1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
package container // import "github.com/docker/docker/integration/container"
import (
"context"
"strconv"
"strings"
"testing"
"time"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/versions"
"github.com/docker/docker/integration/internal/container"
net "github.com/docker/docker/integration/internal/network"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/poll"
"gotest.tools/v3/skip"
)
func TestKernelTCPMemory(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType != "linux")
skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
skip.If(t, !testEnv.DaemonInfo.KernelMemoryTCP)
defer setupTest(t)()
client := testEnv.APIClient()
ctx := context.Background()
const (
kernelMemoryTCP int64 = 200 * 1024 * 1024
)
cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
c.HostConfig.Resources = containertypes.Resources{
KernelMemoryTCP: kernelMemoryTCP,
}
})
poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
inspect, err := client.ContainerInspect(ctx, cID)
assert.NilError(t, err)
assert.Check(t, is.Equal(kernelMemoryTCP, inspect.HostConfig.KernelMemoryTCP))
res, err := container.Exec(ctx, client, cID,
[]string{"cat", "/sys/fs/cgroup/memory/memory.kmem.tcp.limit_in_bytes"})
assert.NilError(t, err)
assert.Assert(t, is.Len(res.Stderr(), 0))
assert.Equal(t, 0, res.ExitCode)
assert.Check(t, is.Equal(strconv.FormatInt(kernelMemoryTCP, 10), strings.TrimSpace(res.Stdout())))
}
func TestNISDomainname(t *testing.T) {
// Older versions of the daemon would concatenate hostname and domainname,
// so hostname "foobar" and domainname "baz.cyphar.com" would produce
// `foobar.baz.cyphar.com` as hostname.
skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
skip.If(t, testEnv.DaemonInfo.OSType != "linux")
// Rootless supports custom Hostname but doesn't support custom Domainname
// OCI runtime create failed: container_linux.go:349: starting container process caused "process_linux.go:449: container init caused \
// "write sysctl key kernel.domainname: open /proc/sys/kernel/domainname: permission denied\"": unknown.
skip.If(t, testEnv.IsRootless, "rootless mode doesn't support setting Domainname (TODO: https://github.com/moby/moby/issues/40632)")
defer setupTest(t)()
client := testEnv.APIClient()
ctx := context.Background()
const (
hostname = "foobar"
domainname = "baz.cyphar.com"
)
cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
c.Config.Hostname = hostname
c.Config.Domainname = domainname
})
poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
inspect, err := client.ContainerInspect(ctx, cID)
assert.NilError(t, err)
assert.Check(t, is.Equal(hostname, inspect.Config.Hostname))
assert.Check(t, is.Equal(domainname, inspect.Config.Domainname))
// Check hostname.
res, err := container.Exec(ctx, client, cID,
[]string{"cat", "/proc/sys/kernel/hostname"})
assert.NilError(t, err)
assert.Assert(t, is.Len(res.Stderr(), 0))
assert.Equal(t, 0, res.ExitCode)
assert.Check(t, is.Equal(hostname, strings.TrimSpace(res.Stdout())))
// Check domainname.
res, err = container.Exec(ctx, client, cID,
[]string{"cat", "/proc/sys/kernel/domainname"})
assert.NilError(t, err)
assert.Assert(t, is.Len(res.Stderr(), 0))
assert.Equal(t, 0, res.ExitCode)
assert.Check(t, is.Equal(domainname, strings.TrimSpace(res.Stdout())))
}
func TestHostnameDnsResolution(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType != "linux")
defer setupTest(t)()
client := testEnv.APIClient()
ctx := context.Background()
const (
hostname = "foobar"
)
// using user defined network as we want to use internal DNS
netName := "foobar-net"
net.CreateNoError(context.Background(), t, client, netName, net.WithDriver("bridge"))
cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
c.Config.Hostname = hostname
c.HostConfig.NetworkMode = containertypes.NetworkMode(netName)
})
poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
inspect, err := client.ContainerInspect(ctx, cID)
assert.NilError(t, err)
assert.Check(t, is.Equal(hostname, inspect.Config.Hostname))
// Clear hosts file so ping will use DNS for hostname resolution
res, err := container.Exec(ctx, client, cID,
[]string{"sh", "-c", "echo 127.0.0.1 localhost | tee /etc/hosts && ping -c 1 foobar"})
assert.NilError(t, err)
assert.Check(t, is.Equal("", res.Stderr()))
assert.Equal(t, 0, res.ExitCode)
}
|
