diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index 5d1cebcced3..b6fde130b6a 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -258,11 +258,6 @@ jobs: test/nri/nri.test - run: scripts/github-actions-packages - run: scripts/github-actions-setup - - name: Switch to crun instead of runc - if: ${{ matrix.run.defaultRuntime == 'crun' }} - run: | - sudo ln -sf $(command -v crun) $(command -v runc) - runc --version - name: Run the test suite run: sudo -E test/test_runner.sh env: @@ -270,3 +265,4 @@ jobs: RUN_CRITEST: ${{ matrix.run.critest }} RUNTIME_TYPE: ${{ matrix.run.runtimeType }} TEST_USERNS: ${{ matrix.run.userns }} + CONTAINER_DEFAULT_RUNTIME: ${{ matrix.run.defaultRuntime }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f0c5082ba87..1c4b4fa5c2a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -231,6 +231,9 @@ jobs: run: | make mockgen -j $(nproc) hack/tree_status.sh + - name: spoof crun on arm64 + if: ${{ matrix.run.arch == "arm64" }} + run: cp $(which runc) /usr/bin/crun - name: Run unit tests as root if: ${{ matrix.run.type == 'root' }} run: | diff --git a/contrib/test/ci/build/cri-o.yml b/contrib/test/ci/build/cri-o.yml index 1d4e538123e..89f7f2fcc1a 100644 --- a/contrib/test/ci/build/cri-o.yml +++ b/contrib/test/ci/build/cri-o.yml @@ -65,15 +65,15 @@ target: install chdir: "{{ ansible_env.GOPATH }}/src/github.com/cri-o/cri-o" -- name: use crun +- name: use runc copy: - dest: /etc/crio/crio.conf.d/01-crun.conf + dest: /etc/crio/crio.conf.d/01-runc.conf content: | [crio.runtime] - default_runtime = "crun" - [crio.runtime.runtimes.crun] - runtime_root = "/run/crun" - when: "build_crun | default(False) | bool" + default_runtime = "runc" + [crio.runtime.runtimes.runc] + runtime_root = "/run/runc" + when: "build_runc | default(False) | bool" - name: use conmon-rs copy: diff --git a/contrib/test/ci/e2e-base.yml b/contrib/test/ci/e2e-base.yml index 11e921268cb..c2eb05ed968 100644 --- a/contrib/test/ci/e2e-base.yml +++ b/contrib/test/ci/e2e-base.yml @@ -7,13 +7,13 @@ become: yes blockinfile: path: /etc/crio/crio.conf - insertbefore: .*crio.runtime.runtimes.runc.* + insertbefore: .*crio.runtime.runtimes.crun.* backup: yes block: | [crio.runtime.runtimes.test-handler] - runtime_path = "/usr/bin/runc" + runtime_path = "/usr/bin/crun" runtime_type = "oci" - runtime_root = "/run/runc" + runtime_root = "/run/crun" - name: create ssh keys shell: ssh-keygen -b 2048 -t rsa -f "{{ ssh_location }}" -q -N "" diff --git a/contrib/test/ci/vars.yml b/contrib/test/ci/vars.yml index 4030d367f1b..31cfc785290 100644 --- a/contrib/test/ci/vars.yml +++ b/contrib/test/ci/vars.yml @@ -5,8 +5,8 @@ e2e_selinux_enabled: False node_e2e_selinux_enabled: False manage_ns_lifecycle: True -build_runc: True -build_crun: False +build_runc: False +build_crun: True build_kata: False cgroupv2: False use_conmonrs: "{{ USE_CONMONRS | default(False) | bool }}" @@ -149,11 +149,6 @@ kata_skip_image_tests: - 'test "image pull and list by manifest list tag"' - 'test "image pull and list by manifest list and individual digest"' - 'test "image pull and list by individual and manifest list digest"' - - 'test "run container with memory_limit_in_bytes -1"' - - 'test "run container with memory_limit_in_bytes 12.5MiB"' - - 'test "run container with container_min_memory 17.5MiB"' - - 'test "run container with container_min_memory 5.5MiB"' - - 'test "run container with empty container_min_memory"' kata_skip_namespaces_tests: - 'test "pid namespace mode target test"' kata_skip_network_tests: @@ -169,6 +164,11 @@ kata_skip_pod_tests: - 'test "systemd cgroup_parent correctly set"' - 'test "kubernetes pod terminationGracePeriod passthru"' - 'test "disable crypto.fips_enabled when FIPS_DISABLE is set"' + - 'test "run container with memory_limit_in_bytes -1"' + - 'test "run container with memory_limit_in_bytes 12.5MiB"' + - 'test "run container with container_min_memory 17.5MiB"' + - 'test "run container with container_min_memory 5.5MiB"' + - 'test "run container with empty container_min_memory"' kata_skip_seccomp_oci_artifacts_tests: - 'test "seccomp OCI artifact with pod annotation"' - 'test "seccomp OCI artifact with container annotation"' diff --git a/docs/crio.8.md b/docs/crio.8.md index 90051232648..938c321fb6a 100644 --- a/docs/crio.8.md +++ b/docs/crio.8.md @@ -224,7 +224,7 @@ crio [GLOBAL OPTIONS] command [COMMAND OPTIONS] [ARGUMENTS...] **--default-mounts-file**="": Path to default mounts file. -**--default-runtime**="": Default OCI runtime from the runtimes config. (default: "runc") +**--default-runtime**="": Default OCI runtime from the runtimes config. (default: "crun") **--default-sysctls**="": Sysctls to add to the containers. diff --git a/docs/crio.conf.5.md b/docs/crio.conf.5.md index 0d78f3fc71d..068e5be6e92 100644 --- a/docs/crio.conf.5.md +++ b/docs/crio.conf.5.md @@ -113,7 +113,7 @@ Maximum grpc receive message size. If not set or <= 0, then CRI-O will default t The `crio.runtime` table contains settings pertaining to the OCI runtime used and options for how to set up and manage the OCI runtime. -**default_runtime**="runc" +**default_runtime**="crun" The _name_ of the OCI runtime to be used as the default. This option supports live configuration reload. **default_ulimits**=[] diff --git a/internal/lib/checkpoint_test.go b/internal/lib/checkpoint_test.go index 87e00943e0a..2617453d8ce 100644 --- a/internal/lib/checkpoint_test.go +++ b/internal/lib/checkpoint_test.go @@ -22,9 +22,11 @@ import ( var _ = t.Describe("ContainerCheckpoint", func() { // Prepare the sut BeforeEach(func() { + // setup a config with runc, used for checkpoint/restore tests + // as crun doesn't yet support restore. beforeEach() createDummyConfig() - mockRuncInLibConfig() + mockCrunInLibConfig() if err := criu.CheckForCriu(criu.PodCriuVersion); err != nil { Skip("Check CRIU: " + err.Error()) } @@ -90,7 +92,7 @@ var _ = t.Describe("ContainerCheckpoint", func() { t.Describe("ContainerCheckpoint", func() { It("should fail because runtime failure (/bin/false)", func() { // Given - mockRuncToFalseInLibConfig() + mockCrunToFalseInLibConfig() addContainerAndSandbox() config := &metadata.ContainerConfig{ diff --git a/internal/lib/restore_test.go b/internal/lib/restore_test.go index 01784ef636e..65ee35fec55 100644 --- a/internal/lib/restore_test.go +++ b/internal/lib/restore_test.go @@ -27,9 +27,11 @@ import ( var _ = t.Describe("ContainerRestore", func() { // Prepare the sut BeforeEach(func() { + // setup a config with runc, used for checkpoint/restore tests + // as crun doesn't yet support restore. beforeEach() createDummyConfig() - mockRuncInLibConfigCheckpoint() + mockCrunInLibConfigCheckpoint() if err := criu.CheckForCriu(criu.PodCriuVersion); err != nil { Skip("Check CRIU: " + err.Error()) } diff --git a/internal/lib/suite_test.go b/internal/lib/suite_test.go index 57be8195ba7..35ab28d3463 100644 --- a/internal/lib/suite_test.go +++ b/internal/lib/suite_test.go @@ -196,22 +196,22 @@ func createDummyConfig() { Expect(os.WriteFile("config.json", []byte(`{"linux":{},"process":{}}`), 0o644)).To(Succeed()) } -func mockRuncInLibConfig() { - config.Runtimes["runc"] = &libconfig.RuntimeHandler{ +func mockCrunInLibConfig() { + config.Runtimes["crun"] = &libconfig.RuntimeHandler{ RuntimePath: "/bin/echo", } } -func mockRuncInLibConfigCheckpoint() { +func mockCrunInLibConfigCheckpoint() { Expect(os.WriteFile("/tmp/fake-runtime", []byte("#!/bin/bash\n\necho flag needs an argument\nexit 0\n"), 0o755)).To(Succeed()) - config.Runtimes["runc"] = &libconfig.RuntimeHandler{ + config.Runtimes["crun"] = &libconfig.RuntimeHandler{ RuntimePath: "/tmp/fake-runtime", MonitorPath: "/bin/true", } } -func mockRuncToFalseInLibConfig() { - config.Runtimes["runc"] = &libconfig.RuntimeHandler{ +func mockCrunToFalseInLibConfig() { + config.Runtimes["crun"] = &libconfig.RuntimeHandler{ RuntimePath: "/bin/false", } } diff --git a/internal/oci/runtime_oci.go b/internal/oci/runtime_oci.go index 9cfafc2579a..3cbf0ced210 100644 --- a/internal/oci/runtime_oci.go +++ b/internal/oci/runtime_oci.go @@ -965,8 +965,9 @@ killContainer: if _, err := r.runtimeCmd("kill", c.ID(), "KILL"); err != nil { if !errors.Is(err, ErrNotFound) { log.Errorf(ctx, "Killing container %v failed: %v", c.ID(), err) + } else { + log.Debugf(ctx, "Error while killing container %s: %v", c.ID(), err) } - log.Debugf(ctx, "Error while killing container %s: %v", c.ID(), err) } if err := c.Living(); err != nil { @@ -995,6 +996,9 @@ func (r *runtimeOCI) DeleteContainer(ctx context.Context, c *Container) error { } _, err := r.runtimeCmd("delete", "--force", c.ID()) + if errors.Is(err, ErrNotFound) { + return nil + } return err } diff --git a/pkg/config/config.go b/pkg/config/config.go index 9759cdb8074..d4c2c45e006 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -53,17 +53,20 @@ import ( // Defaults if none are specified. const ( - defaultGRPCMaxMsgSize = 80 * 1024 * 1024 - defaultContainerMinMemory = 12 * 1024 * 1024 // 12 MiB - OCIBufSize = 8192 - RuntimeTypeVM = "vm" - RuntimeTypePod = "pod" - defaultCtrStopTimeout = 30 // seconds - defaultNamespacesDir = "/var/run" - RuntimeTypeVMBinaryPattern = "containerd-shim-([a-zA-Z0-9\\-\\+])+-v2" - tasksetBinary = "taskset" - MonitorExecCgroupDefault = "" - MonitorExecCgroupContainer = "container" + defaultGRPCMaxMsgSize = 80 * 1024 * 1024 + // default minimum memory for all other runtimes. + defaultContainerMinMemory = 12 * 1024 * 1024 // 12 MiB + // minimum memory for crun, the default runtime. + defaultContainerMinMemoryCrun = 500 * 1024 // 500 KiB + OCIBufSize = 8192 + RuntimeTypeVM = "vm" + RuntimeTypePod = "pod" + defaultCtrStopTimeout = 30 // seconds + defaultNamespacesDir = "/var/run" + RuntimeTypeVMBinaryPattern = "containerd-shim-([a-zA-Z0-9\\-\\+])+-v2" + tasksetBinary = "taskset" + MonitorExecCgroupDefault = "" + MonitorExecCgroupContainer = "container" ) // Config represents the entire set of configuration values that can be set for @@ -1252,9 +1255,9 @@ func (c *RuntimeConfig) ValidateDefaultRuntime() error { return fmt.Errorf("default_runtime set to %q, but no runtime entry table [crio.runtime.runtimes.%s] was found", c.DefaultRuntime, c.DefaultRuntime) } - // Set the default runtime to "runc" if default_runtime is not set + // Set the default runtime to "crun" if default_runtime is not set logrus.Debugf("Defaulting to %q as the runtime since default_runtime is not set", defaultRuntime) - // The default config sets runc and its path in the runtimes map, so check for that + // The default config sets crun and its path in the runtimes map, so check for that // first. If it does not exist then we add runc + its path to the runtimes map. if _, ok := c.Runtimes[defaultRuntime]; !ok { c.Runtimes[defaultRuntime] = defaultRuntimeHandler() @@ -1276,7 +1279,7 @@ func defaultRuntimeHandler() *RuntimeHandler { MonitorEnv: []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", }, - ContainerMinMemory: units.BytesSize(defaultContainerMinMemory), + ContainerMinMemory: units.BytesSize(defaultContainerMinMemoryCrun), MonitorCgroup: defaultMonitorCgroup, } } @@ -1316,15 +1319,6 @@ func (c *RuntimeConfig) initializeRuntimeFeatures() { versionString := strings.ReplaceAll(strings.TrimSpace(string(versionOutput)), "\n", ", ") logrus.Infof("Using runtime handler %s", versionString) - memoryBytes, err := handler.SetContainerMinMemory() - if err != nil { - logrus.Errorf( - "Unable to set minimum container memory for runtime handler %q: %v; default value of %q will be used", - name, err, units.BytesSize(float64(memoryBytes)), - ) - } - logrus.Debugf("Runtime handler %q container minimum memory set to %d bytes", name, memoryBytes) - // If this returns an error, we just ignore it and assume the features sub-command is // not supported by the runtime. output, err := cmdrunner.CombinedOutput(handler.RuntimePath, "features") @@ -1581,6 +1575,10 @@ func (r *RuntimeHandler) Validate(name string) error { if err := r.ValidateRuntimeAllowedAnnotations(); err != nil { return err } + if err := r.ValidateContainerMinMemory(name); err != nil { + logrus.Errorf("Unable to set minimum container memory for runtime handler %q: %v", name, err) + } + return r.ValidateNoSyncLog() } @@ -1675,22 +1673,22 @@ func (r *RuntimeHandler) ValidateNoSyncLog() error { return fmt.Errorf("no_sync_log is only allowed with runtime type 'oci', runtime type is '%s'", r.RuntimeType) } -// SetContainerMinMemory sets the minimum container memory for a given runtime. +// ValidateContainerMinMemory sets the minimum container memory for a given runtime. // assigns defaultContainerMinMemory if no container_min_memory provided. -func (r *RuntimeHandler) SetContainerMinMemory() (int64, error) { +func (r *RuntimeHandler) ValidateContainerMinMemory(name string) error { if r.ContainerMinMemory == "" { r.ContainerMinMemory = units.BytesSize(defaultContainerMinMemory) } - memoryBytes, err := units.RAMInBytes(r.ContainerMinMemory) + memorySize, err := units.RAMInBytes(r.ContainerMinMemory) if err != nil { - err = fmt.Errorf("unable to set runtime memory to %q: %w", r.ContainerMinMemory, err) + err = fmt.Errorf("unable to set runtime memory to %q: %w. Setting to %q instead", r.ContainerMinMemory, err, defaultContainerMinMemory) // Fallback to default value if something is wrong with the configured value. r.ContainerMinMemory = units.BytesSize(defaultContainerMinMemory) - return int64(defaultContainerMinMemory), err + return err } - - return memoryBytes, nil + logrus.Debugf("Runtime handler %q container minimum memory set to %d bytes", name, memorySize) + return nil } // LoadRuntimeFeatures loads features for a given runtime handler using the "features" diff --git a/pkg/config/config_linux.go b/pkg/config/config_linux.go index eb204d6dfae..17d413ad89e 100644 --- a/pkg/config/config_linux.go +++ b/pkg/config/config_linux.go @@ -14,9 +14,9 @@ import ( // Defaults if none are specified. const ( - defaultRuntime = "runc" + defaultRuntime = "crun" DefaultRuntimeType = "oci" - DefaultRuntimeRoot = "/run/runc" + DefaultRuntimeRoot = "/run/crun" defaultMonitorCgroup = "system.slice" // ImageVolumesBind option is for using bind mounted volumes. ImageVolumesBind ImageVolumesType = "bind" diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 90bcc05fecb..5194d0396c3 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -26,7 +26,8 @@ var _ = t.Describe("Config", func() { BeforeEach(beforeEach) runtimeValidConfig := func() *config.Config { - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.DefaultRuntime = "crun" + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, RuntimeType: config.DefaultRuntimeType, ContainerMinMemory: "12MiB", } sut.PinnsPath = validFilePath @@ -107,7 +108,7 @@ var _ = t.Describe("Config", func() { It("should fail with invalid network config", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: validDirPath} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: validDirPath} sut.Conmon = validConmonPath() sut.NetworkConfig.NetworkDir = invalidPath @@ -224,7 +225,7 @@ var _ = t.Describe("Config", func() { It("should succeed with hooks directories", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, RuntimeType: config.DefaultRuntimeType, } @@ -243,7 +244,7 @@ var _ = t.Describe("Config", func() { It("should sort out invalid hooks directories", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: validFilePath} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: validFilePath} sut.Conmon = validConmonPath() sut.PinnsPath = validFilePath sut.NamespacesDir = os.TempDir() @@ -259,7 +260,7 @@ var _ = t.Describe("Config", func() { It("should create non-existent hooks directory", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: validFilePath} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: validFilePath} sut.Conmon = validConmonPath() sut.PinnsPath = validFilePath sut.NamespacesDir = os.TempDir() @@ -275,7 +276,7 @@ var _ = t.Describe("Config", func() { It("should fail on invalid conmon path", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: validFilePath} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: validFilePath} sut.Conmon = invalidPath sut.HooksDir = []string{validDirPath} @@ -299,7 +300,7 @@ var _ = t.Describe("Config", func() { It("should inherit default value if invalid runtime container minimum memory limit is set", func() { // Given - sut.Runtimes["runc"].ContainerMinMemory = "123invalid" + sut.Runtimes["crun"].ContainerMinMemory = "123invalid" // When err := sut.RuntimeConfig.Validate(nil, false) @@ -376,7 +377,7 @@ var _ = t.Describe("Config", func() { It("should fail on non existing runtime binary", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: "not-existing"} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: "not-existing"} // When err := sut.RuntimeConfig.Validate(nil, true) @@ -405,7 +406,7 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) - Expect(sut.DefaultRuntime).To(Equal("runc")) + Expect(sut.DefaultRuntime).To(Equal("crun")) }) It("should succeed without Runtimes and DefaultRuntime set", func() { @@ -418,7 +419,7 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) - Expect(sut.DefaultRuntime).To(Equal("runc")) + Expect(sut.DefaultRuntime).To(Equal("crun")) }) It("should fail on invalid default_sysctls", func() { @@ -593,7 +594,7 @@ var _ = t.Describe("Config", func() { It("should succeed with empty runtime_type", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, } @@ -619,6 +620,7 @@ var _ = t.Describe("Config", func() { It("should not fail if non-default executable not in $PATH", func() { // Given sut.Runtimes[invalidPath] = &config.RuntimeHandler{RuntimePath: ""} + // arm64 doesn't have "crun" available yet, so we use runc here to not fail the $PATH check sut.DefaultRuntime = "runc" // When @@ -630,7 +632,7 @@ var _ = t.Describe("Config", func() { It("should fail with wrong but set runtime_path", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{RuntimePath: invalidPath} + sut.Runtimes["crun"] = &config.RuntimeHandler{RuntimePath: invalidPath} // When err := sut.RuntimeConfig.ValidateRuntimes() @@ -641,7 +643,7 @@ var _ = t.Describe("Config", func() { It("should fail with wrong runtime_type", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, RuntimeType: "wrong", } @@ -655,7 +657,7 @@ var _ = t.Describe("Config", func() { It("should fail with wrong allowed_annotation", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, AllowedAnnotations: []string{"wrong"}, } @@ -668,7 +670,7 @@ var _ = t.Describe("Config", func() { }) It("should have allowed and disallowed annotation", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, AllowedAnnotations: []string{crioann.DevicesAnnotation}, } @@ -678,33 +680,33 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) - Expect(sut.Runtimes["runc"].AllowedAnnotations).To(ContainElement(crioann.DevicesAnnotation)) - Expect(sut.Runtimes["runc"].DisallowedAnnotations).NotTo(ContainElement(crioann.DevicesAnnotation)) + Expect(sut.Runtimes["crun"].AllowedAnnotations).To(ContainElement(crioann.DevicesAnnotation)) + Expect(sut.Runtimes["crun"].DisallowedAnnotations).NotTo(ContainElement(crioann.DevicesAnnotation)) }) It("should allow no_sync_log for implicit default runtime", func() { - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, } - sut.Runtimes["runc"].NoSyncLog = true + sut.Runtimes["crun"].NoSyncLog = true - err := sut.Runtimes["runc"].Validate("runc") + err := sut.Runtimes["crun"].Validate("crun") Expect(err).ToNot(HaveOccurred()) - Expect(sut.Runtimes["runc"].NoSyncLog).To(BeTrue()) + Expect(sut.Runtimes["crun"].NoSyncLog).To(BeTrue()) }) It("should allow no_sync_log for the 'oci' runtime", func() { - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: validFilePath, RuntimeType: "oci", } - sut.Runtimes["runc"].NoSyncLog = true + sut.Runtimes["crun"].NoSyncLog = true - err := sut.Runtimes["runc"].Validate("runc") + err := sut.Runtimes["crun"].Validate("crun") Expect(err).ToNot(HaveOccurred()) - Expect(sut.Runtimes["runc"].NoSyncLog).To(BeTrue()) + Expect(sut.Runtimes["crun"].NoSyncLog).To(BeTrue()) }) It("should disallow no_sync_log for the 'vm' runtime", func() { @@ -1033,6 +1035,9 @@ var _ = t.Describe("Config", func() { sut.RootConfig.StorageOptions = make([]string, 0) // this must be set in case pinns isn't downloaded to the $PATH sut.RuntimeConfig.PinnsPath = alwaysPresentPath + sut.Runtimes["crun"] = &config.RuntimeHandler{ + RuntimePath: validFilePath, RuntimeType: config.DefaultRuntimeType, + } // When err = sut.Validate(true) @@ -1058,6 +1063,9 @@ var _ = t.Describe("Config", func() { sut.RootConfig.Root = alwaysPresentPath // this must be set in case pinns isn't downloaded to the $PATH sut.RuntimeConfig.PinnsPath = alwaysPresentPath + sut.Runtimes["crun"] = &config.RuntimeHandler{ + RuntimePath: validFilePath, RuntimeType: config.DefaultRuntimeType, + } // When err = sut.Validate(true) @@ -1113,7 +1121,7 @@ var _ = t.Describe("Config", func() { Expect(err).ToNot(HaveOccurred()) Expect(sut.Storage).To(Equal("overlay2")) Expect(sut.Runtimes).To(HaveLen(1)) - Expect(sut.Runtimes).To(HaveKey("runc")) + Expect(sut.Runtimes).To(HaveKey("crun")) Expect(sut.PidsLimit).To(BeEquivalentTo(2048)) }) @@ -1242,7 +1250,7 @@ var _ = t.Describe("Config", func() { // Given f := t.MustTempFile("config") Expect(os.WriteFile(f, - []byte("[crio.runtime.runtimes.crun]"), 0), + []byte("[crio.runtime.runtimes.runc]"), 0), ).To(Succeed()) // When @@ -1251,7 +1259,7 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) Expect(sut.Runtimes).To(HaveLen(2)) - Expect(sut.Runtimes).To(HaveKey("crun")) + Expect(sut.Runtimes).To(HaveKey("runc")) }) It("should succeed with additional runtime", func() { @@ -1270,8 +1278,8 @@ var _ = t.Describe("Config", func() { // Then Expect(err).ToNot(HaveOccurred()) Expect(sut.Runtimes).To(HaveLen(2)) - Expect(sut.Runtimes).To(HaveKey("crun")) Expect(sut.Runtimes).To(HaveKey("runc")) + Expect(sut.Runtimes).To(HaveKey("crun")) }) It("should fail when file does not exist", func() { @@ -1422,12 +1430,12 @@ var _ = t.Describe("Config", func() { t.Describe("ValidateRuntimeConfigPath", func() { It("should fail with OCI runtime type when runtime_config_path is used", func() { // Given - sut.Runtimes["runc"] = &config.RuntimeHandler{ + sut.Runtimes["crun"] = &config.RuntimeHandler{ RuntimeConfigPath: validFilePath, RuntimeType: config.DefaultRuntimeType, } // When - err := sut.Runtimes["runc"].ValidateRuntimeConfigPath("runc") + err := sut.Runtimes["crun"].ValidateRuntimeConfigPath("crun") // Then Expect(err).To(HaveOccurred()) diff --git a/pkg/config/reload_test.go b/pkg/config/reload_test.go index 8c1a77c72ae..da8330d3fde 100644 --- a/pkg/config/reload_test.go +++ b/pkg/config/reload_test.go @@ -345,7 +345,7 @@ var _ = t.Describe("Config", func() { t.Describe("ReloadRuntimes", func() { var existingRuntimePath string BeforeEach(func() { - existingRuntimePath = t.MustTempFile("runc") + existingRuntimePath = t.MustTempFile("crun") }) It("should succeed without any config change", func() { @@ -378,6 +378,8 @@ var _ = t.Describe("Config", func() { newConfig := &config.Config{} newConfig.Runtimes = make(config.Runtimes) newConfig.Runtimes["new"] = newRuntimeHandler + // spoof crun so we don't fail on arm (which doesn't have crun OOTB) + newConfig.Runtimes["crun"] = newRuntimeHandler // When err := sut.ReloadRuntimes(newConfig) @@ -389,12 +391,15 @@ var _ = t.Describe("Config", func() { It("should change the default runtime", func() { // Given - sut.Runtimes["existing"] = &config.RuntimeHandler{ + newRuntimeHandler := &config.RuntimeHandler{ RuntimePath: existingRuntimePath, } + sut.Runtimes["existing"] = newRuntimeHandler newConfig := &config.Config{} newConfig.Runtimes = sut.Runtimes newConfig.DefaultRuntime = "existing" + // spoof crun so we don't fail on arm (which doesn't have crun OOTB) + newConfig.Runtimes["crun"] = newRuntimeHandler // When err := sut.ReloadRuntimes(newConfig) @@ -410,6 +415,8 @@ var _ = t.Describe("Config", func() { RuntimePath: existingRuntimePath, } sut.Runtimes["existing"] = existingRuntime + // spoof crun so we don't fail on arm (which doesn't have crun OOTB) + sut.Runtimes["crun"] = existingRuntime newRuntime := &config.RuntimeHandler{ RuntimePath: existingRuntimePath, @@ -418,6 +425,7 @@ var _ = t.Describe("Config", func() { newConfig := &config.Config{} newConfig.Runtimes = make(config.Runtimes) newConfig.Runtimes["existing"] = newRuntime + newConfig.Runtimes["crun"] = existingRuntime // When err := sut.ReloadRuntimes(newConfig) diff --git a/server/container_checkpoint_test.go b/server/container_checkpoint_test.go index 28b624e1a4a..79a5481e4d3 100644 --- a/server/container_checkpoint_test.go +++ b/server/container_checkpoint_test.go @@ -18,7 +18,7 @@ var _ = t.Describe("ContainerCheckpoint", func() { BeforeEach(func() { beforeEach() createDummyConfig() - mockRuncInLibConfig() + mockCrunInLibConfig() if err := criu.CheckForCriu(criu.PodCriuVersion); err != nil { Skip("Check CRIU: " + err.Error()) } @@ -77,7 +77,7 @@ var _ = t.Describe("ContainerCheckpoint with CheckpointRestore set to false", fu BeforeEach(func() { beforeEach() createDummyConfig() - mockRuncInLibConfig() + mockCrunInLibConfig() serverConfig.SetCheckpointRestore(false) setupSUT() }) diff --git a/server/container_remove_test.go b/server/container_remove_test.go index 987fde38362..e793623542b 100644 --- a/server/container_remove_test.go +++ b/server/container_remove_test.go @@ -17,7 +17,7 @@ var _ = t.Describe("ContainerRemove", func() { // Prepare the sut BeforeEach(func() { beforeEach() - mockRuncInLibConfig() + mockCrunInLibConfig() setupSUT() }) diff --git a/server/container_restore_test.go b/server/container_restore_test.go index 80cef6ab5cc..a8d03ed7ed6 100644 --- a/server/container_restore_test.go +++ b/server/container_restore_test.go @@ -32,7 +32,7 @@ var _ = t.Describe("ContainerRestore", func() { } beforeEach() createDummyConfig() - mockRuncInLibConfig() + mockCrunInLibConfig() serverConfig.SetCheckpointRestore(true) setupSUT() }) diff --git a/server/container_update_resources_test.go b/server/container_update_resources_test.go index 59b4c0c1438..0585c3867ff 100644 --- a/server/container_update_resources_test.go +++ b/server/container_update_resources_test.go @@ -18,7 +18,7 @@ var _ = t.Describe("UpdateContainerResources", func() { // Prepare the sut BeforeEach(func() { beforeEach() - mockRuncInLibConfig() + mockCrunInLibConfig() setupSUT() }) It("should succeed", func() { @@ -124,7 +124,7 @@ var _ = t.Describe("UpdateContainerResources", func() { BeforeEach(func() { beforeEach() serverConfig.NRI.Enabled = true - mockRuncInLibConfig() + mockCrunInLibConfig() setupSUT() }) It("should succeed", func() { diff --git a/server/inspect_ginkgo_test.go b/server/inspect_ginkgo_test.go index f9d4a5834fc..b56b67360fc 100644 --- a/server/inspect_ginkgo_test.go +++ b/server/inspect_ginkgo_test.go @@ -22,7 +22,7 @@ var _ = t.Describe("Inspect", func() { // Prepare the sut BeforeEach(func() { beforeEach() - mockRuncInLibConfig() + mockCrunInLibConfig() setupSUT() recorder = httptest.NewRecorder() diff --git a/server/suite_test.go b/server/suite_test.go index 8ad17207e40..9c3d568920b 100644 --- a/server/suite_test.go +++ b/server/suite_test.go @@ -240,10 +240,10 @@ func createDummyConfig() { Expect(os.WriteFile("config.json", []byte(`{"linux":{},"process":{}}`), 0o644)).To(Succeed()) } -func mockRuncInLibConfig() { +func mockCrunInLibConfig() { echo, err := exec.LookPath("echo") Expect(err).ToNot(HaveOccurred()) - serverConfig.Runtimes["runc"] = &config.RuntimeHandler{ + serverConfig.Runtimes["crun"] = &config.RuntimeHandler{ RuntimePath: echo, } } diff --git a/test/README.md b/test/README.md index d9e73a1e629..121b7bfbf15 100644 --- a/test/README.md +++ b/test/README.md @@ -66,14 +66,14 @@ sudo bats test #### Runtime selection -Tests on the host will run with `runc` as the default runtime. +Tests on the host will run with `crun` as the default runtime. However you can select other OCI compatible runtimes by setting the `RUNTIME` environment variable. -For example, to use [crun](https://github.com/containers/crun) instead of `runc`: +For example, to use [runc](https://github.com/opencontainers/runc) instead of `crun`: ```shell -make CONTAINER_DEFAULT_RUNTIME=crun localintegration +make CONTAINER_DEFAULT_RUNTIME=runc localintegration ``` If you'd like to run the tests with a runtime of a different type, you need to diff --git a/test/common.sh b/test/common.sh index 39e226cc8d3..7c42f22e585 100644 --- a/test/common.sh +++ b/test/common.sh @@ -42,7 +42,7 @@ else CONTAINER_CNI_PLUGIN_DIR=${CONTAINER_CNI_PLUGIN_DIR:-/opt/cni/bin} fi # Runtime -CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc} +CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-crun} RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME") RUNTIME_TYPE=${RUNTIME_TYPE:-oci} PRIVILEGED_WITHOUT_HOST_DEVICES=${PRIVILEGED_WITHOUT_HOST_DEVICES:-} diff --git a/test/config.bats b/test/config.bats index c9a6b83a556..3d834317bad 100644 --- a/test/config.bats +++ b/test/config.bats @@ -56,10 +56,10 @@ function teardown() { # when unset CONTAINER_RUNTIMES unset CONTAINER_DEFAULT_RUNTIME - RES=$("$CRIO_BINARY_PATH" -c "$TESTDATA"/50-crun-default.conf -d "" config 2>&1) + RES=$("$CRIO_BINARY_PATH" -c "$TESTDATA"/50-runc-default.conf -d "" config 2>&1) # then - [[ "$RES" == *"default_runtime = \"crun\""* ]] + [[ "$RES" == *"default_runtime = \"runc\""* ]] [[ "$RES" == *"crio.runtime.runtimes.runc"* ]] [[ "$RES" == *"crio.runtime.runtimes.crun"* ]] } @@ -70,16 +70,16 @@ function teardown() { unset CONTAINER_DEFAULT_RUNTIME cat << EOF > "$TESTDIR"/50-runc-new-path.conf [crio.runtime] -default_runtime = "crun" -[crio.runtime.runtimes.runc] -runtime_path = "/not/there" +default_runtime = "runc" [crio.runtime.runtimes.crun] -runtime_path="/usr/bin/crun" +runtime_path = "/not/there" +[crio.runtime.runtimes.runc] +runtime_path="/usr/bin/runc" EOF RES=$("$CRIO_BINARY_PATH" -c "$TESTDIR"/50-runc-new-path.conf -d "" config 2>&1) # then - [[ "$RES" == *"default_runtime = \"crun\""* ]] + [[ "$RES" == *"default_runtime = \"runc\""* ]] [[ "$RES" == *"crio.runtime.runtimes.runc"* ]] [[ "$RES" == *"crio.runtime.runtimes.crun"* ]] } @@ -87,10 +87,10 @@ EOF @test "retain default runtime should succeed" { unset CONTAINER_DEFAULT_RUNTIME # when - RES=$("$CRIO_BINARY_PATH" -c "$TESTDATA"/50-crun.conf -d "" config 2>&1) + RES=$("$CRIO_BINARY_PATH" -c "$TESTDATA"/50-runc.conf -d "" config 2>&1) # then - [[ "$RES" != *"default_runtime = \"crun\""* ]] + [[ "$RES" != *"default_runtime = \"runc\""* ]] [[ "$RES" == *"crio.runtime.runtimes.runc"* ]] [[ "$RES" == *"crio.runtime.runtimes.crun"* ]] } diff --git a/test/image.bats b/test/image.bats index e72fe74c212..db06f9d1202 100644 --- a/test/image.bats +++ b/test/image.bats @@ -9,7 +9,8 @@ SIGNED_IMAGE=registry.access.redhat.com/rhel7-atomic:latest IMAGE_LIST_TAG=quay.io/crio/alpine:3.9 IMAGE_LIST_DIGEST_FOR_TAG=quay.io/crio/alpine@sha256:414e0518bb9228d35e4cd5165567fb91d26c6a214e9c95899e1e056fcd349011 IMAGE_LIST_DIGEST_FOR_TAG_AMD64=quay.io/crio/alpine@sha256:65b3a80ebe7471beecbc090c5b2cdd0aafeaefa0715f8f12e40dc918a3a70e32 -IMAGE_LIST_DIGEST_FOR_TAG_ARM64=quay.io/crio/alpine@sha256:f920ccc826134587fffcf1ddc6b2a554947e0f1a5ae5264bbf3435da5b2e8e61 +# Currently unused +# IMAGE_LIST_DIGEST_FOR_TAG_ARM64=quay.io/crio/alpine@sha256:f920ccc826134587fffcf1ddc6b2a554947e0f1a5ae5264bbf3435da5b2e8e61 IMAGE_LIST_DIGEST_AMD64=quay.io/crio/alpine@sha256:65b3a80ebe7471beecbc090c5b2cdd0aafeaefa0715f8f12e40dc918a3a70e32 IMAGE_LIST_DIGEST=quay.io/crio/alpine@sha256:414e0518bb9228d35e4cd5165567fb91d26c6a214e9c95899e1e056fcd349011 @@ -368,151 +369,3 @@ EOF expected_output=$(date -d "@$datestr" +"%a %b %e %H:%M:%S %Z %Y") [[ "$output" == *"$expected_output"* ]] } - -@test "run container with memory_limit_in_bytes -1" { - cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" -[crio.runtime] -default_runtime = "mem" -[crio.runtime.runtimes.mem] -runtime_path = "$RUNTIME_BINARY_PATH" -EOF - start_crio - - case $ARCH in - x86_64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - ;; - aarch64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - ;; - esac - - jq --arg image "$IMAGE" '.metadata.name = "memory" - | .command = ["/bin/sh", "-c", "sleep 600"] - | .linux.resources.memory_limit_in_bytes = -1 - | .image.image = $image' \ - "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json - - run ! crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json -} - -@test "run container with memory_limit_in_bytes 12.5MiB" { - cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" -[crio.runtime] -default_runtime = "mem" -[crio.runtime.runtimes.mem] -runtime_path = "$RUNTIME_BINARY_PATH" -container_min_memory = "7.5MiB" -EOF - start_crio - - case $ARCH in - x86_64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - ;; - aarch64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - ;; - esac - - jq --arg image "$IMAGE" '.metadata.name = "memory" - | .command = ["/bin/sh", "-c", "sleep 600"] - | .linux.resources.memory_limit_in_bytes = 12582912 - | .image.image = $image' \ - "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json - - crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json -} - -@test "run container with container_min_memory 17.5MiB" { - cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" -[crio.runtime] -default_runtime = "mem" -[crio.runtime.runtimes.mem] -runtime_path = "$RUNTIME_BINARY_PATH" -container_min_memory = "17.5MiB" -EOF - start_crio - - case $ARCH in - x86_64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - ;; - aarch64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - ;; - esac - - jq --arg image "$IMAGE" '.metadata.name = "memory" - | .command = ["/bin/sh", "-c", "sleep 600"] - | .linux.resources.memory_limit_in_bytes = 12582912 - | .image.image = $image' \ - "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json - - run ! crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json -} - -@test "run container with container_min_memory 5.5MiB" { - cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" -[crio.runtime] -default_runtime = "mem" -[crio.runtime.runtimes.mem] -runtime_path = "$RUNTIME_BINARY_PATH" -container_min_memory = "5.5MiB" -EOF - start_crio - - case $ARCH in - x86_64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - ;; - aarch64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - ;; - esac - - jq --arg image "$IMAGE" '.metadata.name = "memory" - | .command = ["/bin/sh", "-c", "sleep 600"] - | .image.image = $image' \ - "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json - - crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json -} - -@test "run container with empty container_min_memory" { - cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" -[crio.runtime] -default_runtime = "mem" -[crio.runtime.runtimes.mem] -runtime_path = "$RUNTIME_BINARY_PATH" -EOF - start_crio - - case $ARCH in - x86_64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_AMD64} - ;; - aarch64) - crictl pull ${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - IMAGE=${IMAGE_LIST_DIGEST_FOR_TAG_ARM64} - ;; - esac - - jq --arg image "$IMAGE" '.metadata.name = "memory" - | .command = ["/bin/sh", "-c", "sleep 600"] - | .image.image = $image' \ - "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json - - wait_for_log 'Runtime handler \\"runc\\" container minimum memory set to 12582912 bytes' - wait_for_log 'Runtime handler \\"mem\\" container minimum memory set to 12582912 bytes' - crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json -} diff --git a/test/pod.bats b/test/pod.bats index 0739b91b6b1..cb0a4fd1a1c 100644 --- a/test/pod.bats +++ b/test/pod.bats @@ -419,3 +419,117 @@ function teardown() { crictl stop "$ctr_id" crictl stopp "$pod_id" } + +@test "run container with memory_limit_in_bytes -1" { + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "mem" +[crio.runtime.runtimes.mem] +runtime_path = "$RUNTIME_BINARY_PATH" +EOF + start_crio + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"] + | .linux.resources.memory_limit_in_bytes = -1' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + run ! crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} + +@test "run container with memory_limit_in_bytes 12.5MiB" { + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "mem" +[crio.runtime.runtimes.mem] +runtime_path = "$RUNTIME_BINARY_PATH" +container_min_memory = "7.5MiB" +EOF + start_crio + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"] + | .linux.resources.memory_limit_in_bytes = 12582912' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} + +@test "run container with container_min_memory 17.5MiB" { + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "mem" +[crio.runtime.runtimes.mem] +runtime_path = "$RUNTIME_BINARY_PATH" +container_min_memory = "17.5MiB" +EOF + start_crio + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"] + | .linux.resources.memory_limit_in_bytes = 12582912' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + run ! crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} + +@test "run container with container_min_memory 5.5MiB" { + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "mem" +[crio.runtime.runtimes.mem] +runtime_path = "$RUNTIME_BINARY_PATH" +container_min_memory = "5.5MiB" +EOF + start_crio + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"]' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} + +@test "run container with empty container_min_memory" { + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "mem" +[crio.runtime.runtimes.mem] +runtime_path = "$RUNTIME_BINARY_PATH" +EOF + start_crio + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"]' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + wait_for_log 'Runtime handler \\"crun\\" container minimum memory set to 12582912 bytes' + wait_for_log 'Runtime handler \\"mem\\" container minimum memory set to 12582912 bytes' + crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} + +@test "run container with default crun memory_limit_in_bytes" { + if [[ "$CONTAINER_DEFAULT_RUNTIME" != "crun" ]]; then + skip "must use crun" + fi + setup_crio + + # make sure the crun entry is defaulted so we can verify the one crio makes has the correct limit + sed -i '/\[crio.runtime.runtimes.crun\]/,/monitor_exec_cgroup = \"\"/d' "$CRIO_CUSTOM_CONFIG" + cat << EOF > "$CRIO_CONFIG_DIR/99-mem.conf" +[crio.runtime] +default_runtime = "" +EOF + unset CONTAINER_RUNTIMES + + start_crio_no_setup + + jq --arg image "$IMAGE" '.metadata.name = "memory" + | .command = ["/bin/sh", "-c", "sleep 600"] + | .linux.resources.memory_limit_in_bytes = 512000' \ + "$TESTDATA"/container_config.json > "$TESTDIR"/memory.json + + wait_for_log 'Runtime handler \\"crun\\" container minimum memory set to 512000 bytes' + + crictl run "$TESTDIR"/memory.json "$TESTDATA"/sandbox_config.json +} diff --git a/test/restore.bats b/test/restore.bats index 50d6c4dc84b..4792dd9cf92 100644 --- a/test/restore.bats +++ b/test/restore.bats @@ -77,7 +77,7 @@ function teardown() { stop_crio - # simulate reboot with runc state going away + # simulate reboot with $runtime state going away runtime delete -f "$pod_id" start_crio @@ -94,7 +94,7 @@ function teardown() { stop_crio - # simulate reboot with runc state going away + # simulate reboot with $runtime state going away runtime delete -f "$pod_id" runtime delete -f "$ctr_id" @@ -113,7 +113,7 @@ function teardown() { stop_crio - # simulate reboot with runc state going away + # simulate reboot with $runtime state going away runtime delete -f "$pod_id" runtime delete -f "$ctr_id" @@ -131,7 +131,7 @@ function teardown() { stop_crio - # simulate reboot with runc state going away + # simulate reboot with $runtime state going away runtime delete -f "$pod_id" start_crio @@ -154,7 +154,7 @@ function teardown() { stop_crio - # simulate reboot with runc state going away + # simulate reboot with $runtime state going away runtime delete -f "$pod_id" runtime delete -f "$ctr_id" diff --git a/test/testdata/50-crun-default.conf b/test/testdata/50-crun-default.conf deleted file mode 100644 index fae05388f3d..00000000000 --- a/test/testdata/50-crun-default.conf +++ /dev/null @@ -1,5 +0,0 @@ -[crio.runtime] - default_runtime = "crun" - [crio.runtime.runtimes] - [crio.runtime.runtimes.crun] - runtime_path="/usr/bin/crun" diff --git a/test/testdata/50-crun.conf b/test/testdata/50-crun.conf deleted file mode 100644 index 3db915fe78a..00000000000 --- a/test/testdata/50-crun.conf +++ /dev/null @@ -1,4 +0,0 @@ -[crio.runtime] - [crio.runtime.runtimes] - [crio.runtime.runtimes.crun] - runtime_path="/usr/bin/crun" diff --git a/test/testdata/50-runc-default.conf b/test/testdata/50-runc-default.conf new file mode 100644 index 00000000000..47322657bb1 --- /dev/null +++ b/test/testdata/50-runc-default.conf @@ -0,0 +1,5 @@ +[crio.runtime] + default_runtime = "runc" + [crio.runtime.runtimes] + [crio.runtime.runtimes.runc] + runtime_path="/usr/bin/runc" diff --git a/test/testdata/50-runc.conf b/test/testdata/50-runc.conf new file mode 100644 index 00000000000..368cf5eb65c --- /dev/null +++ b/test/testdata/50-runc.conf @@ -0,0 +1,4 @@ +[crio.runtime] + [crio.runtime.runtimes] + [crio.runtime.runtimes.runc] + runtime_path="/usr/bin/runc"