHA2 == "" {
- diag.errorf("internal error/bug: cannot find {sha256}.json file in docker image tar file")
- return
- }
- }
tarfilename := "sha256:" + imageSHA2 + ".tar"
diag.dotest(100, "uploading file via webdav", func() error {
return nil
})
- diag.dotest(140, "getting workbench1 webshell page", func() error {
- ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(diag.timeout))
- defer cancel()
- if vm.UUID == "" {
- diag.warnf("skipping, no vm available")
- return nil
- }
- webshelltermurl := cluster.Services.Workbench1.ExternalURL.String() + "virtual_machines/" + vm.UUID + "/webshell/testusername"
- diag.debugf("url %s", webshelltermurl)
- req, err := http.NewRequestWithContext(ctx, "GET", webshelltermurl, nil)
- if err != nil {
- return err
- }
- req.Header.Set("Authorization", "Bearer "+client.AuthToken)
- resp, err := http.DefaultClient.Do(req)
- if err != nil {
- return err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return fmt.Errorf("reading response: %s", err)
- }
- if resp.StatusCode != http.StatusOK {
- return fmt.Errorf("unexpected response status: %s %q", resp.Status, body)
- }
- return nil
- })
-
diag.dotest(150, "connecting to webshell service", func() error {
ctx, cancel := context.WithDeadline(context.Background(), time.Now().Add(diag.timeout))
defer cancel()
return nil
})
}
+
+func getSHA2FromImageData(dockerImageData []byte) (string, error) {
+ tr := tar.NewReader(bytes.NewReader(dockerImageData))
+ for {
+ hdr, err := tr.Next()
+ if err == io.EOF {
+ return "", fmt.Errorf("cannot find manifest.json in docker image tar file")
+ }
+ if err != nil {
+ return "", fmt.Errorf("cannot read docker image tar file: %s", err)
+ }
+ if hdr.Name != "manifest.json" {
+ continue
+ }
+ var manifest []struct {
+ Config string
+ }
+ err = json.NewDecoder(tr).Decode(&manifest)
+ if err != nil {
+ return "", fmt.Errorf("cannot read manifest.json from docker image tar file: %s", err)
+ }
+ if len(manifest) == 0 {
+ return "", fmt.Errorf("manifest.json is empty")
+ }
+ s := min64HexDigits.FindString(manifest[0].Config)
+ if len(s) != 64 {
+ return "", fmt.Errorf("found manifest.json but .[0].Config %q does not seem to contain sha256 digest", manifest[0].Config)
+ }
+ return s, nil
+ }
+}
+
+var min64HexDigits = regexp.MustCompile(`[0-9a-f]{64,}`)