From 4f3c4df03d9ca93cd27d5c83d443296f7fd2b2a7 Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Fri, 21 Sep 2018 14:34:44 +0200 Subject: [PATCH 1/2] Add integration tests that can run on fresh vm with LXD This adds the run-integration-tests-in-a-vm which will minimally configure a fresh VM (or bare-metal) with LXD installed, and then run the pylxd integration tests. Also simplify the existing integration tests to a single 'run-integration-tests-in-lxd' which is for running the integration tests in an existing, already configured, machine with LXD, where the tests are run lxd-in-lxd. Signed-off-by: Alex Kavanagh --- integration/run-integration-tests-in-a-vm | 33 ++++++++++ integration/run-integration-tests-in-lxd | 75 +++++++++++++++++++++++ integration/run_integration_tests | 13 ---- integration/run_integration_tests-16-04 | 22 ------- integration/run_integration_tests-18-04 | 36 ----------- 5 files changed, 108 insertions(+), 71 deletions(-) create mode 100755 integration/run-integration-tests-in-a-vm create mode 100755 integration/run-integration-tests-in-lxd delete mode 100755 integration/run_integration_tests delete mode 100755 integration/run_integration_tests-16-04 delete mode 100755 integration/run_integration_tests-18-04 diff --git a/integration/run-integration-tests-in-a-vm b/integration/run-integration-tests-in-a-vm new file mode 100755 index 00000000..3cb9aee5 --- /dev/null +++ b/integration/run-integration-tests-in-a-vm @@ -0,0 +1,33 @@ +#!/bin/bash +set -ex + +_dir="$( cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)" +_release=$(lsb_release -cs) + +sudo apt-get update +sudo apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential + +lxc config set core.trust_password password +lxc config set core.https_address [::] + +if [[ "${_release}" == "bionic" ]]; then + # force generation of client certificate to an address that doesn't work (http) + # generate an openssl certificate and key for the remote not verified test + mkdir -p $HOME/.config/lxc + openssl genrsa 1024 > $HOME/.config/lxc/client.key + chmod 400 $HOME/.config/lxc/client.key + + openssl req -new -x509 -nodes -sha1 -days 365 \ + -key $HOME/.config/lxc/client.key -out $HOME/.config/lxc/client.crt \ + -subj="/C=UK/ST=London/L=London/O=OrgName/OU=Test/CN=example.com" + + # create a default dir storage pool for bionic + lxc storage create default dir + lxc profile device add default root disk path=/ pool=default + echo "Run 18.04 (bionic) integration tests" +else + echo "Run 16.04 (xenial) integration tests" +fi + +# finally run the integration tests +tox -e integration diff --git a/integration/run-integration-tests-in-lxd b/integration/run-integration-tests-in-lxd new file mode 100755 index 00000000..a92d64b6 --- /dev/null +++ b/integration/run-integration-tests-in-lxd @@ -0,0 +1,75 @@ +#!/bin/bash + +# This script runs the integration tests on an already configured LXD machine +# where the tests are run LXD in LXD. i.e. an LXD container is spawned, pylxd +# is copied into the container, and then the container runs the integration +# tests. + +# This script is NOT used by the CI system, but for people to run integration +# tests on their own computers where they don't want the integration test to +# mess with their setup. + +set -ex + +_dir="$( cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)" +_release=$(lsb_release -cs) + +if [[ "${_release}" == "bionic" ]]; then + echo "Running Bionic (18:04) integration tests" + CONTAINER_IMAGE="ubuntu:18.04" + CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` + + # This creates a privileged container, because I was bumping into situations where it + # seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely + # a bug in LXD). + lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true + sleep 5 # Wait for the network to come up + lxc exec $CONTAINER_NAME -- apt-get update + lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential + + lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password + lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] + # force generation of client certificate to an address that doesn't work (http) + # generate an openssl certificate and key for the remote not verified test + lxc exec $CONTAINER_NAME -- mkdir -p /root/.config/lxc + openssl genrsa 1024 > ./$CONTAINER_NAME.key + lxc file push ./$CONTAINER_NAME.key $CONTAINER_NAME/root/.config/lxc/client.key + rm ./$CONTAINER_NAME.key + lxc exec $CONTAINER_NAME -- chmod 400 /root/.config/lxc/client.key + lxc exec $CONTAINER_NAME -- openssl req -new -x509 -nodes -sha1 -days 365 \ + -key /root/.config/lxc/client.key -out /root/.config/lxc/client.crt \ + -subj="/C=UK/ST=London/L=London/O=OrgName/OU=Test/CN=example.com" + + # create a default dir storage pool for bionic + lxc exec $CONTAINER_NAME -- lxc storage create default dir + lxc exec $CONTAINER_NAME -- lxc profile device add default root disk path=/ pool=default + + lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd + # NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so + # until we have pervasive support for that, we'll do this tar hack. + cd .. && tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd + lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" + lxc delete --force $CONTAINER_NAME +else + echo "Running Xenial (16:04) integration tests" + CONTAINER_IMAGE="ubuntu:16.04" + CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` + + # This creates a privileged container, because I was bumping into situations where it + # seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely + # a bug in LXD). + lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true + sleep 5 # Wait for the network to come up + lxc exec $CONTAINER_NAME -- apt-get update + lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential + + lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password + lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] + + lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd + # NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so + # until we have pervasive support for that, we'll do this tar hack. + cd .. && tar cf - ../* ../.git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd + lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" + lxc delete --force $CONTAINER_NAME +fi diff --git a/integration/run_integration_tests b/integration/run_integration_tests deleted file mode 100755 index 840011cc..00000000 --- a/integration/run_integration_tests +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -set -ex - -_dir="$( cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)" -_release=$(lsb_release -cs) - -if [[ "${_release}" == "bionic" ]]; then - echo "Running Bionic (18:04) integration tests" - exec ${_dir}/run_integration_tests-18-04 -else - echo "Running Xenial (16:04) integration tests" - exec ${_dir}/run_integration_tests-16-04 -fi diff --git a/integration/run_integration_tests-16-04 b/integration/run_integration_tests-16-04 deleted file mode 100755 index e105330f..00000000 --- a/integration/run_integration_tests-16-04 +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -CONTAINER_IMAGE=ubuntu:16.04 -CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` - -# This creates a privileged container, because I was bumping into situations where it -# seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely -# a bug in LXD). -lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true -sleep 5 # Wait for the network to come up -lxc exec $CONTAINER_NAME -- apt-get update -lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential - -lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password -lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] - -lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd -# NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so -# until we have pervasive support for that, we'll do this tar hack. -cd .. && tar cf - ../* ../.git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd -lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" -lxc delete --force $CONTAINER_NAME diff --git a/integration/run_integration_tests-18-04 b/integration/run_integration_tests-18-04 deleted file mode 100755 index 99e00fd1..00000000 --- a/integration/run_integration_tests-18-04 +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -CONTAINER_IMAGE=ubuntu:18.04 -CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` - -# This creates a privileged container, because I was bumping into situations where it -# seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely -# a bug in LXD). -lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true -sleep 5 # Wait for the network to come up -lxc exec $CONTAINER_NAME -- apt-get update -lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential - -lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password -lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] -# force generation of client certificate to an address that doesn't work (http) -# generate an openssl certificate and key for the remote not verified test -lxc exec $CONTAINER_NAME -- mkdir -p /root/.config/lxc -openssl genrsa 1024 > ./$CONTAINER_NAME.key -lxc file push ./$CONTAINER_NAME.key $CONTAINER_NAME/root/.config/lxc/client.key -rm ./$CONTAINER_NAME.key -lxc exec $CONTAINER_NAME -- chmod 400 /root/.config/lxc/client.key -lxc exec $CONTAINER_NAME -- openssl req -new -x509 -nodes -sha1 -days 365 \ - -key /root/.config/lxc/client.key -out /root/.config/lxc/client.crt \ - -subj="/C=UK/ST=London/L=London/O=OrgName/OU=Test/CN=example.com" - -# create a default dir storage pool for bionic -lxc exec $CONTAINER_NAME -- lxc storage create default dir -lxc exec $CONTAINER_NAME -- lxc profile device add default root disk path=/ pool=default - -lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd -# NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so -# until we have pervasive support for that, we'll do this tar hack. -cd .. && tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd -lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" -lxc delete --force $CONTAINER_NAME From 4200d3416e73eb9f7ce52ef9c9dd7e6c78354e43 Mon Sep 17 00:00:00 2001 From: Alex Kavanagh Date: Fri, 21 Sep 2018 15:28:36 +0200 Subject: [PATCH 2/2] Rationalise lxd tests to call vm tests This rationalises the run-integration-tests-in-lxd to just set up the containers for lxd and then run the 'run-integration-tests' in the lxd container. As a bonus, we can run both bionic and xenial lxd containers and run the integration tests for both platforms. Signed-off-by: Alex Kavanagh --- ...on-tests-in-a-vm => run-integration-tests} | 0 integration/run-integration-tests-in-lxd | 66 ++++++------------- 2 files changed, 19 insertions(+), 47 deletions(-) rename integration/{run-integration-tests-in-a-vm => run-integration-tests} (100%) diff --git a/integration/run-integration-tests-in-a-vm b/integration/run-integration-tests similarity index 100% rename from integration/run-integration-tests-in-a-vm rename to integration/run-integration-tests diff --git a/integration/run-integration-tests-in-lxd b/integration/run-integration-tests-in-lxd index a92d64b6..b260aaa9 100755 --- a/integration/run-integration-tests-in-lxd +++ b/integration/run-integration-tests-in-lxd @@ -12,64 +12,36 @@ set -ex _dir="$( cd "$(dirname "${BASH_SOURCE[0]}" )" && pwd)" -_release=$(lsb_release -cs) -if [[ "${_release}" == "bionic" ]]; then - echo "Running Bionic (18:04) integration tests" - CONTAINER_IMAGE="ubuntu:18.04" +function _run_tests { + local _target=${1} CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` - # This creates a privileged container, because I was bumping into situations where it - # seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely - # a bug in LXD). - lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true - sleep 5 # Wait for the network to come up - lxc exec $CONTAINER_NAME -- apt-get update - lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential - - lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password - lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] - # force generation of client certificate to an address that doesn't work (http) - # generate an openssl certificate and key for the remote not verified test - lxc exec $CONTAINER_NAME -- mkdir -p /root/.config/lxc - openssl genrsa 1024 > ./$CONTAINER_NAME.key - lxc file push ./$CONTAINER_NAME.key $CONTAINER_NAME/root/.config/lxc/client.key - rm ./$CONTAINER_NAME.key - lxc exec $CONTAINER_NAME -- chmod 400 /root/.config/lxc/client.key - lxc exec $CONTAINER_NAME -- openssl req -new -x509 -nodes -sha1 -days 365 \ - -key /root/.config/lxc/client.key -out /root/.config/lxc/client.crt \ - -subj="/C=UK/ST=London/L=London/O=OrgName/OU=Test/CN=example.com" - - # create a default dir storage pool for bionic - lxc exec $CONTAINER_NAME -- lxc storage create default dir - lxc exec $CONTAINER_NAME -- lxc profile device add default root disk path=/ pool=default - - lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd - # NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so - # until we have pervasive support for that, we'll do this tar hack. - cd .. && tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd - lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" - lxc delete --force $CONTAINER_NAME -else - echo "Running Xenial (16:04) integration tests" - CONTAINER_IMAGE="ubuntu:16.04" - CONTAINER_NAME=pylxd-`uuidgen | cut -d"-" -f1` + if [[ "${_target}" == "bionic" ]]; then + echo "Running Bionic (18:04) integration tests" + CONTAINER_IMAGE="ubuntu:18.04" + else + echo "Running Xenial (16:04) integration tests" + CONTAINER_IMAGE="ubuntu:16.04" + fi # This creates a privileged container, because I was bumping into situations where it # seemed that we had maxed out user namespaces (I haven't checked it out, but it's likely # a bug in LXD). lxc launch $CONTAINER_IMAGE $CONTAINER_NAME -c security.nesting=true -c security.privileged=true sleep 5 # Wait for the network to come up - lxc exec $CONTAINER_NAME -- apt-get update - lxc exec $CONTAINER_NAME -- apt-get install -y tox python3-dev libssl-dev libffi-dev build-essential - - lxc exec $CONTAINER_NAME -- lxc config set core.trust_password password - lxc exec $CONTAINER_NAME -- lxc config set core.https_address [::] lxc exec $CONTAINER_NAME -- mkdir -p /opt/pylxd # NOTE: rockstar (13 Sep 2016) - --recursive is not supported in lxd <2.1, so # until we have pervasive support for that, we'll do this tar hack. - cd .. && tar cf - ../* ../.git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd - lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && tox -eintegration" + local ldir="${_dir}/.." + cd ${ldir} && tar cf - * .git | lxc exec $CONTAINER_NAME -- tar xf - -C /opt/pylxd + cd ${_dir} + lxc exec $CONTAINER_NAME -- /bin/sh -c "cd /opt/pylxd && integration/run-integration-tests" + lxc delete --force $CONTAINER_NAME -fi +} + +# run xenial and then bionic integration tests +_run_tests xenial +_run_tests bionic