src/tests/containerizer/docker_common.hpp - mesos - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 #ifndef __TEST_DOCKER_COMMON_HPP__
 #define __TEST_DOCKER_COMMON_HPP__

 #include <string>

 #include <process/future.hpp>
 #include <process/gtest.hpp>
 #include <process/io.hpp>
 #include <process/owned.hpp>
 #include <process/subprocess.hpp>

 #include <stout/format.hpp>
 #include <stout/gtest.hpp>
 #include <stout/lambda.hpp>
 #include <stout/nothing.hpp>
 #include <stout/option.hpp>
 #include <stout/try.hpp>

 #include <stout/os/mkdtemp.hpp>

 #include "docker/docker.hpp"

 #include "tests/flags.hpp"

 namespace mesos {
 namespace internal {
 namespace tests {

 #ifdef __WINDOWS__
 // The following image is the microsoft/nanoserver image with
 // ContainerAdministrator as the default user. There are some permission bugs
 // with accessing volume mounts in process (but not Hyper-V) isolation as
 // the regular ContainerUser user, but accesing them as ContainerAdministrator
 // works fine.
 static constexpr char DOCKER_TEST_IMAGE[] = "akagup/nano-admin";

 // We use a custom HTTP(S) server here, because the official `microsoft/iis`
 // HTTP server image is ~20x larger than this one, so pulling it takes too
 // long. This server supports HTTP and HTTPS listening on port 80 and 443.
 // For more information, see https://github.com/gupta-ak/https-server.
 static constexpr char DOCKER_HTTP_IMAGE[] = "akagup/https-server";
 static constexpr char DOCKER_HTTP_COMMAND[] = "http.exe";
 static constexpr char DOCKER_HTTPS_IMAGE[] = "akagup/https-server";
 static constexpr char DOCKER_HTTPS_COMMAND[] = "http.exe";
 #else
 static constexpr char DOCKER_TEST_IMAGE[] = "alpine";

 // The HTTP server is netcat running on alpine.
 static constexpr char DOCKER_HTTP_IMAGE[] = "alpine";
 static constexpr char DOCKER_HTTP_COMMAND[] =
   "nc -lk -p 80 -e echo -e \"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\"";

 // Refer to https://github.com/qianzhangxa/https-server for
 // how the Docker image `zhq527725/https-server` works.
 static constexpr char DOCKER_HTTPS_IMAGE[] = "zhq527725/https-server";
 static constexpr char DOCKER_HTTPS_COMMAND[] = "python https_server.py 443";
 #endif // __WINDOWS__

 constexpr char DOCKER_IPv6_NETWORK[] = "mesos-docker-ip6-test";


 inline process::Future<Nothing> pullDockerImage(const std::string& imageName)
 {
   Try<process::Owned<Docker>> docker =
     Docker::create(tests::flags.docker, tests::flags.docker_socket, false);

   if (docker.isError()) {
     return process::Failure(docker.error());
   }

   const Try<std::string> directory = os::mkdtemp();
   if (directory.isError()) {
     return process::Failure(docker.error());
   }

   return docker.get()->pull(directory.get(), imageName)
     .then([]() {
       // `Docker::pull` returns a `Future<Docker::Image`>, but we only really
       // if the pull was successful, so we just return `Nothing` to match the
       // return type of `pullDockerImage`.
       return Nothing();
     })
     .onAny([directory]() -> process::Future<Nothing> {
       Try<Nothing> rmdir = os::rmdir(directory.get());
       if (rmdir.isError()) {
         return process::Failure(rmdir.error());
       }
       return Nothing();
     });
 }


 inline void createDockerIPv6UserNetwork()
 {
   // Docker IPv6 is not supported on Windows, so no-op on that platform.
   // TODO(akagup): Remove the #ifdef when Windows supports IPv6 networks
   // in docker containers. See MESOS-8566.
 #ifndef __WINDOWS__
   // Create a Docker user network with IPv6 enabled.
   Try<std::string> dockerCommand = strings::format(
       "docker network create --driver=bridge --ipv6 "
       "--subnet=fd01::/64 %s",
       DOCKER_IPv6_NETWORK);

   Try<process::Subprocess> s = process::subprocess(
       dockerCommand.get(),
       process::Subprocess::PATH("/dev/null"),
       process::Subprocess::PATH("/dev/null"),
       process::Subprocess::PIPE());

   ASSERT_SOME(s) << "Unable to create the Docker IPv6 network: "
                  << DOCKER_IPv6_NETWORK;

   process::Future<std::string> err = process::io::read(s->err().get());

   // Wait for the network to be created.
   AWAIT_READY(s->status());
   AWAIT_READY(err);

   ASSERT_SOME(s->status().get());
   ASSERT_EQ(s->status()->get(), 0)
     << "Unable to create the Docker IPv6 network "
     << DOCKER_IPv6_NETWORK
     << " : " << err.get();
 #endif // __WINDOWS__
 }


 inline void removeDockerIPv6UserNetwork()
 {
   // Docker IPv6 is not supported on Windows, so no-op on that platform.
   // TODO(akagup): Remove the #ifdef when Windows supports IPv6 networks
   // in docker containers. See MESOS-8566.
 #ifndef __WINDOWS__
   // Delete the Docker user network.
   Try<std::string> dockerCommand =
     strings::format("docker network rm %s", DOCKER_IPv6_NETWORK);

   Try<process::Subprocess> s = subprocess(
       dockerCommand.get(),
       process::Subprocess::PATH("/dev/null"),
       process::Subprocess::PATH("/dev/null"),
       process::Subprocess::PIPE());

   // This is best effort cleanup. In case of an error just a log an
   // error.
   ASSERT_SOME(s) << "Unable to delete the Docker IPv6 network: "
                  << DOCKER_IPv6_NETWORK;

   process::Future<std::string> err = process::io::read(s->err().get());

   // Wait for the network to be deleted.
   AWAIT_READY(s->status());
   AWAIT_READY(err);

   ASSERT_SOME(s->status().get());
   ASSERT_EQ(s->status()->get(), 0)
     << "Unable to delete the Docker IPv6 network "
     << DOCKER_IPv6_NETWORK
     << " : " << err.get();
 #endif // __WINDOWS__
 }


 inline void assertDockerKillStatus(process::Future<Option<int>>& status)
 {
 #ifdef __WINDOWS__
   // On Windows, there is no standard exit code for determining if a process
   // as been killed. However, in Docker, it will not return 0.
   AWAIT_EXPECT_WEXITSTATUS_NE(0, status.get());
 #else
   AWAIT_EXPECT_WEXITSTATUS_EQ(128 + SIGKILL, status);
 #endif // __WINDOWS__
 }

 } // namespace tests {
 } // namespace internal {
 } // namespace mesos {

 #endif // __TEST_DOCKER_COMMON_HPP__
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	#ifndef __TEST_DOCKER_COMMON_HPP__
	#define __TEST_DOCKER_COMMON_HPP__

	#include <string>

	#include <process/future.hpp>
	#include <process/gtest.hpp>
	#include <process/io.hpp>
	#include <process/owned.hpp>
	#include <process/subprocess.hpp>

	#include <stout/format.hpp>
	#include <stout/gtest.hpp>
	#include <stout/lambda.hpp>
	#include <stout/nothing.hpp>
	#include <stout/option.hpp>
	#include <stout/try.hpp>

	#include <stout/os/mkdtemp.hpp>

	#include "docker/docker.hpp"

	#include "tests/flags.hpp"

	namespace mesos {
	namespace internal {
	namespace tests {

	#ifdef __WINDOWS__
	// The following image is the microsoft/nanoserver image with
	// ContainerAdministrator as the default user. There are some permission bugs
	// with accessing volume mounts in process (but not Hyper-V) isolation as
	// the regular ContainerUser user, but accesing them as ContainerAdministrator
	// works fine.
	static constexpr char DOCKER_TEST_IMAGE[] = "akagup/nano-admin";

	// We use a custom HTTP(S) server here, because the official `microsoft/iis`
	// HTTP server image is ~20x larger than this one, so pulling it takes too
	// long. This server supports HTTP and HTTPS listening on port 80 and 443.
	// For more information, see https://github.com/gupta-ak/https-server.
	static constexpr char DOCKER_HTTP_IMAGE[] = "akagup/https-server";
	static constexpr char DOCKER_HTTP_COMMAND[] = "http.exe";
	static constexpr char DOCKER_HTTPS_IMAGE[] = "akagup/https-server";
	static constexpr char DOCKER_HTTPS_COMMAND[] = "http.exe";
	#else
	static constexpr char DOCKER_TEST_IMAGE[] = "alpine";

	// The HTTP server is netcat running on alpine.
	static constexpr char DOCKER_HTTP_IMAGE[] = "alpine";
	static constexpr char DOCKER_HTTP_COMMAND[] =
	"nc -lk -p 80 -e echo -e \"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\"";

	// Refer to https://github.com/qianzhangxa/https-server for
	// how the Docker image `zhq527725/https-server` works.
	static constexpr char DOCKER_HTTPS_IMAGE[] = "zhq527725/https-server";
	static constexpr char DOCKER_HTTPS_COMMAND[] = "python https_server.py 443";
	#endif // __WINDOWS__

	constexpr char DOCKER_IPv6_NETWORK[] = "mesos-docker-ip6-test";


	inline process::Future<Nothing> pullDockerImage(const std::string& imageName)
	{
	Try<process::Owned<Docker>> docker =
	Docker::create(tests::flags.docker, tests::flags.docker_socket, false);

	if (docker.isError()) {
	return process::Failure(docker.error());
	}

	const Try<std::string> directory = os::mkdtemp();
	if (directory.isError()) {
	return process::Failure(docker.error());
	}

	return docker.get()->pull(directory.get(), imageName)
	.then([]() {
	// `Docker::pull` returns a `Future<Docker::Image`>, but we only really
	// if the pull was successful, so we just return `Nothing` to match the
	// return type of `pullDockerImage`.
	return Nothing();
	})
	.onAny([directory]() -> process::Future<Nothing> {
	Try<Nothing> rmdir = os::rmdir(directory.get());
	if (rmdir.isError()) {
	return process::Failure(rmdir.error());
	}
	return Nothing();
	});
	}


	inline void createDockerIPv6UserNetwork()
	{
	// Docker IPv6 is not supported on Windows, so no-op on that platform.
	// TODO(akagup): Remove the #ifdef when Windows supports IPv6 networks
	// in docker containers. See MESOS-8566.
	#ifndef __WINDOWS__
	// Create a Docker user network with IPv6 enabled.
	Try<std::string> dockerCommand = strings::format(
	"docker network create --driver=bridge --ipv6 "
	"--subnet=fd01::/64 %s",
	DOCKER_IPv6_NETWORK);

	Try<process::Subprocess> s = process::subprocess(
	dockerCommand.get(),
	process::Subprocess::PATH("/dev/null"),
	process::Subprocess::PATH("/dev/null"),
	process::Subprocess::PIPE());

	ASSERT_SOME(s) << "Unable to create the Docker IPv6 network: "
	<< DOCKER_IPv6_NETWORK;

	process::Future<std::string> err = process::io::read(s->err().get());

	// Wait for the network to be created.
	AWAIT_READY(s->status());
	AWAIT_READY(err);

	ASSERT_SOME(s->status().get());
	ASSERT_EQ(s->status()->get(), 0)
	<< "Unable to create the Docker IPv6 network "
	<< DOCKER_IPv6_NETWORK
	<< " : " << err.get();
	#endif // __WINDOWS__
	}


	inline void removeDockerIPv6UserNetwork()
	{
	// Docker IPv6 is not supported on Windows, so no-op on that platform.
	// TODO(akagup): Remove the #ifdef when Windows supports IPv6 networks
	// in docker containers. See MESOS-8566.
	#ifndef __WINDOWS__
	// Delete the Docker user network.
	Try<std::string> dockerCommand =
	strings::format("docker network rm %s", DOCKER_IPv6_NETWORK);

	Try<process::Subprocess> s = subprocess(
	dockerCommand.get(),
	process::Subprocess::PATH("/dev/null"),
	process::Subprocess::PATH("/dev/null"),
	process::Subprocess::PIPE());

	// This is best effort cleanup. In case of an error just a log an
	// error.
	ASSERT_SOME(s) << "Unable to delete the Docker IPv6 network: "
	<< DOCKER_IPv6_NETWORK;

	process::Future<std::string> err = process::io::read(s->err().get());

	// Wait for the network to be deleted.
	AWAIT_READY(s->status());
	AWAIT_READY(err);

	ASSERT_SOME(s->status().get());
	ASSERT_EQ(s->status()->get(), 0)
	<< "Unable to delete the Docker IPv6 network "
	<< DOCKER_IPv6_NETWORK
	<< " : " << err.get();
	#endif // __WINDOWS__
	}


	inline void assertDockerKillStatus(process::Future<Option<int>>& status)
	{
	#ifdef __WINDOWS__
	// On Windows, there is no standard exit code for determining if a process
	// as been killed. However, in Docker, it will not return 0.
	AWAIT_EXPECT_WEXITSTATUS_NE(0, status.get());
	#else
	AWAIT_EXPECT_WEXITSTATUS_EQ(128 + SIGKILL, status);
	#endif // __WINDOWS__
	}

	} // namespace tests {
	} // namespace internal {
	} // namespace mesos {

	#endif // __TEST_DOCKER_COMMON_HPP__