beaker-docker 0.7.1 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1656bc0ada39719991d068356033f018e0e8a2d3ad36b9fb8abc7285f2bf4e0f
-  data.tar.gz: b2207cae132edc1bf03e4b6dd0f5bf34139e30868f20e6e6f585291a72cf310e
+  metadata.gz: f21e88681130028d956057cc5d7e10242d3ab4b0dd3afdddc1e4a77b6a30376e
+  data.tar.gz: 27f935f63ebaf20d0eb18afcab7360dccdb6cc7e037cee4d6e9e3a45aed9ef33
 SHA512:
-  metadata.gz: 9054afd2e705cd0cdf2910bb243aa4e103aa58e9575c11b23b3192fa0215d7fe90465544b679e805f89f311c337cbd5af2acf92c3d0123e93e00e23a99d8647b
-  data.tar.gz: d5f352ca1ccc5a37ac60c76344fdcc2265fde3120f2c9c68ec963149c081b9477a490a84eaf926139274c30d27d59f3f37cefd593f17465edcc2038045ada7a2
+  metadata.gz: 419eee4542d7283b98c1c9e56fae980816123bd5b4f8f69920180815c0ac61d047f0a8523ac68dc091e6bff6c101d8782905ec18d8a8d571274e62588872f58d
+  data.tar.gz: 7aa8635232484d7b4ef171d1714ab59805cd82e1b8c0d44d70174b903805376cf08e8ce48030f33f0efeb8d4ce845b8f2ad6b0f3deeb30bef602ffa86b092387

data/.github/workflows/test.yml

@@ -0,0 +1,32 @@
+name: Test
+
+on:
+  - pull_request
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - "2.4"
+          - "2.5"
+          - "2.6"
+          - "2.7"
+    env:
+      BUNDLE_WITHOUT: release
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install Ruby ${{ matrix.ruby }}
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - name: Run spec tests
+        run: bundle exec rake test:spec
+      # It seems some additonal setup of Docker may be needed for
+      # the acceptance tests to work.
+      # - name: Run acceptance tests
+      #   run: bundle exec rake test:acceptance

data/README.md

@@ -6,25 +6,94 @@ Beaker library to use docker hypervisor
 
 This gem that allows you to use hosts with [docker](docker.md) hypervisor with [beaker](https://github.com/puppetlabs/beaker).
 
-Beaker will automatically load the appropriate hypervisors for any given hosts file, so as long as your project dependencies are satisfied there's nothing else to do. No need to `require` this library in your tests.
+Beaker will automatically load the appropriate hypervisors for any given hosts
+file, so as long as your project dependencies are satisfied there's nothing else
+to do. No need to `require` this library in your tests.
 
-## With Beaker 3.x
-
-This library is included as a dependency of Beaker 3.x versions, so there's nothing to do.
-
-## With Beaker 4.x
-
-As of Beaker 4.0, all hypervisor and DSL extension libraries have been removed and are no longer dependencies. In order to use a specific hypervisor or DSL extension library in your project, you will need to include them alongside Beaker in your Gemfile or project.gemspec. E.g.
+In order to use a specific hypervisor or DSL extension library in your project,
+you will need to include them alongside Beaker in your Gemfile or
+project.gemspec. E.g.
 
 ~~~ruby
 # Gemfile
-gem 'beaker', '~>4.0'
-gem 'beaker-aws'
+gem 'beaker', '~> 4.0'
+gem 'beaker-docker'
 # project.gemspec
-s.add_runtime_dependency 'beaker', '~>4.0'
-s.add_runtime_dependency 'beaker-aws'
+s.add_runtime_dependency 'beaker', '~> 4.0'
+s.add_runtime_dependency 'beaker-docker'
 ~~~
 
+## Nodeset Options
+
+The following is a sample nodeset:
+
+~~~yaml
+HOSTS:
+  el8:
+    platform: el-8-x86_64
+    hypervisor: docker
+    image: centos:8
+    docker_cmd: '["/sbin/init"]'
+    # Run arbitrary things
+    docker_image_commands:
+      - 'touch /tmp/myfile'
+    dockeropts:
+      Labels:
+        thing: 'stuff'
+      HostConfig:
+        Privileged: true
+  el7:
+    platform: el-7-x86_64
+    hypervisor: docker
+    image: centos:7
+    # EL7 images do not support nested systemd
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+CONFIG:
+  docker_cap_add:
+    - AUDIT_WRITE
+~~~
+
+## Privileged containers
+
+Containers are **not** run in privileged mode by default for safety.
+
+If you wish to enable privileged mode, simply set the following in your node:
+
+~~~yaml
+dockeropts:
+  HostConfig:
+    Privileged: true
+~~~
+
+## Cleaning up after tests
+
+Containers created by this plugin may not be destroyed unless the tests complete
+successfully. Each container created is prefixed by `beaker-` to make filtering
+for clean up easier.
+
+A quick way to clean up all nodes is as follows:
+
+~~~sh
+podman rm -f $( podman ps -q -f name="beaker-*" )
+~~~
+
+# Working with `podman`
+
+If you're using a version of `podman` that has API socket support then you
+should be able to simply set `DOCKER_HOST` to your socket and connect as usual.
+
+You also need to ensure that you're using a version of the `docker-api` gem that
+supports `podman`.
+
+You may find that not all of your tests work as expected. This will be due to
+the tighter system restrictions placed on containers by `podman`. You may need
+to edit the `dockeropts` hash in your nodeset to include different flags in the
+`HostConfig` section.
+
+See the
+[HostConfig](https://any-api.com/docker_com/engine/docs/Definitions/HostConfig)
+portion of the docker API for more information.
+
 # Spec tests
 
 Spec test live under the `spec` folder. There are the default rake task and therefore can run with a simple command:
@@ -34,7 +103,8 @@ bundle exec rake test:spec
 
 # Acceptance tests
 
-There is a simple rake task to invoke acceptance test for the library: 
+There is a simple rake task to invoke acceptance test for the library:
+
 ```bash
 bundle exec rake test:acceptance
 ```

data/Rakefile

@@ -6,14 +6,14 @@ namespace :test do
 
     desc "Run spec tests"
     RSpec::Core::RakeTask.new(:run) do |t|
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 
     desc "Run spec tests with coverage"
     RSpec::Core::RakeTask.new(:coverage) do |t|
       ENV['BEAKER_DOCKER_COVERAGE'] = 'y'
-      t.rspec_opts = ['--color']
+      t.rspec_opts = ['--color', '--format documentation']
       t.pattern = 'spec/'
     end
 

data/acceptance/config/nodes/hosts.yaml

@@ -1,9 +1,9 @@
 ---
 HOSTS:
-  ubuntu1604-64-1:
-    platform: ubuntu-1604-x86_64 
+  centos8:
+    platform: el-8-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:8
     roles:
       - master
       - agent
@@ -12,22 +12,24 @@ HOSTS:
       - classifier
       - default
     docker_cmd: '["/sbin/init"]'
+    docker_cap_add:
+      - AUDIT_WRITE
     dockeropts:
       Labels:
         one: '1'
         two: '2'
-  ubuntu1604-64-2:
-    platform: ubuntu-1604-x86_64
+  centos7:
+    platform: el-7-x86_64
     hypervisor: docker
-    image: ubuntu:16.04
+    image: centos:7
     roles:
       - agent
-    docker_cmd: '["/sbin/init"]'
+    docker_cmd: '/usr/sbin/sshd -D -E /var/log/sshd.log'
+    use_image_entrypoint: true
+    dockeropts:
+      HostConfig:
+        Privileged: true
 CONFIG:
   nfs_server: none
   consoleport: 443
   log_level: verbose
-  dockeropts:
-    Labels:
-      one: '3'
-      two: '4'

data/beaker-docker.gemspec

@@ -20,19 +20,14 @@ Gem::Specification.new do |s|
   # Testing dependencies
   s.add_development_dependency 'rspec', '~> 3.0'
   s.add_development_dependency 'rspec-its'
-  # pin fakefs for Ruby < 2.3
-  if RUBY_VERSION < "2.3"
-    s.add_development_dependency 'fakefs', '~> 0.6', '< 0.14'
-  else
-    s.add_development_dependency 'fakefs', '~> 0.6'
-  end
-  s.add_development_dependency 'rake', '~> 10.1'
+  s.add_development_dependency 'fakefs', '~> 1.3'
+  s.add_development_dependency 'rake', '~> 13.0'
   s.add_development_dependency 'simplecov'
   s.add_development_dependency 'pry', '~> 0.10'
 
   # Run time dependencies
   s.add_runtime_dependency 'stringify-hash', '~> 0.0.0'
-  s.add_runtime_dependency 'docker-api', '< 2.0.0'
+  s.add_runtime_dependency 'docker-api', '< 3.0.0'
 
 end
 

data/lib/beaker-docker/version.rb

@@ -1,3 +1,3 @@
 module BeakerDocker
-  VERSION = '0.7.1'
+  VERSION = '0.8.0'
 end

data/lib/beaker/hypervisor/docker.rb

@@ -19,19 +19,25 @@ module Beaker
       default_docker_options = { :write_timeout => 300, :read_timeout => 300 }.merge(::Docker.options || {})
       # Merge docker options from the entry in hosts file
       ::Docker.options = default_docker_options.merge(@options[:docker_options] || {})
-      # assert that the docker-api gem can talk to your docker
-      # enpoint.  Will raise if there is a version mismatch
+
+      # Ensure that we can correctly communicate with the docker API
       begin
-        ::Docker.validate_version!
+        @docker_version = ::Docker.version
       rescue Excon::Errors::SocketError => e
-        raise "Docker instance not connectable.\nError was: #{e}\nCheck your DOCKER_HOST variable has been set\nIf you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/\n"
+        raise <<~ERRMSG
+          Docker instance not connectable
+          Error was: #{e}
+          * Check your DOCKER_HOST variable has been set
+          * If you are on OSX or Windows, you might not have Docker Machine setup correctly: https://docs.docker.com/machine/
+          * If you are using rootless podman, you might need to set up your local socket and service
+          ERRMSG
       end
 
       # Pass on all the logging from docker-api to the beaker logger instance
       ::Docker.logger = @logger
 
       # Find out what kind of remote instance we are talking against
-      if ::Docker.version['Version'] =~ /swarm/
+      if @docker_version['Version'] =~ /swarm/
         @docker_type = 'swarm'
         unless ENV['DOCKER_REGISTRY']
           raise "Using Swarm with beaker requires a private registry. Please setup the private registry and set the 'DOCKER_REGISTRY' env var"
@@ -41,10 +47,21 @@ module Beaker
       else
         @docker_type = 'docker'
       end
-
     end
 
     def install_and_run_ssh(host)
+      def host.enable_root_login(host,opts)
+        logger.debug("Root login already enabled for #{host}")
+      end
+
+      # If the container is running ssh as its init process then this method
+      # will cause issues.
+      if host[:docker_cmd] =~ /sshd/
+        def host.ssh_service_restart
+          self[:docker_container].exec(%w(kill -1 1))
+        end
+      end
+
       host['dockerfile'] || host['use_image_entry_point']
     end
 
@@ -62,7 +79,6 @@ module Beaker
             '22/tcp' => [{ 'HostPort' => rand.to_s[2..5], 'HostIp' => '0.0.0.0'}]
           },
           'PublishAllPorts' => true,
-          'Privileged' => true,
           'RestartPolicy' => {
             'Name' => 'always'
           }
@@ -109,6 +125,45 @@ module Beaker
                   { rm: true, buildargs: buildargs_for(host) })
     end
 
+    # Find out where the ssh port is from the container
+    # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
+    # IP of the swarm slave via the container data
+    # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
+    def get_ssh_connection_info(container)
+      ssh_connection_info = {
+        ip: nil,
+        port: nil
+      }
+
+      # Talking against a remote docker host which is a normal docker host
+      if @docker_type == 'docker' && ENV['DOCKER_HOST'] && !ENV.fetch('DOCKER_HOST','').include?(':///')
+        ip = URI.parse(ENV['DOCKER_HOST']).host
+      else
+        # Swarm or local docker host
+        if in_container?
+          ip = container.json["NetworkSettings"]["Gateway"]
+        else
+          ip = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostIp"]
+        end
+      end
+
+      network_settings = container.json['NetworkSettings']
+      host_config = container.json['HostConfig']
+
+      port = '22'
+      if host_config['NetworkMode'] == 'bridge' && network_settings['IPAddress'] && !network_settings['IPAddress'].empty?
+        ssh_connection_info[:ip] = network_settings['IPAddress']
+      else
+        port = network_settings['Ports']['22/tcp'][0]['HostPort']
+
+        # Update host metadata
+        ssh_connection_info[:ip] = (ip == '0.0.0.0') ? '127.0.0.1' : ip
+      end
+
+      ssh_connection_info[:port] = port
+      ssh_connection_info
+    end
+
     def provision
       @logger.notify "Provisioning docker"
 
@@ -156,7 +211,12 @@ module Beaker
                 host_path = "/" + host_path.gsub(/^.\:/, host_path[/^(.)/].downcase)
               end
               a = [ host_path, mount['container_path'] ]
-              a << mount['opts'] if mount.has_key?('opts')
+              if mount.has_key?('opts')
+                a << mount['opts'] if mount.has_key?('opts')
+              else
+                a << mount['opts'] = 'z'
+              end
+
               a.join(':')
             end
           end
@@ -171,10 +231,28 @@ module Beaker
 
           if host['docker_container_name']
             container_opts['name'] = host['docker_container_name']
+          else
+            container_opts['name'] = ['beaker', host.name, SecureRandom.uuid.split('-').last].join('-')
           end
 
           @logger.debug("Creating container from image #{image_name}")
-          container = ::Docker::Container.create(container_opts)
+
+          ok=false
+          retries=0
+          while(!ok && (retries < 5))
+            container = ::Docker::Container.create(container_opts)
+
+            if (get_ssh_connection_info(container)[:port].to_i < 1024) && (Process.uid != 0)
+              @logger.debug("#{host} was given a port less than 1024 but you are not running as root, retrying")
+
+              container.delete
+
+              retries+=1
+              next
+            end
+
+            ok=true
+          end
         else
           host['use_existing_container'] = true
         end
@@ -189,36 +267,29 @@ module Beaker
         @logger.debug("Starting container #{container.id}")
         container.start
 
+        # Preserve the ability to talk directly to the underlying API
+        #
+        # You can use any method defined by the docker-api gem on this object
+        # https://github.com/swipely/docker-api
+        host[:docker_container] = container
+
+        ssh_connection_info = get_ssh_connection_info(container)
+
+        ip = ssh_connection_info[:ip]
+        port = ssh_connection_info[:port]
+
+        @logger.info("Using container connection at #{ip}:#{port}")
+
         if install_and_run_ssh(host)
           @logger.notify("Installing ssh components and starting ssh daemon in #{host} container")
           install_ssh_components(container, host)
           # run fixssh to configure and start the ssh service
           fix_ssh(container, host)
         end
-        # Find out where the ssh port is from the container
-        # When running on swarm DOCKER_HOST points to the swarm manager so we have to get the
-        # IP of the swarm slave via the container data
-        # When we are talking to a normal docker instance DOCKER_HOST can point to a remote docker instance.
-
-        # Talking against a remote docker host which is a normal docker host
-        if @docker_type == 'docker' && ENV['DOCKER_HOST']
-          ip = URI.parse(ENV['DOCKER_HOST']).host
-        else
-          # Swarm or local docker host
-          if in_container?
-            ip = container.json["NetworkSettings"]["Gateway"]
-          else
-            ip = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostIp"]
-          end
-        end
-
-        @logger.info("Using docker server at #{ip}")
-        port = container.json["NetworkSettings"]["Ports"]["22/tcp"][0]["HostPort"]
 
         forward_ssh_agent = @options[:forward_ssh_agent] || false
 
-        # Update host metadata
-        host['ip']  = ip
+        host['ip'] = ip
         host['port'] = port
         host['ssh']  = {
           :password => root_password,
@@ -232,10 +303,12 @@ module Beaker
         host['docker_image_id'] = image.id
         host['vm_ip'] = container.json["NetworkSettings"]["IPAddress"].to_s
 
+        def host.reboot
+          @logger.warn("Rebooting containers is ineffective...ignoring")
+        end
       end
 
       hack_etc_hosts @hosts, @options
-
     end
 
     # This sideloads sshd after a container starts
@@ -244,19 +317,23 @@ module Beaker
       when /ubuntu/, /debian/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /cumulus/
         container.exec(%w(apt-get update))
         container.exec(%w(apt-get install -y openssh-server openssh-client))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /fedora-(2[2-9])/
         container.exec(%w(dnf clean all))
         container.exec(%w(dnf install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
         container.exec(%w(yum clean all))
         container.exec(%w(yum install -y sudo openssh-server openssh-clients))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
         container.exec(%w(ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key))
+        container.exec(%w(sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*))
       when /opensuse/, /sles/
         container.exec(%w(zypper -n in openssh))
         container.exec(%w(ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key))
@@ -372,71 +449,76 @@ module Beaker
       case host['platform']
       when /ubuntu/, /debian/
         service_name = "ssh"
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::DEBIAN_PACKAGES.join(' ')}
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when  /cumulus/
-          dockerfile += <<-EOF
+          dockerfile += <<~EOF
           RUN apt-get update
           RUN apt-get install -y openssh-server openssh-client #{Beaker::HostPrebuiltSteps::CUMULUS_PACKAGES.join(' ')}
-        EOF
+          EOF
       when /fedora-(2[2-9])/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN dnf clean all
           RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /el-8/
-        dockerfile += <<-EOF
-          RUN yum clean all
-          RUN yum install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::RHEL8_PACKAGES.join(' ')}
+        dockerfile += <<~EOF
+          RUN dnf clean all
+          RUN dnf install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::RHEL8_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /^el-/, /centos/, /fedora/, /redhat/, /eos/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN yum clean all
           RUN yum install -y sudo openssh-server openssh-clients #{Beaker::HostPrebuiltSteps::UNIX_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /opensuse/, /sles/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN zypper -n in openssh #{Beaker::HostPrebuiltSteps::SLES_PACKAGES.join(' ')}
           RUN ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
           RUN ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
-        EOF
+          RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/*
+          EOF
       when /archlinux/
-        dockerfile += <<-EOF
+        dockerfile += <<~EOF
           RUN pacman --noconfirm -Sy archlinux-keyring
           RUN pacman --noconfirm -Syu
           RUN pacman -S --noconfirm openssh #{Beaker::HostPrebuiltSteps::ARCHLINUX_PACKAGES.join(' ')}
           RUN ssh-keygen -A
           RUN sed -ri 's/^#?UsePAM .*/UsePAM no/' /etc/ssh/sshd_config
           RUN systemctl enable sshd
-        EOF
+          EOF
       else
         # TODO add more platform steps here
         raise "platform #{host['platform']} not yet supported on docker"
       end
 
       # Make sshd directory, set root password
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN mkdir -p /var/run/sshd
         RUN echo root:#{root_password} | chpasswd
-      EOF
+        EOF
 
       # Configure sshd service to allowroot login using password
       # Also, disable reverse DNS lookups to prevent every. single. ssh
       # operation taking 30 seconds while the lookup times out.
-      dockerfile += <<-EOF
+      dockerfile += <<~EOF
         RUN sed -ri 's/^#?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?PasswordAuthentication .*/PasswordAuthentication yes/' /etc/ssh/sshd_config
         RUN sed -ri 's/^#?UseDNS .*/UseDNS no/' /etc/ssh/sshd_config
-      EOF
+        EOF
 
 
       # Any extra commands specified for the host