Fix checkpoint/restore tests on Fedora 31

The Travis tests running on Fedora 31 with cgroup2 on Vagrant had the
CRIU parts disabled because of a couple of problems.

One problem was a bug in runc and CRIU handling that Andrei fixed.

In addition four patches from the upcoming  CRIU 3.14 are needed for
minimal cgroup2 support (freezer and mounting of cgroup2). With Andrei's
fix and the CRIU cgroup2 support and the runc CRIU cgroup2 integration
it is now possible the checkpoint integration tests again on the Fedora
Vagrant cgroup2 based integration test.

To run CRIU based tests the modules of Fedora 31 (the test host system)
are mounted inside of the container used to test runc in the buster
based container with -v /lib/modules:/lib/modules.

Signed-off-by: Adrian Reber <areber@redhat.com>
This commit is contained in:
Adrian Reber 2020-02-05 13:58:25 +00:00 committed by Adrian Reber
parent 9a0184b10f
commit 3e99aa3628
No known key found for this signature in database
GPG Key ID: 82C9378ED3C4906A
3 changed files with 23 additions and 11 deletions

View File

@ -32,7 +32,8 @@ matrix:
- ssh default sudo dnf install -y podman - ssh default sudo dnf install -y podman
script: script:
- ssh default sudo podman build -t test /vagrant - ssh default sudo podman build -t test /vagrant
- ssh default sudo podman run --privileged --cgroupns=private test make localunittest # Mounting /lib/modules into the container is necessary as CRIU wants to load (via iptables) additional modules
- ssh default sudo podman run --privileged --cgroupns=private -v /lib/modules:/lib/modules:ro test make localunittest
allow_failures: allow_failures:
- go: tip - go: tip
- name: "cgroup-v2" - name: "cgroup-v2"

View File

@ -1,6 +1,6 @@
ARG GO_VERSION=1.13 ARG GO_VERSION=1.13
ARG BATS_VERSION=03608115df2071fff4eaaff1605768c275e5f81f ARG BATS_VERSION=03608115df2071fff4eaaff1605768c275e5f81f
ARG CRIU_VERSION=v3.12 ARG CRIU_VERSION=v3.13
FROM golang:${GO_VERSION}-buster FROM golang:${GO_VERSION}-buster
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
@ -62,7 +62,13 @@ ARG CRIU_VERSION
RUN mkdir -p /usr/src/criu \ RUN mkdir -p /usr/src/criu \
&& curl -fsSL https://github.com/checkpoint-restore/criu/archive/${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \ && curl -fsSL https://github.com/checkpoint-restore/criu/archive/${CRIU_VERSION}.tar.gz | tar -C /usr/src/criu/ -xz --strip-components=1 \
&& cd /usr/src/criu \ && cd /usr/src/criu \
&& echo 1 > .gitid \
&& curl -sSL https://github.com/checkpoint-restore/criu/commit/4c27b3db4f4325a311d8bfa9a50ea3efb4d6e377.patch | patch -p1 \
&& curl -sSL https://github.com/checkpoint-restore/criu/commit/aac41164b2cd7f0d2047f207b32844524682e43f.patch | patch -p1 \
&& curl -sSL https://github.com/checkpoint-restore/criu/commit/6f19249b2565f3f7c0a1f8f65b4ae180e8f7f34b.patch | patch -p1 \
&& curl -sSL https://github.com/checkpoint-restore/criu/commit/378337a496ca759848180bc5411e4446298c5e4e.patch | patch -p1 \
&& make install-criu \ && make install-criu \
&& cd - \
&& rm -rf /usr/src/criu && rm -rf /usr/src/criu
COPY script/tmpmount / COPY script/tmpmount /

View File

@ -60,9 +60,6 @@ func testCheckpoint(t *testing.T, userns bool) {
if testing.Short() { if testing.Short() {
return return
} }
if cgroups.IsCgroup2UnifiedMode() {
t.Skip("cgroup v2 is not supported")
}
root, err := newTestRoot() root, err := newTestRoot()
if err != nil { if err != nil {
@ -78,16 +75,24 @@ func testCheckpoint(t *testing.T, userns bool) {
config := newTemplateConfig(rootfs) config := newTemplateConfig(rootfs)
config.Mounts = append(config.Mounts, &configs.Mount{
Destination: "/sys/fs/cgroup",
Device: "cgroup",
Flags: defaultMountFlags | unix.MS_RDONLY,
})
if userns { if userns {
config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.UidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}} config.GidMappings = []configs.IDMap{{HostID: 0, ContainerID: 0, Size: 1000}}
config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER}) config.Namespaces = append(config.Namespaces, configs.Namespace{Type: configs.NEWUSER})
} else {
var cgroupDevice string
if cgroups.IsCgroup2UnifiedMode() {
cgroupDevice = "cgroup2"
} else {
cgroupDevice = "cgroup"
}
config.Mounts = append(config.Mounts, &configs.Mount{
Destination: "/sys/fs/cgroup",
Device: cgroupDevice,
Flags: defaultMountFlags | unix.MS_RDONLY,
})
} }
factory, err := libcontainer.New(root, libcontainer.Cgroupfs) factory, err := libcontainer.New(root, libcontainer.Cgroupfs)