func (c *checker) run(logger lager.Logger, container garden.Container) (garden.Process, error) {
logger = logger.Session("run", lager.Data{
"processPath": c.healthcheckSpec.Path,
"processArgs": c.healthcheckSpec.Args,
"processUser": c.healthcheckSpec.User,
"processEnv": c.healthcheckSpec.Env,
"processDir": c.healthcheckSpec.Dir,
})
logger.Debug("starting")
defer logger.Debug("finished")
var proc garden.Process
err := retryOnFail(c.retryInterval, func(attempt uint) (runErr error) {
proc, runErr = container.Run(c.healthcheckSpec, garden.ProcessIO{})
if runErr != nil {
logger.Error("failed", runErr, lager.Data{"attempt": attempt})
return runErr
}
logger.Debug("succeeded", lager.Data{"attempt": attempt})
return nil
})
return proc, err
}
func runCommand(container garden.Container, path string, args []string) {
proc, err := container.Run(
garden.ProcessSpec{
Path: path,
Args: args,
},
ginkgoIO)
Expect(err).NotTo(HaveOccurred())
exitCode, err := proc.Wait()
Expect(err).NotTo(HaveOccurred())
Expect(exitCode).To(Equal(0))
}
func listenInContainer(container garden.Container, containerPort uint32) error {
_, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "sh",
Args: []string{"-c", fmt.Sprintf("echo %d | nc -l -p %d", containerPort, containerPort)},
}, garden.ProcessIO{
Stdout: GinkgoWriter,
Stderr: GinkgoWriter,
})
Expect(err).ToNot(HaveOccurred())
time.Sleep(2 * time.Second)
return err
}
func runInContainer(container garden.Container, script string) (garden.Process, *gbytes.Buffer) {
out := gbytes.NewBuffer()
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "sh",
Args: []string{"-c", script},
}, garden.ProcessIO{
Stdout: io.MultiWriter(out, GinkgoWriter),
Stderr: GinkgoWriter,
})
Expect(err).ToNot(HaveOccurred())
return process, out
}
func AssertMemoryLimits(container garden.Container) {
buf := make([]byte, 0, 1024*1024)
stdout := bytes.NewBuffer(buf)
process, err := container.Run(garden.ProcessSpec{
Path: "bin/consume.exe",
Args: []string{"memory", "128"},
}, garden.ProcessIO{Stdout: stdout})
Expect(err).ShouldNot(HaveOccurred())
exitCode, err := process.Wait()
Expect(err).ShouldNot(HaveOccurred())
// consume script will exit 42 if it is not killed
Expect(exitCode).ToNot(Equal(42), "process did not get OOM killed")
Expect(stdout.String()).To(ContainSubstring("Consumed: 3 mb"))
}
func canCreateAndUseFuseFileSystem(container garden.Container, user string) {
mountpoint := "/tmp/fuse-test"
process, err := container.Run(garden.ProcessSpec{
User: user,
Path: "mkdir",
Args: []string{"-p", mountpoint},
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0), "Could not make temporary directory!")
process, err = container.Run(garden.ProcessSpec{
User: user,
Path: "/usr/bin/hellofs",
Args: []string{mountpoint},
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0), "Failed to mount hello filesystem.")
stdout := gbytes.NewBuffer()
process, err = container.Run(garden.ProcessSpec{
User: user,
Path: "cat",
Args: []string{filepath.Join(mountpoint, "hello")},
}, garden.ProcessIO{Stdout: stdout, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0), "Failed to find hello file.")
Expect(stdout).To(gbytes.Say("Hello World!"))
process, err = container.Run(garden.ProcessSpec{
User: user,
Path: "fusermount",
Args: []string{"-u", mountpoint},
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0), "Failed to unmount user filesystem.")
stdout2 := gbytes.NewBuffer()
process, err = container.Run(garden.ProcessSpec{
User: user,
Path: "ls",
Args: []string{mountpoint},
}, garden.ProcessIO{Stdout: stdout2, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0))
Expect(stdout2).ToNot(gbytes.Say("hello"), "Fuse filesystem appears still to be visible after being unmounted.")
}
func ethInterfaceName(container garden.Container) string {
buffer := gbytes.NewBuffer()
proc, err := container.Run(
garden.ProcessSpec{
Path: "sh",
Args: []string{"-c", "ifconfig | grep 'Ethernet' | cut -f 1 -d ' '"},
User: "******",
},
garden.ProcessIO{
Stdout: buffer,
Stderr: GinkgoWriter,
},
)
Expect(err).NotTo(HaveOccurred())
Expect(proc.Wait()).To(Equal(0))
contIfaceName := string(buffer.Contents()) // w3-abc-1
return contIfaceName[:len(contIfaceName)-2] + "0" // w3-abc-0
}
func checkConnection(container garden.Container, ip string, port int) error {
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "sh",
Args: []string{"-c", fmt.Sprintf("echo hello | nc -w1 %s %d", ip, port)},
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
if err != nil {
return err
}
exitCode, err := process.Wait()
if err != nil {
return err
}
if exitCode == 0 {
return nil
} else {
return fmt.Errorf("Request failed. Process exited with code %d", exitCode)
}
}
func createContainerTestFileIn(container garden.Container, dir string) string {
fileName := "bind-mount-test-file"
filePath := filepath.Join(dir, fileName)
process, err := container.Run(garden.ProcessSpec{
Path: "touch",
Args: []string{filePath},
User: "******",
}, garden.ProcessIO{nil, os.Stdout, os.Stderr})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0))
process, err = container.Run(garden.ProcessSpec{
Path: "chmod",
Args: []string{"0777", filePath},
User: "******",
}, garden.ProcessIO{nil, os.Stdout, os.Stderr})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0))
return fileName
}
func checkFileAccess(container garden.Container, bindMountMode garden.BindMountMode, bindMountOrigin garden.BindMountOrigin, dstPath string, fileName string, privCtr, privReq bool) {
readOnly := (garden.BindMountModeRO == bindMountMode)
ctrOrigin := (garden.BindMountOriginContainer == bindMountOrigin)
realRoot := (privReq && privCtr)
// can we read a file?
filePath := filepath.Join(dstPath, fileName)
var user string
if privReq {
user = "******"
} else {
user = "******"
}
process, err := container.Run(garden.ProcessSpec{
Path: "cat",
Args: []string{filePath},
User: user,
}, garden.ProcessIO{})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0))
// try to write a new file
filePath = filepath.Join(dstPath, "checkFileAccess-file")
process, err = container.Run(garden.ProcessSpec{
Path: "touch",
Args: []string{filePath},
User: user,
}, garden.ProcessIO{
Stderr: GinkgoWriter,
Stdout: GinkgoWriter,
})
Expect(err).ToNot(HaveOccurred())
if readOnly || (!realRoot && !ctrOrigin) {
Expect(process.Wait()).ToNot(Equal(0))
} else {
Expect(process.Wait()).To(Equal(0))
}
// try to delete an existing file
filePath = filepath.Join(dstPath, fileName)
process, err = container.Run(garden.ProcessSpec{
Path: "rm",
Args: []string{filePath},
User: user,
}, garden.ProcessIO{})
Expect(err).ToNot(HaveOccurred())
if readOnly || (!realRoot && !ctrOrigin) {
Expect(process.Wait()).ToNot(Equal(0))
} else {
Expect(process.Wait()).To(Equal(0))
}
}
Expect(err).ShouldNot(HaveOccurred())
defer tarFile.Close()
err = c.StreamIn(garden.StreamInSpec{Path: "bin", TarStream: tarFile})
Expect(err).ShouldNot(HaveOccurred())
})
AfterEach(func() {
err := client.Destroy(c.Handle())
Expect(err).ShouldNot(HaveOccurred())
})
testConnection := func(protocol, address string, port uint16) (garden.Process, error) {
return c.Run(garden.ProcessSpec{
Path: "bin/connect_to_remote_url.exe",
Env: []string{
fmt.Sprintf("PROTOCOL=%v", protocol),
fmt.Sprintf("ADDRESS=%v:%v", address, port),
},
}, garden.ProcessIO{})
}
openPort := func(proto garden.Protocol, port uint16, ip string) {
rule := garden.NetOutRule{
Protocol: proto,
}
if ip != "" {
parsedIP := net.ParseIP(ip)
Expect(parsedIP).ToNot(BeNil())
rule.Networks = []garden.IPRange{
{
Start: parsedIP,
It("is successfully created with correct privileges for root in container", func() {
checkFileAccess(container, bindMountMode, bindMountOrigin, dstPath, testFileName, privilegedContainer, true)
})
Context("and the parents of the dstPath don't yet exist", func() {
BeforeEach(func() {
dstPath = "/home/alice/has/a/restaurant/readonly"
})
It("successfully creates the parents of the dstPath with correct ownership for root in the container", func() {
out := gbytes.NewBuffer()
proc, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "ls",
Args: []string{"-l", "/home/alice/has"},
}, garden.ProcessIO{
Stdout: io.MultiWriter(out, GinkgoWriter),
Stderr: GinkgoWriter,
})
Expect(err).NotTo(HaveOccurred())
Expect(proc.Wait()).To(Equal(0))
Expect(out).To(gbytes.Say(`root`))
})
})
})
})
Context("which is read-write", func() {
BeforeEach(func() {
bindMountMode = garden.BindMountModeRW
dstPath = "/home/alice/readwrite"
})
AfterEach(func() {
if container2 != nil {
Expect(client.Destroy(container2.Handle())).To(Succeed())
}
})
Context("with a non-privileged container", func() {
BeforeEach(func() {
privilegedContainer = false
})
It("should use the updated rootfs when creating a new container", func() {
process, err := container2.Run(garden.ProcessSpec{
Path: "/ls",
User: "******",
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
Expect(err).NotTo(HaveOccurred())
exitStatus, err := process.Wait()
Expect(err).NotTo(HaveOccurred())
Expect(exitStatus).To(Equal(0))
})
})
})
})
func startV1DockerRegistry(dockerRegistryIP string, dockerRegistryPort string) garden.Container {
dockerRegistry, err := client.Create(
garden.ContainerSpec{
JustBeforeEach(func() {
client = startGarden()
var err error
container, err = client.Create(garden.ContainerSpec{
RootFSPath: fuseRootFSPath,
Privileged: privilegedContainer,
})
Expect(err).ToNot(HaveOccurred())
})
Describe("/dev/fuse", func() {
It("is a character special device file", func() {
process, err := container.Run(garden.ProcessSpec{
User: user,
Path: "/usr/bin/test",
Args: []string{"-c", "/dev/fuse"},
}, garden.ProcessIO{Stdout: GinkgoWriter, Stderr: GinkgoWriter})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0), "/dev/fuse cannot be found or is not a character special device.")
})
Context("in a privileged Container", func() {
BeforeEach(func() {
privilegedContainer = true
})
Context("a privileged process", func() {
BeforeEach(func() {
user = "******"
})
It("overrides the container's internal port with it's external port", func() {
By("Creating two NetIn mappings")
const externalPort1, internalPort1 uint32 = 1000, 1001
_, _, err := c.NetIn(externalPort1, internalPort1)
Expect(err).ShouldNot(HaveOccurred())
const externalPort2, internalPort2 uint32 = 2000, 2001
_, _, err = c.NetIn(externalPort2, internalPort2)
Expect(err).ShouldNot(HaveOccurred())
By("Mapping 1's container port is substituted for it's external port")
stdout := bytes.NewBuffer(make([]byte, 0, 1024*1024))
process, err := c.Run(garden.ProcessSpec{
Path: "bin/show_port.bat",
Env: []string{fmt.Sprintf("PORT=%v", internalPort1)},
}, garden.ProcessIO{Stdout: stdout})
Expect(err).ShouldNot(HaveOccurred())
_, err = process.Wait()
Expect(err).ShouldNot(HaveOccurred())
Expect(stdout).Should(ContainSubstring(fmt.Sprintf("PORT=%v", externalPort1)))
By("Mapping 2's container port is substituted for it's external port")
stdout = bytes.NewBuffer(make([]byte, 0, 1024*1024))
process, err = c.Run(garden.ProcessSpec{
Path: "bin/show_port.bat",
Env: []string{fmt.Sprintf("PORT=%v", internalPort2)},
}, garden.ProcessIO{Stdout: stdout})
Expect(err).ShouldNot(HaveOccurred())
_, err = process.Wait()
Expect(err).ShouldNot(HaveOccurred())
container, err = client.Create(garden.ContainerSpec{
Network: subnet,
})
Expect(err).NotTo(HaveOccurred())
})
AfterEach(func() {
Expect(client.DestroyAndStop()).To(Succeed())
})
It("should have a loopback interface", func() {
buffer := gbytes.NewBuffer()
proc, err := container.Run(
garden.ProcessSpec{
Path: "ifconfig",
User: "******",
}, garden.ProcessIO{Stdout: io.MultiWriter(GinkgoWriter, buffer), Stderr: GinkgoWriter},
)
Expect(err).NotTo(HaveOccurred())
Expect(proc.Wait()).To(Equal(0))
Expect(buffer).To(gbytes.Say("lo"))
})
It("should have a (dynamically assigned) IP address", func() {
buffer := gbytes.NewBuffer()
proc, err := container.Run(
garden.ProcessSpec{
Path: "ifconfig",
User: "******",
}, garden.ProcessIO{Stdout: io.MultiWriter(GinkgoWriter, buffer), Stderr: io.MultiWriter(GinkgoWriter, buffer)},
Locks: &val0,
Memlock: &val0,
Msgqueue: &val0,
Nice: &val0,
Nproc: &val0,
Rss: &val0,
Rtprio: &val0,
Sigpending: &val0,
}
proc, err := container.Run(
garden.ProcessSpec{
Path: "echo",
Args: []string{"Hello world"},
User: "******",
Limits: rlimits,
},
garden.ProcessIO{
Stdout: GinkgoWriter,
Stderr: GinkgoWriter,
},
)
Expect(err).ToNot(HaveOccurred())
Expect(proc.Wait()).To(Equal(0))
close(done)
}, 10)
})
Describe("Specific resource limits", func() {
Context("CPU rlimit", func() {
Cpu: uint64ptr(3),
Data: uint64ptr(4),
Fsize: uint64ptr(5),
Locks: uint64ptr(6),
Memlock: uint64ptr(7),
Msgqueue: uint64ptr(8),
Nice: uint64ptr(9),
Nofile: uint64ptr(10),
Nproc: uint64ptr(11),
Rss: uint64ptr(12),
Rtprio: uint64ptr(13),
Sigpending: uint64ptr(14),
Stack: uint64ptr(15),
},
}
_, err := container.Run(processSpec, garden.ProcessIO{})
Expect(err).ShouldNot(HaveOccurred())
Eventually(func() []netContainer.ProcessStreamEvent {
return testServer.events
}).Should(ContainElement(netContainer.ProcessStreamEvent{
MessageType: "run",
ApiProcessSpec: processSpec,
}))
})
It("returns the pid of the process", func() {
stdout := gbytes.NewBuffer()
p, err := container.Run(garden.ProcessSpec{}, garden.ProcessIO{
Stdout: stdout,
})
Expect(err).ShouldNot(HaveOccurred())
}
words := strings.Split(string(line), " ")
goroutineCount, err := strconv.ParseUint(words[len(words)-1], 10, 64)
Expect(err).ToNot(HaveOccurred())
return goroutineCount
}
Describe("repeatedly running processes", func() {
Measure("does not leak goroutines", func(b Benchmarker) {
for i := 1; i <= iterations; i++ {
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "echo",
Args: []string{"hi"},
}, garden.ProcessIO{})
Expect(err).ToNot(HaveOccurred())
status, err := process.Wait()
Expect(err).ToNot(HaveOccurred())
Expect(status).To(Equal(0))
if i == 1 {
firstGoroutineCount = getGoroutineCount()
b.RecordValue("first goroutine count", float64(firstGoroutineCount))
}
if i == iterations {
lastGoroutineCount := getGoroutineCount()
Context("when having a container", func() {
var container garden.Container
BeforeEach(func() {
var err error
container, err = gdnr.Lookup("banana")
Expect(err).NotTo(HaveOccurred())
})
Describe("running a process in a container", func() {
It("asks the containerizer to run the process", func() {
origSpec := garden.ProcessSpec{Path: "ripe"}
origIO := garden.ProcessIO{
Stdout: gbytes.NewBuffer(),
}
_, err := container.Run(origSpec, origIO)
Expect(err).ToNot(HaveOccurred())
Expect(containerizer.RunCallCount()).To(Equal(1))
_, id, spec, io := containerizer.RunArgsForCall(0)
Expect(id).To(Equal("banana"))
Expect(spec).To(Equal(origSpec))
Expect(io).To(Equal(origIO))
})
Context("when the containerizer fails to run a process", func() {
BeforeEach(func() {
containerizer.RunReturns(nil, errors.New("lost my banana"))
})
It("returns the error", func() {
var container garden.Container
BeforeEach(func() {
client = startGarden("--containerGraceTime", "3s")
var err error
container, err = client.Create(garden.ContainerSpec{})
Expect(err).ToNot(HaveOccurred())
})
Context("when a request takes longer than the grace time", func() {
It("is not destroyed after the request is over", func() {
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "sleep",
Args: []string{"5"},
}, garden.ProcessIO{})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(Equal(0))
_, err = container.Info()
Expect(err).ToNot(HaveOccurred())
})
})
Context("when no requests are made for longer than the grace time", func() {
It("is destroyed", func() {
Eventually(func() error {
_, err := client.Lookup(container.Handle())
quotaLimit := garden.DiskLimits{
ByteSoft: 5 * 1024 * 1024,
ByteHard: 5 * 1024 * 1024,
}
JustBeforeEach(func() {
Expect(container.LimitDisk(quotaLimit)).To(Succeed())
})
It("reports the disk limit size of the container as zero", func() {
limit, err := container.CurrentDiskLimits()
Expect(err).ToNot(HaveOccurred())
Expect(limit).To(Equal(garden.DiskLimits{}))
})
Context("and it runs a process that exceeds the limit", func() {
It("does not kill the process", func() {
dd, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "dd",
Args: []string{"if=/dev/zero", "of=/tmp/some-file", "bs=1M", "count=6"},
}, garden.ProcessIO{})
Expect(err).ToNot(HaveOccurred())
Expect(dd.Wait()).To(Equal(0))
})
})
})
})
})
})
localSHM := exec.Command(shmTestBin)
createLocal, err := gexec.Start(
localSHM,
GinkgoWriter,
GinkgoWriter,
)
Expect(err).ToNot(HaveOccurred())
Eventually(createLocal).Should(gbytes.Say("ok"))
// Create shared memory segment in the container.
// If there is no IPC namespace, this will collide with the segment in the host and fail.
stdout := gbytes.NewBuffer()
_, err = container.Run(garden.ProcessSpec{
User: "******",
Path: "/mnt/shared/shm_test",
}, garden.ProcessIO{
Stdout: stdout,
Stderr: GinkgoWriter,
})
Expect(err).ToNot(HaveOccurred())
Eventually(stdout).Should(gbytes.Say("ok"))
localSHM.Process.Signal(syscall.SIGUSR2)
Eventually(createLocal).Should(gexec.Exit(0))
})
})
Describe("UTS namespace", func() {
It("changing the container's hostname does not affect the host's hostname", func() {
err = os.Symlink(runner.RootFSPath, rootfs)
Expect(err).ToNot(HaveOccurred())
})
AfterEach(func() {
os.RemoveAll(symlinkDir)
})
It("follows the symlink", func() {
stdout := gbytes.NewBuffer()
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "ls",
Args: []string{"/"},
}, garden.ProcessIO{
Stdout: stdout,
})
Expect(err).ToNot(HaveOccurred())
Expect(process.Wait()).To(BeZero())
Expect(stdout).To(gbytes.Say("bin"))
})
})
Context("and running a process", func() {
It("does not leak open files", func() {
openFileCount := func() int {
procFd := fmt.Sprintf("/proc/%d/fd", client.Pid)
files, err := ioutil.ReadDir(procFd)
return process, nil
}
spec := garden.ProcessSpec{
Path: "some-script",
}
stdout := gbytes.NewBuffer()
stderr := gbytes.NewBuffer()
processIO := garden.ProcessIO{
Stdout: stdout,
Stderr: stderr,
}
process, err := container.Run(spec, processIO)
Ω(err).ShouldNot(HaveOccurred())
ranHandle, ranSpec, ranIO := fakeConnection.RunArgsForCall(0)
Ω(ranHandle).Should(Equal("some-handle"))
Ω(ranSpec).Should(Equal(spec))
Ω(ranIO).Should(Equal(processIO))
Ω(process.ID()).Should(Equal(uint32(42)))
status, err := process.Wait()
Ω(err).ShouldNot(HaveOccurred())
Ω(status).Should(Equal(123))
Eventually(stdout).Should(gbytes.Say("stdout data"))
Eventually(stderr).Should(gbytes.Say("stderr data"))
})
Context("when the Network parameter is a subnet address", func() {
BeforeEach(func() {
containerNetwork1 = fmt.Sprintf("10.%d.0.0/24", GinkgoParallelNode())
})
Describe("container's network interface", func() {
It("has the correct IP address", func() {
stdout := gbytes.NewBuffer()
stderr := gbytes.NewBuffer()
process, err := container1.Run(garden.ProcessSpec{
User: "******",
Path: "/sbin/ifconfig",
Args: []string{containerInterface},
}, garden.ProcessIO{
Stdout: stdout,
Stderr: stderr,
})
Expect(err).ToNot(HaveOccurred())
rc, err := process.Wait()
Expect(err).ToNot(HaveOccurred())
Expect(rc).To(Equal(0))
Expect(stdout.Contents()).To(ContainSubstring(fmt.Sprintf(" inet addr:10.%d.0.2 ", GinkgoParallelNode())))
})
})
Describe("container's info", func() {
It("has the correct host IP address", func() {
info, err := container1.Info()
})
Describe("process", func() {
It("pid is returned", func() {
tarFile, err := os.Open("../bin/consume.tar")
Expect(err).ShouldNot(HaveOccurred())
defer tarFile.Close()
err = c.StreamIn(garden.StreamInSpec{Path: "bin", TarStream: tarFile})
Expect(err).ShouldNot(HaveOccurred())
buf := make([]byte, 0, 1024*1024)
stdout := bytes.NewBuffer(buf)
process, err := c.Run(garden.ProcessSpec{
Path: "bin/consume.exe",
Args: []string{"64"},
}, garden.ProcessIO{Stdout: stdout})
Expect(err).ShouldNot(HaveOccurred())
Expect(process.ID()).ToNot(Equal("0"))
})
It("can be signaled", func(done Done) {
for _, f := range []string{"../bin/loop.tar", "../bin/launcher.tar"} {
tarFile, err := os.Open(f)
Expect(err).ShouldNot(HaveOccurred())
defer tarFile.Close()
err = c.StreamIn(garden.StreamInSpec{Path: "bin", TarStream: tarFile})
Expect(err).ShouldNot(HaveOccurred())
}
})
AfterEach(func() {
err := client.Destroy(container.Handle())
Expect(err).ToNot(HaveOccurred())
})
Describe("container's network interface", func() {
It("has the correct MTU size", func() {
stdout := gbytes.NewBuffer()
stderr := gbytes.NewBuffer()
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "/sbin/ifconfig",
Args: []string{containerIfName(container)},
}, garden.ProcessIO{
Stdout: stdout,
Stderr: stderr,
})
Expect(err).ToNot(HaveOccurred())
rc, err := process.Wait()
Expect(err).ToNot(HaveOccurred())
Expect(rc).To(Equal(0))
Expect(stdout.Contents()).To(ContainSubstring(" MTU:6789 "))
})
})
Describe("hosts's network interface for a container", func() {
It("has the correct MTU size", func() {
out, err := exec.Command("/sbin/ifconfig", hostIfName(container)).Output()
container = createContainer()
})
AfterEach(func() {
if pingProcess == nil {
return
}
process, err := os.FindProcess(pingProcess.Pid())
if err == nil {
process.Kill()
}
})
It("is not allowed", func() {
// TODO: make the executable name unique so to avoid test pollution
_, err := container.Run(garden.ProcessSpec{
Path: "bin/JobBreakoutTest.exe",
Args: []string{"ping 192.0.2.2 -n 1 -w 10000"},
}, garden.ProcessIO{})
Expect(err).ShouldNot(HaveOccurred())
err = client.Destroy(container.Handle())
Expect(err).ShouldNot(HaveOccurred())
processes, err := ps.Processes()
Expect(err).ShouldNot(HaveOccurred())
for _, proc := range processes {
fmt.Println(proc.Executable())
if proc.Executable() == "PING.EXE" {
pingProcess = proc
Expect(proc.Executable()).NotTo(Equal("PING.EXE"))
}
}
var err error
container, err = client.Create(garden.ContainerSpec{Network: containerNetwork, Privileged: true, Handle: containerHandle})
Expect(err).ToNot(HaveOccurred())
})
AfterEach(func() {
err := client.Destroy(container.Handle())
Expect(err).ToNot(HaveOccurred())
})
runInContainer := func(container garden.Container, script string) (garden.Process, *gbytes.Buffer) {
out := gbytes.NewBuffer()
process, err := container.Run(garden.ProcessSpec{
User: "******",
Path: "sh",
Args: []string{"-c", script},
}, garden.ProcessIO{
Stdout: io.MultiWriter(out, GinkgoWriter),
Stderr: GinkgoWriter,
})
Expect(err).ToNot(HaveOccurred())
return process, out
}
Context("external addresses", func() {
var (
ByAllowingTCP, ByRejectingTCP func()
)
BeforeEach(func() {
ByAllowingTCP = func() {