Add tests for privileged, devices and mounts.

example/privileged.nomad

@@ -0,0 +1,36 @@
+job "privileged" {
+  datacenters = ["dc1"]
+
+  group "privileged-group" {
+    task "privileged-task" {
+      driver = "containerd-driver"
+
+      config {
+        image           = "docker.io/library/ubuntu:16.04"
+        command         = "sleep"
+        args            = ["600s"]
+	privileged      = true
+        devices         = [
+            "/dev/loop0",
+            "/dev/loop1"
+        ]
+        mounts = [
+           {
+                type = "bind"
+                target = "/target/t1"
+                source = "/tmp/t1"
+                options = ["rbind", "ro"]
+           }
+        ]
+      }
+
+      resources {
+        cpu    = 500
+        memory = 256
+        network {
+          mbits = 10
+        }
+      }
+    }
+  }
+}

tests/001-test-redis.sh

@@ -39,6 +39,9 @@ test_redis_nomad_job() {
         echo "ERROR: Error in stopping redis job."
         exit 1
     fi
+
+    echo "INFO: purge nomad redis job."
+    nomad job stop -purge redis
     popd
 }
 
@@ -51,8 +54,8 @@ is_redis_container_active() {
                         echo "INFO: redis container is up and running"
                         break
                 fi
-                echo "INFO: redis container is down, sleep for 3 seconds."
+                echo "INFO: redis container is down, sleep for 4 seconds."
-                sleep 3s
+                sleep 4s
                 i=$[$i+1]
         done
 

tests/002-test-signal-handler.sh

@@ -27,6 +27,9 @@ test_signal_handler_nomad_job() {
         echo "ERROR: Error in stopping signal handler job."
         exit 1
     fi
+
+    echo "INFO: purge nomad signal handler job."
+    nomad job stop -purge signal
     popd
 }
 

tests/003-test-capabilities.sh

@@ -39,7 +39,7 @@ test_capabilities_nomad_job() {
 
     # Check if CAP_SYS_ADMIN was added.
     echo "INFO: Checking if CAP_SYS_ADMIN is added."
-    nomad alloc exec -job capabilities capsh --print|grep cap_sys_admin 2>&1 >/dev/null
+    nomad alloc exec -job capabilities capsh --print|grep cap_sys_admin >/dev/null 2>&1
     rc=$?
     if [ $rc -ne 0 ]; then
         echo "ERROR: CAP_SYS_ADMIN was not added to the capabilities set."
@@ -48,7 +48,7 @@ test_capabilities_nomad_job() {
 
     # Check if CAP_CHOWN was dropped.
     echo "INFO: Checking if CAP_CHOWN is dropped."
-    nomad alloc exec -job capabilities capsh --print|grep cap_chown 2>&1 >/dev/null
+    nomad alloc exec -job capabilities capsh --print|grep cap_chown >/dev/null 2>&1
     rc=$?
     if [ $rc -eq 0 ]; then
         echo "ERROR: CAP_CHOWN was not dropped from the capabilities set."
@@ -62,6 +62,9 @@ test_capabilities_nomad_job() {
         echo "ERROR: Error in stopping capabilities job."
         exit 1
     fi
+
+    echo "INFO: purge nomad capabilities job."
+    nomad job stop -purge capabilities
     popd
 }
 
@@ -79,8 +82,8 @@ is_capabilities_container_active() {
                         echo "INFO: capabilities container is up and running"
                         break
                 fi
-                echo "INFO: capabilities container is down, sleep for 3 seconds."
+                echo "INFO: capabilities container is down, sleep for 4 seconds."
-                sleep 3s
+                sleep 4s
                 i=$[$i+1]
         done
 

tests/004-test-privileged.sh

@@ -0,0 +1,87 @@
+#!/bin/bash
+
+test_privileged_nomad_job() {
+    pushd ~/go/src/github.com/Roblox/nomad-driver-containerd/example
+
+    setup_bind_source
+
+    echo "INFO: Starting nomad privileged job using nomad-driver-containerd."
+    nomad job run privileged.nomad
+
+    echo "INFO: Checking status of privileged job."
+    job_status=$(nomad job status -short privileged|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ $job_status != "running" ];then
+        echo "ERROR: Error in getting privileged job status."
+        exit 1
+    fi
+
+    # Even though $(nomad job status) reports privileged job status as "running"
+    # The actual container process might not be running yet.
+    # We need to wait for actual container to start running before trying exec.
+    echo "INFO: Wait for privileged container to get into RUNNING state, before trying exec."
+    is_privileged_container_active
+
+    echo "INFO: Inspecting privileged job."
+    job_status=$(nomad job inspect privileged|jq -r '.Job .Status')
+    if [ $job_status != "running" ]; then
+        echo "ERROR: Error in inspecting privileged job."
+        exit 1
+    fi
+
+    # Check if bind mount exists.
+    echo "INFO: Checking if bind mount exists."
+    output=$(nomad alloc exec -job privileged cat /target/t1/bind.txt)
+    if [ "$output" != "hello" ]; then
+       echo "ERROR: bind mount does not exist in container rootfs."
+       exit 1
+    fi
+
+    # Check if device /dev/loop0 exists.
+    echo "INFO: Checking if /dev/loop0 exists in container rootfs."
+    nomad alloc exec -job privileged stat /dev/loop0 >/dev/null 2>&1
+    rc=$?
+    if [ $rc -ne 0 ]; then
+       echo "ERROR: /dev/loop0 does not exist in container rootfs."
+       exit 1
+    fi
+
+    echo "INFO: Stopping nomad privileged job."
+    nomad job stop privileged
+    job_status=$(nomad job status -short privileged|grep Status|awk '{split($0,a,"="); print a[2]}'|tr -d ' ')
+    if [ $job_status != "dead(stopped)" ];then
+        echo "ERROR: Error in stopping privileged job."
+        exit 1
+    fi
+
+    echo "INFO: purge nomad privileged job."
+    nomad job stop -purge privileged
+    popd
+}
+
+setup_bind_source() {
+    mkdir -p /tmp/t1
+    echo hello > /tmp/t1/bind.txt
+}
+
+is_privileged_container_active() {
+        i="0"
+        while test $i -lt 5
+        do
+                sudo CONTAINERD_NAMESPACE=nomad ctr task ls|grep -q RUNNING
+                if [ $? -eq 0 ]; then
+                        echo "INFO: privileged container is up and running"
+                        sleep 5s
+                        break
+                fi
+                echo "INFO: privileged container is down, sleep for 4 seconds."
+                sleep 4s
+                i=$[$i+1]
+        done
+
+        if [ $i -ge 5 ]; then
+                echo "ERROR: privileged container didn't come up. exit 1."
+                exit 1
+        fi
+}
+
+test_privileged_nomad_job

tests/run_tests.sh

@@ -168,8 +168,8 @@ is_containerd_driver_active() {
 			echo "INFO: containerd driver is up and running."
 			break
 		fi
-		echo "INFO: containerd driver is down, sleep for 3 seconds."
+		echo "INFO: containerd driver is down, sleep for 4 seconds."
-		sleep 3s
+		sleep 4s
 		i=$[$i+1]
 	done
 
@@ -183,8 +183,8 @@ is_systemd_service_active() {
 	local service_name=$1
 	i="0"
 	while test $i -lt 5 && !(systemctl -q is-active "$service_name"); do
-		printf "INFO: %s is down, sleep for 3 seconds.\n" $service_name
+		printf "INFO: %s is down, sleep for 4 seconds.\n" $service_name
-		sleep 3s
+		sleep 4s
 		i=$[$i+1]
 	done