From e98ba5021ef99ac6b1a254a9e5232e193b0875e9 Mon Sep 17 00:00:00 2001 From: Filipe Brandenburger Date: Wed, 3 Jan 2018 10:09:46 -0800 Subject: [PATCH] Skip log path tests when they are expected to fail. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The log path test is not expected to pass unless the Docker is using the JSON logging driver, since that's what the log path is trying to find. When Docker is using the journald logging driver, there will be no JSON files in the logging directories for it to find. Furthermore, when SELinux support is enabled in the Docker daemon, SELinux will prevent processes running inside Docker containers from accessing the log files owned by Docker (which is what this test is trying to accomplish), so let's also skip this test in case SELinux support is enabled. Tested: - With Docker daemon started using --log-driver=journald: S [SKIPPING] in Spec Setup (BeforeEach) [8.193 seconds] [k8s.io] ContainerLogPath Pod with a container printed log to stdout should print log to correct log path [BeforeEach] Jan 3 18:33:44.869: Skipping because Docker daemon is using a logging driver other than "json-file": journald - With Docker daemon started using --selinux-enabled: S [SKIPPING] in Spec Setup (BeforeEach) [8.488 seconds] [k8s.io] ContainerLogPath Pod with a container printed log to stdout should print log to correct log path [BeforeEach] Jan 3 18:35:58.909: Skipping because Docker daemon is running with SELinux support enabled - With Docker started using JSON logging driver and with SELinux disabled: • [SLOW TEST:16.352 seconds] (passed) [k8s.io] ContainerLogPath Pod with a container printed log to stdout should print log to correct log path Ran 1 of 256 Specs in 36.428 seconds SUCCESS! -- 1 Passed | 0 Failed | 0 Pending | 255 Skipped --- test/e2e_node/BUILD | 1 + test/e2e_node/docker_util.go | 47 +++++++++++++++++++++++++++++----- test/e2e_node/log_path_test.go | 24 +++++++++++++++++ 3 files changed, 66 insertions(+), 6 deletions(-) diff --git a/test/e2e_node/BUILD b/test/e2e_node/BUILD index 9ee141f009..d6d49105c1 100644 --- a/test/e2e_node/BUILD +++ b/test/e2e_node/BUILD @@ -47,6 +47,7 @@ go_library( "//test/utils/image:go_default_library", "//vendor/github.com/blang/semver:go_default_library", "//vendor/github.com/coreos/go-systemd/util:go_default_library", + "//vendor/github.com/docker/docker/api/types:go_default_library", "//vendor/github.com/docker/docker/client:go_default_library", "//vendor/github.com/golang/glog:go_default_library", "//vendor/github.com/onsi/ginkgo:go_default_library", diff --git a/test/e2e_node/docker_util.go b/test/e2e_node/docker_util.go index 83c4177ff2..135e465c97 100644 --- a/test/e2e_node/docker_util.go +++ b/test/e2e_node/docker_util.go @@ -22,6 +22,7 @@ import ( "github.com/blang/semver" systemdutil "github.com/coreos/go-systemd/util" + "github.com/docker/docker/api/types" "github.com/docker/docker/client" ) @@ -73,20 +74,54 @@ func isDockerLiveRestoreSupported() (bool, error) { return version.GTE(semver.MustParse("1.26.0")), nil } +// getDockerInfo returns the Info struct for the running Docker daemon. +func getDockerInfo() (types.Info, error) { + var info types.Info + c, err := client.NewClient(defaultDockerEndpoint, "", nil, nil) + if err != nil { + return info, fmt.Errorf("failed to create docker client: %v", err) + } + info, err = c.Info(context.Background()) + if err != nil { + return info, fmt.Errorf("failed to get docker info: %v", err) + } + return info, nil +} + // isDockerLiveRestoreEnabled returns true if live-restore is enabled in the // Docker. func isDockerLiveRestoreEnabled() (bool, error) { - c, err := client.NewClient(defaultDockerEndpoint, "", nil, nil) + info, err := getDockerInfo() if err != nil { - return false, fmt.Errorf("failed to create docker client: %v", err) - } - info, err := c.Info(context.Background()) - if err != nil { - return false, fmt.Errorf("failed to get docker info: %v", err) + return false, err } return info.LiveRestoreEnabled, nil } +// getDockerLoggingDriver returns the name of the logging driver. +func getDockerLoggingDriver() (string, error) { + info, err := getDockerInfo() + if err != nil { + return "", err + } + return info.LoggingDriver, nil +} + +// isDockerSELinuxSupportEnabled checks whether the Docker daemon was started +// with SELinux support enabled. +func isDockerSELinuxSupportEnabled() (bool, error) { + info, err := getDockerInfo() + if err != nil { + return false, err + } + for _, s := range info.SecurityOptions { + if s == "selinux" { + return true, nil + } + } + return false, nil +} + // startDockerDaemon starts the Docker daemon. func startDockerDaemon() error { switch { diff --git a/test/e2e_node/log_path_test.go b/test/e2e_node/log_path_test.go index 62b64f04f8..2c01d8ac82 100644 --- a/test/e2e_node/log_path_test.go +++ b/test/e2e_node/log_path_test.go @@ -39,6 +39,30 @@ var _ = framework.KubeDescribe("ContainerLogPath", func() { f := framework.NewDefaultFramework("kubelet-container-log-path") Describe("Pod with a container", func() { Context("printed log to stdout", func() { + BeforeEach(func() { + if framework.TestContext.ContainerRuntime == "docker" { + // Container Log Path support requires JSON logging driver. + // It does not work when Docker daemon is logging to journald. + d, err := getDockerLoggingDriver() + framework.ExpectNoError(err) + if d != "json-file" { + framework.Skipf("Skipping because Docker daemon is using a logging driver other than \"json-file\": %s", d) + } + // Even if JSON logging is in use, this test fails if SELinux support + // is enabled, since the isolation provided by the SELinux policy + // prevents processes running inside Docker containers (under SELinux + // type svirt_lxc_net_t) from accessing the log files which are owned + // by Docker (and labeled with the container_var_lib_t type.) + // + // Therefore, let's also skip this test when running with SELinux + // support enabled. + e, err := isDockerSELinuxSupportEnabled() + framework.ExpectNoError(err) + if e { + framework.Skipf("Skipping because Docker daemon is running with SELinux support enabled") + } + } + }) It("should print log to correct log path", func() { podClient := f.PodClient() ns := f.Namespace.Name