From 2e8b932ece7f6167728b95c67676176c03398d2f Mon Sep 17 00:00:00 2001 From: Allison Karlitskaya Date: Thu, 14 Mar 2024 17:54:22 +0100 Subject: [PATCH] test/browser: run tests inside the tasks container MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This simplifies the "outside" setup quite a bit and gives us the same tasks container that test runs on the Cockpit CI run under. This change also implicitly changes the test browser to chromium (which is no longer an issue — we just use it from the tasks container). --- test/browser/browser.sh | 51 ++++++++++++++-------------------------- test/browser/main.fmf | 7 +----- test/browser/run-test.sh | 15 ++++++++---- test/vm.install | 3 ++- 4 files changed, 30 insertions(+), 46 deletions(-) mode change 100755 => 100644 test/browser/run-test.sh diff --git a/test/browser/browser.sh b/test/browser/browser.sh index 1534d93..9db41ab 100755 --- a/test/browser/browser.sh +++ b/test/browser/browser.sh @@ -1,25 +1,14 @@ -#!/bin/sh set -eux -export TEST_BROWSER=${TEST_BROWSER:-firefox} - -TESTS="$(realpath $(dirname "$0"))" -export SOURCE="$(realpath $TESTS/../..)" -export LOGS="${TMT_TEST_DATA:-$(pwd)/logs}" -mkdir -p "$LOGS" -chmod a+w "$LOGS" +cd "${0%/*}/../.." # HACK: https://bugzilla.redhat.com/show_bug.cgi?id=2033020 dnf update -y pam || true -# install firefox (available everywhere in Fedora and RHEL) -# we don't need the H.264 codec, and it is sometimes not available (rhbz#2005760) -dnf install --disablerepo=fedora-cisco-openh264 -y --setopt=install_weak_deps=False firefox - -# nodejs 10 is too old for current Cockpit test API -if grep -q platform:el8 /etc/os-release; then - dnf module switch-to -y nodejs:16 -fi +# allow test to set up things on the machine +mkdir -p /root/.ssh +curl https://raw.githubusercontent.com/cockpit-project/bots/main/machine/identity.pub >> /root/.ssh/authorized_keys +chmod 600 /root/.ssh/authorized_keys # create user account for logging in if ! id admin 2>/dev/null; then @@ -33,25 +22,19 @@ echo root:foobar | chpasswd # avoid sudo lecture during tests su -c 'echo foobar | sudo --stdin whoami' - admin -# create user account for running the test -if ! id runtest 2>/dev/null; then - useradd -c 'Test runner' runtest - # allow test to set up things on the machine - mkdir -p /root/.ssh - curl https://raw.githubusercontent.com/cockpit-project/bots/main/machine/identity.pub >> /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys -fi -chown -R runtest "$SOURCE" - # disable core dumps, we rather investigate them upstream where test VMs are accessible echo core > /proc/sys/kernel/core_pattern -systemctl enable --now cockpit.socket +sh test/vm.install -# Run tests as unprivileged user -# once we drop support for RHEL 8, use this: -# runuser -u runtest --whitelist-environment=TEST_BROWSER,TEST_ALLOW_JOURNAL_MESSAGES,TEST_AUDIT_NO_SELINUX,SOURCE,LOGS $TESTS/run-test.sh -runuser -u runtest --preserve-environment env USER=runtest HOME=$(getent passwd runtest | cut -f6 -d:) $TESTS/run-test.sh - -RC=$(cat $LOGS/exitcode) -exit ${RC:-1} +# Run tests in the cockpit tasks container, as unprivileged user +CONTAINER="$(cat .cockpit-ci/container)" +exec podman \ + run \ + --rm \ + --shm-size=1024m \ + --security-opt=label=disable \ + --volume="${TMT_TEST_DATA}":/logs:rw,U --env=LOGS=/logs \ + --volume="$(pwd)":/source:rw,U --env=SOURCE=/source \ + "${CONTAINER}" \ + sh /source/test/browser/run-test.sh diff --git a/test/browser/main.fmf b/test/browser/main.fmf index d2dddd6..1e575ab 100644 --- a/test/browser/main.fmf +++ b/test/browser/main.fmf @@ -2,14 +2,9 @@ summary: Run browser integration tests on the host require: - cockpit-starter-kit + - podman - cockpit-ws - cockpit-system - - bzip2 - - git-core - glibc-langpack-de - - libvirt-python3 - - make - - npm - - python3 test: ./browser.sh duration: 60m diff --git a/test/browser/run-test.sh b/test/browser/run-test.sh old mode 100755 new mode 100644 index bec6e46..c67193e --- a/test/browser/run-test.sh +++ b/test/browser/run-test.sh @@ -1,8 +1,8 @@ -#!/bin/sh set -eux +cd "${SOURCE}" + # tests need cockpit's bots/ libraries and test infrastructure -cd $SOURCE git init rm -f bots # common local case: existing bots symlink make bots test/common @@ -33,10 +33,15 @@ EXCLUDES="" echo "TEST_ALLOW_JOURNAL_MESSAGES: ${TEST_ALLOW_JOURNAL_MESSAGES:-}" echo "TEST_AUDIT_NO_SELINUX: ${TEST_AUDIT_NO_SELINUX:-}" +GATEWAY="$(python3 -c 'import socket; print(socket.gethostbyname("_gateway"))')" RC=0 -test/common/run-tests --nondestructive --machine 127.0.0.1:22 --browser 127.0.0.1:9090 $EXCLUDES || RC=$? +./test/common/run-tests \ + --nondestructive \ + --machine "${GATEWAY}":22 \ + --browser "${GATEWAY}":9090 \ + $EXCLUDES \ +|| RC=$? echo $RC > "$LOGS/exitcode" cp --verbose Test* "$LOGS" || true -# deliver test result via exitcode file -exit 0 +exit $RC diff --git a/test/vm.install b/test/vm.install index 7f3d134..7df33c4 100644 --- a/test/vm.install +++ b/test/vm.install @@ -1,9 +1,10 @@ #!/bin/sh # image-customize script to prepare a bots VM for testing this application # The application package will be installed separately -set -eu +set -eux # don't force https:// (self-signed cert) +mkdir -p /etc/cockpit printf "[WebService]\\nAllowUnencrypted=true\\n" > /etc/cockpit/cockpit.conf if type firewall-cmd >/dev/null 2>&1; then