Skip to content
This repository has been archived by the owner on Jun 28, 2024. It is now read-only.

Commit

Permalink
ci: Run the current CC tests offloading the image pull to the guest
Browse files Browse the repository at this point in the history
This is will ensure we're not breaking anything with this new feature.

Depends-on: github.com/kata-containers/kata-containers#7676

Signed-off-by: ChengyuZhu6 <[email protected]>
  • Loading branch information
ChengyuZhu6 authored and fidencio committed Sep 21, 2023
1 parent 8e4b362 commit 2e90792
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 5 deletions.
70 changes: 65 additions & 5 deletions integration/confidential/lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ source "${BATS_TEST_DIRNAME}/../../../.ci/lib.sh"
FIXTURES_DIR="${BATS_TEST_DIRNAME}/fixtures"
SHARED_FIXTURES_DIR="${BATS_TEST_DIRNAME}/../../confidential/fixtures"

# Nydus related configurations
NYDUS_SNAPSHOTTER_BINARY="/usr/local/bin/containerd-nydus-grpc"
NYDUS_SNAPSHOTTER_TARFS_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-host-sharing.toml"
NYDUS_SNAPSHOTTER_GUEST_CONFIG="/usr/local/share/nydus-snapshotter/config-coco-guest-pulling.toml"
NYDUS_SNAPSHOTTER_CONFIG="${NYDUS_SNAPSHOTTER_CONFIG:-${NYDUS_SNAPSHOTTER_TARFS_CONFIG}}"

# Toggle between true and false the service_offload configuration of
# the Kata agent.
#
Expand Down Expand Up @@ -216,11 +222,13 @@ configure_cc_containerd() {
restart_containerd

# Ensure the cc CRI handler is set.
local cri_handler=$(sudo crictl info | \
jq '.config.containerd.runtimes.kata.cri_handler')
if [[ ! "$cri_handler" =~ cc ]]; then
sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
"$containerd_conf_file"
if [ "${IMAGE_OFFLOAD_TO_GUEST:-"no"}" == "no" ]; then
local cri_handler=$(sudo crictl info | \
jq '.config.containerd.runtimes.kata.cri_handler')
if [[ ! "$cri_handler" =~ cc ]]; then
sudo sed -i 's/\([[:blank:]]*\)\(runtime_type = "io.containerd.kata.v2"\)/\1\2\n\1cri_handler = "cc"/' \
"$containerd_conf_file"
fi
fi

if [ "$(sudo crictl info | jq -r '.config.cni.confDir')" = "null" ]; then
Expand Down Expand Up @@ -448,3 +456,55 @@ EOF
EOF
fi
}

###############################################################################

# remote-snapshotter

configure_containerd_for_nydus_snapshotter() {
local containerd_config="$1"
snapshotter_socket="/run/containerd-nydus/containerd-nydus-grpc.sock"
proxy_config=" [proxy_plugins.$SNAPSHOTTER]\n type = \"snapshot\"\n address = \"${snapshotter_socket}\""

if grep -q "\[proxy_plugins\]" "$containerd_config"; then
sudo sed -i '/\[proxy_plugins\]/a\'"$proxy_config" "$containerd_config"
else
sudo echo -e "[proxy_plugins]" >>"$containerd_config"
sudo echo -e "$proxy_config" >>"$containerd_config"
fi

sudo sed -i 's/disable_snapshot_annotations = .*/disable_snapshot_annotations = false/g' "$containerd_config"
sudo sed -i 's/snapshotter = .*/snapshotter = "nydus"/g' "$containerd_config"
}

kill_nydus_snapshotter_process() {
echo "Kill nydus snapshotter"
local bin="containerd-nydus-grpc"
sudo kill -9 $(pidof $bin) || true
sudo rm -rf "/var/lib/containerd-nydus" || true
}

remove_test_image() {
local test_image="$1"
crictl rmi "$1"
pause_name=$(crictl images -o json | jq -r '.images[].repoTags[] | select(. | contains("pause"))')
crictl rmi "$pause_name"
}

restart_nydus_snapshotter() {
kill_nydus_snapshotter_process || true
echo "Restart nydus snapshotter"
sudo "$NYDUS_SNAPSHOTTER_BINARY" --config "$NYDUS_SNAPSHOTTER_CONFIG" >/dev/stdout 2>&1 &
}

configure_nydus_snapshotter() {
echo "Configure nydus snapshotter"
if [ "${IMAGE_OFFLOAD_TO_GUEST:-"no"}" == "yes" ]; then
NYDUS_SNAPSHOTTER_CONFIG="$NYDUS_SNAPSHOTTER_GUEST_CONFIG"
else
NYDUS_SNAPSHOTTER_CONFIG="$NYDUS_SNAPSHOTTER_TARFS_CONFIG"
sudo sed -i "s/export_mode = .*/export_mode = \"$EXPORT_MODE\"/" "$NYDUS_SNAPSHOTTER_CONFIG"
fi

restart_nydus_snapshotter
}
11 changes: 11 additions & 0 deletions integration/kubernetes/confidential/agent_image.bats
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,17 @@ RUNTIMECLASS="${RUNTIMECLASS:-kata}"
test_tag="[cc][agent][kubernetes][containerd]"

setup() {
remove_test_image "$image_unsigned_protected" || true
setup_containerd
if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
configure_containerd_for_nydus_snapshotter "/etc/containerd/config.toml"
fi
restart_containerd
reconfigure_kata
if [ "${IMAGE_OFFLOAD_TO_GUEST}" == "yes" ]; then
switch_image_service_offload off
EXPORT_MODE="image_guest_pull" RUNTIMECLASS="$RUNTIMECLASS" configure_nydus_snapshotter
fi
}

@test "$test_tag Test can launch pod with measured boot enabled" {
Expand Down Expand Up @@ -154,4 +162,7 @@ setup() {

teardown() {
teardown_common
remove_test_image "$image_unsigned_protected" || true
kill_nydus_snapshotter_process
restart_containerd
}

0 comments on commit 2e90792

Please sign in to comment.