2018-03-01 17:51:11 -05:00
|
|
|
package container // import "github.com/docker/docker/integration/container"
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2020-12-19 17:04:06 -05:00
|
|
|
"encoding/json"
|
2018-02-08 12:57:38 -05:00
|
|
|
"fmt"
|
2021-08-24 06:10:50 -04:00
|
|
|
"os"
|
2020-12-19 17:04:06 -05:00
|
|
|
"path/filepath"
|
2018-02-08 12:57:38 -05:00
|
|
|
"strconv"
|
|
|
|
"strings"
|
|
|
|
"testing"
|
2020-12-19 17:04:06 -05:00
|
|
|
"time"
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
"github.com/docker/docker/api/types"
|
2020-12-19 17:04:06 -05:00
|
|
|
containerapi "github.com/docker/docker/api/types/container"
|
|
|
|
realcontainer "github.com/docker/docker/container"
|
2018-02-28 16:35:56 -05:00
|
|
|
"github.com/docker/docker/integration/internal/container"
|
2019-08-29 16:52:40 -04:00
|
|
|
"github.com/docker/docker/testutil/daemon"
|
2018-02-08 12:57:38 -05:00
|
|
|
"golang.org/x/sys/unix"
|
2020-02-07 08:39:24 -05:00
|
|
|
"gotest.tools/v3/assert"
|
|
|
|
is "gotest.tools/v3/assert/cmp"
|
|
|
|
"gotest.tools/v3/skip"
|
2018-02-08 12:57:38 -05:00
|
|
|
)
|
|
|
|
|
|
|
|
// This is a regression test for #36145
|
|
|
|
// It ensures that a container can be started when the daemon was improperly
|
|
|
|
// shutdown when the daemon is brought back up.
|
|
|
|
//
|
|
|
|
// The regression is due to improper error handling preventing a container from
|
|
|
|
// being restored and as such have the resources cleaned up.
|
|
|
|
//
|
|
|
|
// To test this, we need to kill dockerd, then kill both the containerd-shim and
|
|
|
|
// the container process, then start dockerd back up and attempt to start the
|
|
|
|
// container again.
|
|
|
|
func TestContainerStartOnDaemonRestart(t *testing.T) {
|
2018-04-25 05:03:43 -04:00
|
|
|
skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
|
2018-04-19 05:14:15 -04:00
|
|
|
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
|
2020-03-13 09:37:09 -04:00
|
|
|
skip.If(t, testEnv.IsRootless)
|
2018-02-08 12:57:38 -05:00
|
|
|
t.Parallel()
|
|
|
|
|
2018-04-10 10:29:48 -04:00
|
|
|
d := daemon.New(t)
|
2018-02-08 12:57:38 -05:00
|
|
|
d.StartWithBusybox(t, "--iptables=false")
|
|
|
|
defer d.Stop(t)
|
|
|
|
|
2018-12-22 09:53:02 -05:00
|
|
|
c := d.NewClientT(t)
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
ctx := context.Background()
|
2018-02-28 16:35:56 -05:00
|
|
|
|
2019-06-06 07:00:37 -04:00
|
|
|
cID := container.Create(ctx, t, c)
|
2018-12-22 09:53:02 -05:00
|
|
|
defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
|
2018-02-28 16:35:56 -05:00
|
|
|
|
2018-12-22 09:53:02 -05:00
|
|
|
err := c.ContainerStart(ctx, cID, types.ContainerStartOptions{})
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "error starting test container")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
2018-12-22 09:53:02 -05:00
|
|
|
inspect, err := c.ContainerInspect(ctx, cID)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "error getting inspect data")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
ppid := getContainerdShimPid(t, inspect)
|
|
|
|
|
|
|
|
err = d.Kill()
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "failed to kill test daemon")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
err = unix.Kill(inspect.State.Pid, unix.SIGKILL)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "failed to kill container process")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
err = unix.Kill(ppid, unix.SIGKILL)
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "failed to kill containerd-shim")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
d.Start(t, "--iptables=false")
|
|
|
|
|
2018-12-22 09:53:02 -05:00
|
|
|
err = c.ContainerStart(ctx, cID, types.ContainerStartOptions{})
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "failed to start test container")
|
2018-02-08 12:57:38 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
func getContainerdShimPid(t *testing.T, c types.ContainerJSON) int {
|
2021-08-24 06:10:50 -04:00
|
|
|
statB, err := os.ReadFile(fmt.Sprintf("/proc/%d/stat", c.State.Pid))
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "error looking up containerd-shim pid")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
|
|
|
// ppid is the 4th entry in `/proc/pid/stat`
|
|
|
|
ppid, err := strconv.Atoi(strings.Fields(string(statB))[3])
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, err, "error converting ppid field to int")
|
2018-02-08 12:57:38 -05:00
|
|
|
|
2018-03-13 15:28:34 -04:00
|
|
|
assert.Check(t, ppid != 1, "got unexpected ppid")
|
2018-02-08 12:57:38 -05:00
|
|
|
return ppid
|
|
|
|
}
|
2019-02-14 20:08:00 -05:00
|
|
|
|
|
|
|
// TestDaemonRestartIpcMode makes sure a container keeps its ipc mode
|
|
|
|
// (derived from daemon default) even after the daemon is restarted
|
|
|
|
// with a different default ipc mode.
|
|
|
|
func TestDaemonRestartIpcMode(t *testing.T) {
|
|
|
|
skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
|
|
|
|
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
d := daemon.New(t)
|
|
|
|
d.StartWithBusybox(t, "--iptables=false", "--default-ipc-mode=private")
|
|
|
|
defer d.Stop(t)
|
|
|
|
|
|
|
|
c := d.NewClientT(t)
|
|
|
|
ctx := context.Background()
|
|
|
|
|
|
|
|
// check the container is created with private ipc mode as per daemon default
|
2019-06-06 07:15:31 -04:00
|
|
|
cID := container.Run(ctx, t, c,
|
2019-02-14 20:08:00 -05:00
|
|
|
container.WithCmd("top"),
|
|
|
|
container.WithRestartPolicy("always"),
|
|
|
|
)
|
|
|
|
defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
|
|
|
|
|
|
|
|
inspect, err := c.ContainerInspect(ctx, cID)
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private"))
|
|
|
|
|
|
|
|
// restart the daemon with shareable default ipc mode
|
|
|
|
d.Restart(t, "--iptables=false", "--default-ipc-mode=shareable")
|
|
|
|
|
|
|
|
// check the container is still having private ipc mode
|
|
|
|
inspect, err = c.ContainerInspect(ctx, cID)
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "private"))
|
|
|
|
|
|
|
|
// check a new container is created with shareable ipc mode as per new daemon default
|
2019-06-06 07:15:31 -04:00
|
|
|
cID = container.Run(ctx, t, c)
|
2019-02-14 20:08:00 -05:00
|
|
|
defer c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
|
|
|
|
|
|
|
|
inspect, err = c.ContainerInspect(ctx, cID)
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.Equal(string(inspect.HostConfig.IpcMode), "shareable"))
|
|
|
|
}
|
2019-11-01 20:09:40 -04:00
|
|
|
|
|
|
|
// TestDaemonHostGatewayIP verifies that when a magic string "host-gateway" is passed
|
|
|
|
// to ExtraHosts (--add-host) instead of an IP address, its value is set to
|
|
|
|
// 1. Daemon config flag value specified by host-gateway-ip or
|
|
|
|
// 2. IP of the default bridge network
|
|
|
|
// and is added to the /etc/hosts file
|
|
|
|
func TestDaemonHostGatewayIP(t *testing.T) {
|
|
|
|
skip.If(t, testEnv.IsRemoteDaemon)
|
|
|
|
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
|
2020-03-13 09:37:09 -04:00
|
|
|
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
|
2019-11-01 20:09:40 -04:00
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
// Verify the IP in /etc/hosts is same as host-gateway-ip
|
|
|
|
d := daemon.New(t)
|
|
|
|
// Verify the IP in /etc/hosts is same as the default bridge's IP
|
|
|
|
d.StartWithBusybox(t)
|
|
|
|
c := d.NewClientT(t)
|
|
|
|
ctx := context.Background()
|
|
|
|
cID := container.Run(ctx, t, c,
|
|
|
|
container.WithExtraHost("host.docker.internal:host-gateway"),
|
|
|
|
)
|
|
|
|
res, err := container.Exec(ctx, c, cID, []string{"cat", "/etc/hosts"})
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Assert(t, is.Len(res.Stderr(), 0))
|
|
|
|
assert.Equal(t, 0, res.ExitCode)
|
|
|
|
inspect, err := c.NetworkInspect(ctx, "bridge", types.NetworkInspectOptions{})
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Check(t, is.Contains(res.Stdout(), inspect.IPAM.Config[0].Gateway))
|
|
|
|
c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
|
|
|
|
d.Stop(t)
|
|
|
|
|
|
|
|
// Verify the IP in /etc/hosts is same as host-gateway-ip
|
|
|
|
d.StartWithBusybox(t, "--host-gateway-ip=6.7.8.9")
|
|
|
|
cID = container.Run(ctx, t, c,
|
|
|
|
container.WithExtraHost("host.docker.internal:host-gateway"),
|
|
|
|
)
|
|
|
|
res, err = container.Exec(ctx, c, cID, []string{"cat", "/etc/hosts"})
|
|
|
|
assert.NilError(t, err)
|
|
|
|
assert.Assert(t, is.Len(res.Stderr(), 0))
|
|
|
|
assert.Equal(t, 0, res.ExitCode)
|
|
|
|
assert.Check(t, is.Contains(res.Stdout(), "6.7.8.9"))
|
|
|
|
c.ContainerRemove(ctx, cID, types.ContainerRemoveOptions{Force: true})
|
|
|
|
d.Stop(t)
|
|
|
|
|
|
|
|
}
|
2020-12-19 17:04:06 -05:00
|
|
|
|
|
|
|
// TestRestartDaemonWithRestartingContainer simulates a case where a container is in "restarting" state when
|
|
|
|
// dockerd is killed (due to machine reset or something else).
|
|
|
|
//
|
|
|
|
// Related to moby/moby#41817
|
|
|
|
//
|
|
|
|
// In this test we'll change the container state to "restarting".
|
|
|
|
// This means that the container will not be 'alive' when we attempt to restore in on daemon startup.
|
|
|
|
//
|
|
|
|
// We could do the same with `docker run -d --resetart=always busybox:latest exit 1`, and then
|
|
|
|
// `kill -9` dockerd while the container is in "restarting" state. This is difficult to reproduce reliably
|
|
|
|
// in an automated test, so we manipulate on disk state instead.
|
|
|
|
func TestRestartDaemonWithRestartingContainer(t *testing.T) {
|
|
|
|
skip.If(t, testEnv.IsRemoteDaemon, "cannot start daemon on remote test run")
|
|
|
|
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
|
|
|
|
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
d := daemon.New(t)
|
|
|
|
defer d.Cleanup(t)
|
|
|
|
|
|
|
|
d.StartWithBusybox(t, "--iptables=false")
|
2021-01-04 18:58:00 -05:00
|
|
|
defer d.Stop(t)
|
2020-12-19 17:04:06 -05:00
|
|
|
|
|
|
|
ctx := context.Background()
|
|
|
|
client := d.NewClientT(t)
|
|
|
|
|
|
|
|
// Just create the container, no need to start it to be started.
|
|
|
|
// We really want to make sure there is no process running when docker starts back up.
|
|
|
|
// We will manipulate the on disk state later
|
|
|
|
id := container.Create(ctx, t, client, container.WithRestartPolicy("always"), container.WithCmd("/bin/sh", "-c", "exit 1"))
|
|
|
|
|
2021-01-04 18:58:00 -05:00
|
|
|
d.Stop(t)
|
2020-12-19 17:04:06 -05:00
|
|
|
|
|
|
|
configPath := filepath.Join(d.Root, "containers", id, "config.v2.json")
|
2021-08-24 06:10:50 -04:00
|
|
|
configBytes, err := os.ReadFile(configPath)
|
2020-12-19 17:04:06 -05:00
|
|
|
assert.NilError(t, err)
|
|
|
|
|
|
|
|
var c realcontainer.Container
|
|
|
|
|
|
|
|
assert.NilError(t, json.Unmarshal(configBytes, &c))
|
|
|
|
|
|
|
|
c.State = realcontainer.NewState()
|
|
|
|
c.SetRestarting(&realcontainer.ExitStatus{ExitCode: 1})
|
|
|
|
c.HasBeenStartedBefore = true
|
|
|
|
|
|
|
|
configBytes, err = json.Marshal(&c)
|
|
|
|
assert.NilError(t, err)
|
2021-08-24 06:10:50 -04:00
|
|
|
assert.NilError(t, os.WriteFile(configPath, configBytes, 0600))
|
2020-12-19 17:04:06 -05:00
|
|
|
|
|
|
|
d.Start(t)
|
|
|
|
|
|
|
|
ctxTimeout, cancel := context.WithTimeout(ctx, 30*time.Second)
|
|
|
|
defer cancel()
|
|
|
|
chOk, chErr := client.ContainerWait(ctxTimeout, id, containerapi.WaitConditionNextExit)
|
|
|
|
select {
|
|
|
|
case <-chOk:
|
|
|
|
case err := <-chErr:
|
|
|
|
assert.NilError(t, err)
|
|
|
|
}
|
|
|
|
}
|