Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run the tests as unprivileged user #128

Closed
nirs opened this issue Apr 12, 2022 · 0 comments · Fixed by #276
Closed

Run the tests as unprivileged user #128

nirs opened this issue Apr 12, 2022 · 0 comments · Fixed by #276
Assignees
@aesteve-rh
Labels
bug Issue is a bug or fix for a bug tests Issues related to automated tests

Comments

@nirs
Copy link
Member

nirs commented Apr 12, 2022

Most of vdsm code run as vdsm:kvm, but vdsm tests run as root by default in the CI.
This causes several problems:

  • Tests behave differently when run locally on developer machine and in the CI
  • Some tests cannot succeed when run as root, and are skipped in the CI. The tests and the code are likey to break because they are tested only locally.
  • Error in code that would fail in runtime running as vdsm:kvm are not detected in the tests, running as root:root.
  • We need special configuration to run the containers with privileges - this should be done only for tests that must run as root.

Fix:

  • Separate the tests that need to run as root from the tests that need to run as vdsm:kvm
  • Run the tests as vdsm:kvm or another unprivileged user
  • Run tests that needs root in a privileged container

In general only code that run via supervdsm need to be tested as root. Unfortunately the code running as root is mixed with other code in vdsm.
@nirs nirs added bug Issue is a bug or fix for a bug tests Issues related to automated tests labels Apr 12, 2022
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
c692da5 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
8e6536f 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
51b7e4e 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
507d0e4 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
ae746fe 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
9050788 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
4ab1345 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
d2376cc 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
a5edea3 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
2719dc5 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
715c2c8 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
256ee9d 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
36e6e1f 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
4a64839 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jun 23, 2022
@aesteve-rh
ci: split root and non-root storage tests
427a1a1 
Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 5, 2022
@aesteve-rh
ci: split root and non-root storage tests
cddc91e 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
@aesteve-rh aesteve-rh mentioned this issue Jul 5, 2022
Merged
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 6, 2022
@aesteve-rh
ci: split root and non-root storage tests
069d32d 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 6, 2022
@aesteve-rh
ci: split root and non-root storage tests
4388920 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 6, 2022
@aesteve-rh
ci: split root and non-root storage tests
68c2c62 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 7, 2022
@aesteve-rh
ci: split root and non-root storage tests
97d7748 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 8, 2022
@aesteve-rh
ci: split root and non-root storage tests
0992883 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 8, 2022
@aesteve-rh
ci: split root and non-root storage tests
6a47a06 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 8, 2022
@aesteve-rh
ci: split root and non-root storage tests
4bee7a1 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
@aesteve-rh aesteve-rh self-assigned this Jul 8, 2022
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 14, 2022
@aesteve-rh
ci: split root and non-root storage tests
1b937a6 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
82cef1a 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
f4ffdd1 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
97a55f7 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
3758e20 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
8450f29 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
9bc7a81 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
ec8310c 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
5ceafa3 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
aesteve-rh added a commit to aesteve-rh/vdsm that referenced this issue Jul 15, 2022
@aesteve-rh
ci: split root and non-root storage tests
6b6b823 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: oVirt#128
Signed-off-by: Albert Esteve <[email protected]>
@nirs nirs closed this as completed in #276 Jul 15, 2022
nirs pushed a commit that referenced this issue Jul 15, 2022
@aesteve-rh @nirs
ci: split root and non-root storage tests
52204f6 
Most of vdsm code run as vdsm:kvm, but vdsm tests run
as root by default in the CI, causing several problems, e.g.:
- Different behaviour, when run locally and the CI
- Some tests are skipped as root

We can separate the tests in two different jobs:
- storage-tests: run test marked as "not root".
  It still requires the container to be privileged
  for setting up the storage.
- storage-tests-root: run tests marked as "root".

Fixes: #128
Signed-off-by: Albert Esteve <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aesteve-rh aesteve-rh

Labels
bug Issue is a bug or fix for a bug tests Issues related to automated tests
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ci: split storage ci jobs for root and non-root testing aesteve-rh/vdsm
2 participants
@nirs @aesteve-rh