Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tap plugin test #27737

Merged
merged 1 commit into from
Mar 1, 2023
Merged

Add tap plugin test #27737

merged 1 commit into from
Mar 1, 2023
+118 −2

Conversation

mlguerrero12
Copy link
Member

@mlguerrero12 mlguerrero12 commented Feb 20, 2023
edited
Loading

Test for the following PR:
containernetworking/plugins#832

Signed-off-by: Marcelo Guerrero Viveros marguerr@redhat.com

@mlguerrero12 mlguerrero12 changed the title Add tap test Add tap plugin test Feb 20, 2023
@openshift-ci openshift-ci bot requested review from dcbw and kevinrizza February 20, 2023 10:29
@openshift-ci openshift-ci bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Feb 20, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Feb 20, 2023

Hi @mlguerrero12. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

mmirecki
mmirecki reviewed Feb 20, 2023
View reviewed changes
test/extended/networking/tap.go Outdated
ns,
nadName,
fmt.Sprintf(`{"cniVersion":"0.4.0","name":"%s","type": "tap",
"selinuxcontext": "system_u:system_r:container_t:s0", "ipam": {}}`, nadName),
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe make a variable out of the config,move to line 25, and format it for better readability?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@mmirecki
Copy link

lgtm

@mmirecki
Copy link

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 21, 2023
@mmirecki
Copy link

/ok-to-test

@openshift-ci openshift-ci bot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 21, 2023
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Feb 22, 2023
@mlguerrero12 mlguerrero12 force-pushed the taptests branch 3 times, most recently from 67c2551 to 12114da Compare February 23, 2023 02:20
cgoncalves
cgoncalves reviewed Feb 23, 2023
View reviewed changes
test/extended/networking/tap.go Outdated
})

g.AfterEach(func() {
// Disable container_use_devices selinux boolean.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In BeforeEach, the tun module is loaded (if not already) but here it is not unloaded. Should it be?
I guess it depends if something else on the system is using it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is not loaded. The test always fails without it. I didn't unload it because it always complains that the module is in use even after removing the tap interface. So, I figured it is safe to leave it there.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should not be that hard to implement.
The BeforEach DS should mount a dir on the node, and note whether the bool has been set:
sh -c 'getsebool container_use_devices > /host/tmp/initial_state

and the AfterEach DS would then revert the value only if the content of this file is 0.

test/extended/networking/tap.go Outdated
g.AfterEach(func() {
// Disable container_use_devices selinux boolean.
_, err := exutil.ExecCommandOnMachineConfigDaemon(f.ClientSet, oc, worker, []string{
"sh", "-c", "nsenter --mount=/proc/1/ns/mnt -- sh -c 'setsebool container_use_devices 0'",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This SELinux boolean may have been already set as a dependency of some service/app on the host. Blindly disabling it might have unintended consequences. Perhaps check if it's already set (in BeforeEach) and only disable it (in AfterEach) if it was not.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test always fails without it. I know that it is a good practice to do what you're suggesting but I wonder if it is worth doing it in this case. No other tests modify selinux booleans.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a strong opinion here so either way is fine.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will it be wrong to leave it on just to see if it collides with other services/apps? This way, we would be able to detect what cannot be run together with the tap plugin.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done, let's see what we get

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cgoncalves, I decided to follow your suggestion. Please review again.

@cgoncalves
Copy link

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Feb 23, 2023
@openshift-ci openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Feb 23, 2023
@mlguerrero12
Copy link
Member Author

/retest

@mlguerrero12
Add tap plugin test
b461281 
Test for the following PR:
containernetworking/plugins#832

Signed-off-by: Marcelo Guerrero Viveros <marguerr@redhat.com>
@mlguerrero12
Copy link
Member Author

/retest

@mlguerrero12
Copy link
Member Author

/retest-required

@mlguerrero12
Copy link
Member Author

/retest

@mlguerrero12
Copy link
Member Author

@deads2k, @bparees, could you please review/approve this pr?

@bparees
Copy link
Contributor

bparees commented Feb 28, 2023

/approve

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 28, 2023
@cgoncalves
Copy link

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 1, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 1, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bparees, cgoncalves, mlguerrero12, mmirecki

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 1, 2023
edited
Loading

@mlguerrero12: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-gcp-ovn-etcd-scaling b461281 link false /test e2e-gcp-ovn-etcd-scaling
ci/prow/e2e-aws-ovn-upgrade b461281 link false /test e2e-aws-ovn-upgrade
ci/prow/e2e-azure-ovn-etcd-scaling b461281 link false /test e2e-azure-ovn-etcd-scaling
ci/prow/e2e-aws-ovn-single-node-upgrade b461281 link false /test e2e-aws-ovn-single-node-upgrade
ci/prow/e2e-vsphere-ovn-etcd-scaling b461281 link false /test e2e-vsphere-ovn-etcd-scaling

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@mlguerrero12
Copy link
Member Author

/retest-required

@openshift-merge-robot openshift-merge-robot merged commit 6d69467 into openshift:master Mar 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mmirecki mmirecki mmirecki left review comments

@cgoncalves cgoncalves cgoncalves approved these changes

@dcbw dcbw Awaiting requested review from dcbw

@kevinrizza kevinrizza Awaiting requested review from kevinrizza

Assignees

@cgoncalves cgoncalves

@mmirecki mmirecki

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mlguerrero12 @mmirecki @cgoncalves @bparees @openshift-merge-robot