mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-08-21 08:22:00 +02:00
345cefb35e
Bumping cri-o to version v1.33.0-63-g87ce1c120, which comprises the following commits:
b9bc2a2cd Upgrade netlink
8d0965635 Downgrade otelgrpc
bc9516250 build(deps): bump the gomod group across 1 directory with 20 updates
e90924e83 Revert "temporarily enable debug symbols"
6870ad334 test/ctr.bats: fix wrt new CPU units to weight conversion
2491f8124 Mark v1.30 as EOL
ba6a88448 fix prettier
7cf556a6f update nixpkgs
4450e698d Bump go version to 1.24.3
f8084ff63 build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
ab7d879dc temporarily enable debug symbols
1e751b490 fix deadlock when the container is in uninterruptible sleep
cb2965f42 [revert] internal/oci: fix terminal resize race condition
0d449e00e internal/oci: fix terminal resize race condition
662474e9b fix verify command
ebabdc929 unit tests fixup
85665a6fe code fixup
5944f40fc HighPerformanceHooks: Remove dead code ShouldCPUQuotaBeDisabled
a22b5dad9 FreeBSD fixup
ebee282d3 HighPerformanceHooks: Unit tests for Fix IRQ SMP affinity race
c50e4e0de HighPerformanceHooks: Fix IRQ SMP affinity race conditions
239f9ee61 install: drop outdated flatcar installation instructions
bfe3b83cf increase timeout of critests
5912f0483 change conmon install
25b3dfb58 UpdateContainerStatus: fix error logging
6062ff148 internal/hostport: fix linter warning
b3f139431 Redo metaHostportManager construction, fix bug
801383af3 Improve iptables error handling when there's no iptables binary
0a0b33208 deps: bump to runc 1.3
3f4b82fa6 Finish switching to opencontainers/cgroups
dc3d6b6ec pass down apparmor errors
608b8a0e9 Retry failed tests
290edee86 sandbox: use created/stopped instead of infra container for readiness
4996d1050 Extend checkpoint/restore test for container logs
f52c04277 Add coverage report from integration tests
6b20443c5 Fix `OS_RPM_NAME="$(rpmspec -q --qf '%{name}\n' "${OS_RPM_SPECFILE}" | head -1)"` exited with status 141. error
eea79c782 Switch to v1.34.0 as development version of `main`
a51c99a2c Decrease actual version
aa52c9329 Add option to allow seccomp profiles for privileged containers
4fc529bf8 Support multi architecture artifacts
d94a8f37c Add signature verification for image volumes
15bbcca97 build(deps): bump github.com/opencontainers/cgroups in the gomod group
d063f8293 Add v1.33 to supported versions
9b0142eb0 Update CNI plugins to v1.7.1
aecad95c3 Improve timeout integration tests
f499c0a96 Make metaHostportManager handle iptables vs nftables
982c191d9 Add an nftables HostPortManager
dda8739ea Move iptables HostPortManager code into its own file.
beb362521 Move hostport conntrack cleanup to metaHostportManager
dec4bda08 Move hostport IP family filtering to metaHostportManager
b7731057a Remove hostport.PodPortMapping
5db94b36b Revert "Squash MetaHostPortManager into HostPortManager"
6fd9131eb New UpdatePodSandboxResources CRI API handler
1a9acebff Fix build
30d575118 build(deps): bump the gomod group across 1 directory with 25 updates
479a8070c Fix GitHub actions CI test setup
766a81efb Fix container_create_freebsd.go
9660da25e remove runDir
b5f51739e remove storageRoot
e042f84b2 Remove mountLabel
52b81926b Remove absentMountSourcesToReject
5c9803b19 Remove bindMountPrefix
569e8d3db Update nixpkgs
2ac913d18 Support artifact mount sub paths
6df6cfc6f Update linter and fix reports
87ee7a4af Support `artifactType` OCI artifacts
4ae753afe Fix lint CI
dd38a1805 emit crio runtime config as part of CRI API's StatusResponse
fd5db98e6 Add the option to disable/enable OCI Artifact mount
68fe1936b Remove unused imports
bb9223fc0 Add container_spec_memory_limit_bytes metric
087e2ce46 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
44d9073dd Disable pull-progress-timeout per default
ab9acb6f9 Add support for CNAI models
9cc9b0763 Add README for CI playbooks and remove cri-tools task
fe4378b38 .golangci.yml: remove gofmt
560bf28a1 .golangci.yml: remove some unused linters
7ddf15274 .golangci.yml: remove legacy preset from exclusions
8250128de internal/ociartifact: rename MarshalJSON -> ToJSON
a904a4e0e test/mocks: regenerate
8c3ce800f Run make mockgen
310a66356 .golangci.yml: rm some unused exclusions
c02c3a54d Run mockgen
b5b96dfdf Refactor metrics descriptors
012b6cde5 Increase pull-progress-timeout to `30s`
d3f7cb491 Update nixpkgs
6a4a3ee9b test
7c4fbadc4 Add container stop signal feature (KEP-4960)
a1f07bc4b Fix build
3feb9ad31 build(deps): bump the gomod group across 1 directory with 6 updates
a9a660579 Fix image status so that it can get artifact with canonical name and short name
6b244a90a Switch to golangci-lint v2
2fa08cfa2 Use `strings.SplitSeq` instead of `strings.Split`
704932bc3 fix schema v1 images not resolve to image ID error
f554c58ea Address linter complaint
62aeb65ce Remove Krzysztof Wilczyński as maintainer
19adbe020 Set default masked paths
f5d0ff28e crio wipe should remove storage only once per reboot
e429f75ee OCPNODE-3016: support mount OCI artifact
64567e976 Fix comment location about error message
f4cff283d build(deps): bump the gomod group with 2 updates
fca4ea622 Add image volume subpath support
db553b0be Use go version requirements from go.mod
2dc6d0831 Add lint-fix target
7f7d77ace build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27
109872da3 Cleanup: ensure image volume path
24452a56c build(deps): bump github.com/containers/common in the gomod group
29c662a5b build(deps): bump the kubernetes group with 6 updates
ab6bc86b8 Fix release notes download location
c2f55509f Update debug flag
a0ffef29a build(deps): bump github.com/containers/image/v5 in the gomod group
25775fdb3 build(deps): bump the gomod group across 1 directory with 2 updates
662f8cab6 Require go 1.24 for build
512d33bc5 build(deps): bump the gomod group with 7 updates
00a7117dc Improve artifact error logs
9824edb9d build(deps): bump the gomod group with 5 updates
3f1398477 build(deps): bump the gomod group with 3 updates
3507a2a5b Update the release-notes tool to v0.18.0
9e69a709f Update conmon to v2.1.13
663066d99 build(deps): bump the gomod group across 1 directory with 2 updates
754a1ed24 Add OCI artifact support
e69571c34 Drop image status log message
b638954fe Switch to go 1.24
f46b83d3f build(deps): bump github.com/containerd/containerd in the gomod group
826ef8052 build(deps): bump the gomod group across 1 directory with 5 updates
c3363e0c3 add --extra-experimental-features nix-command flag to build-static target
dfc2778ee build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5
92fd877a0 Update golangci-lint config and fix reports
8c9fa54ba Add validate method for sandbox
32854c9d1 server: fix races in GetContainerEvents
6fdd6b3bc Updating install docs
0a81f1ef7 build(deps): bump the kubernetes group with 6 updates
8287e4159 server: don't dereference Config.Linux if it is nil
3c7337fb9 server: move createSandboxContainer and related functions to container_create.go
7cdfc7938 server: factor out adding /dev/shm mount
e533ab281 server: factor out adding sysfs mounts
20b17df06 server: add no-op stub for makeOCIConfigurationRootless
5035c19a0 server: factor out creating the security context
286e7e24f internal/factory/container: add no-op stub for SpecAddDevices on FreeBSD
7f104e5da internal/factory/container: make SpecAddNamespaces platform-specific
68091febb internal/factory/container: make (*container).SelinuxLabel platform-specific
29a85ace4 internal/linklogs: add stub for freebsd
2f4bc00c2 internal/config/device: add stub for DevicesFromAnnotation
2efa5b35f Fix context cancellation when image pull progress timeout is `0`
10070a556 Fix build
d9d5def74 build(deps): bump sigs.k8s.io/release-sdk in the kubernetes group
29e76f138 Remove `exclude_graphdriver_devicemapper` build tag
a4c67cc6c Fix: If cgroup manager is cgroupfs then allow conmon_cgroup to be empty
dcfb01965 build(deps): bump google.golang.org/protobuf in the gomod group
2193e6280 Update mocks
864e43306 build(deps): bump the gomod group across 1 directory with 8 updates
a961ed207 Mark v1.29 as EOL
60c3697ac Fix typo in version_update_mask regex
77f2041ea Change nixpkgs update to monthly
4ceeaddaa Switch to golang native error joining and errgroup
0b6a04bea test: add test coverage for LinkLogs malicious paths
910f6e5d6 internal/linklogs: sanitize the directory path before using it
d5ab7c46c build(deps): bump sigs.k8s.io/release-utils in the kubernetes group
6dbfcec98 Downgrade github.com/cyphar/filepath-securejoin
b27a733c8 Remove `LimitNOFILE` from systemd service file
ecd3b6dce build(deps): bump the gomod group across 1 directory with 8 updates
6b4fd0741 Add warning log for a process having an uninterruptible child.
d19a9d641 Enable `wsl` and `nlreturn` linters
0979d3497 Integrate native GitHub arm64 runners
a371ae1c3 Log error when failing to update container status from exit file
03472dd92 Enable linters and auto-fix
630b608f0 Add documentation hint how to handle the versions
6691836a5 Revert 'Add 1.33 to supported minor version'
f67859446 watchdog: decouple CNI plugin initialization from CRI-O health checks
e87f86c1b Switch to our log module for logging in iptables module
1b06fc09d Add `release-1.33` to active prerelease version
1f60a95cc internal/config/ociartifact/ociartifact: Do not hard-code 'sha256' in error message
6dc287d45 vendor: downgrade github.com/cyphar/filepath-securejoin to v0.3.6
db4ca1752 * : fix lint/vendor issues to update dependabot updates
16289cad3 Update nixpkgs
271146940 Fix klog-shim to close the bracket properly
1005e0e32 build(deps): bump the gomod group across 1 directory with 17 updates
05296551a Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests
1a6765b73 Makefile: introduce GO_TEST for more flexible configuration
a9e7d29b3 Improve `sync.Map` iterators with an implicit call
807943105 Remove Fedora 39 content
ddaed68a3 Makefile: fixes wrt crio.conf
f5e6d6f7f Update nixpkgs to the latest HEAD commit
78c45f865 Update nix release to v2.24.11
458137a7a Update release-notes release to v0.17.11
3b94f59b1 Update gosec release to v2.21.4
a9aa6072f Update shfmt release to v3.10.0
fbc3ce557 Update golangci-lint release to v1.63.4
0fe4097af Update buildah release to v1.38.0
72f95429a Update bats release to v1.11.1
6da7ef28b Update containernetworking/plugins Go package release to v1.6.2
3f0f86965 Update multiple dependencies to newer releases
997e4fbd3 server: fix panic when default annotations are specified
b473c6c04 Fetch latest containernetworking/plugins tag instead of v1.1.1
6e0df0924 Update CRI-O version and add checks
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|---|---|---|
| .. | ||
| files | ||
| cri-o_git.bb | ||
| README.md | ||
CRI-O Ptest Guide
The CRI-O ptest suite is a comprehensive and complex testing framework. This document provides key information and tips for its usage.
1. Vendor Directory
By default, the vendor directory is not installed for ptest. However, the ctr_seccomp.bats test relies on a JSON file located at:
vendor/github.com/containers/common/pkg/seccomp/seccomp.json.
As a result, the ctr_seccomp.bats test will fail unless this file is manually added.
Steps to add seccomp.json:
- Manually create/copy the required JSON file.
- Set the
CONTAINER_SECCOMP_PROFILEenvironment variable to point to the file's location.
2. Runtime Dependencies (RDEPENDS)
The ptest suite requires several dependencies. As of the initial implementation, the runtime dependencies are defined as follows:
RDEPENDS:${PN}-ptest += " \
bash \
bats \
cni \
crictl \
coreutils \
dbus-daemon-proxy \
iproute2 \
util-linux-unshare \
jq \
slirp4netns \
parallel \
podman \
"
Explanation of Dependencies:
- bash / bats: The ptest suite is written using BATS and requires support from Bash.
- cni / crictl / podman: Tools for testing container creation, runtime, and networking, directly invoked by the tests.
- jq: Used in test scripts to create or manipulate JSON files.
- iproute2 / slirp4netns: Networking utilities required for validating network-related functionalities.
- coreutils / dbus-daemon-proxy / util-linux-unshare: Additional utilities supporting various test cases.
- paralle: bats using "parallel" to execute test in serial.
3. Testing Log (Baseline Reference)
A summary of the test results is provided below for baseline reference:
- PASS: 317 tests
- FAIL: 33 tests
- SKIP: 32 tests
Full Log Example:
Below is an excerpt from a typical ptest log:
root@intel-x86-64:~# ptest-runner cri-o -t 1000
START: ptest-runner
2024-11-23T14:50
BEGIN: /usr/lib64/cri-o/ptest
SKIP: 1 apparmor tests (in sequence) # skip apparmor not enabled
PASS: 2 no CDI errors, create ctr without CDI devices
PASS: 3 no CDI errors, create ctr with CDI devices
PASS: 4 no CDI errors, create ctr with annotated CDI devices
PASS: 5 no CDI errors, create ctr with duplicate annotated CDI devices
PASS: 6 no CDI errors, fail to create ctr with unresolvable CDI devices
PASS: 7 no CDI errors, fail to create ctr with unresolvable annotated CDI devices
PASS: 8 CDI registry refresh
PASS: 9 CDI registry refresh, annotated CDI devices
PASS: 10 reload CRI-O CDI parameters
PASS: 11 reload CRI-O CDI parameters, with annotated CDI devices
PASS: 12 CDI with errors, create ctr without CDI devices
PASS: 13 CDI with errors, create ctr with (unaffected) CDI devices
PASS: 14 CDI with errors, create ctr with (unaffected) annotated CDI devices
PASS: 15 pids limit
PASS: 16 conmon pod cgroup
PASS: 17 conmon custom cgroup
PASS: 18 conmon custom cgroup with no infra container
SKIP: 19 conmonrs custom cgroup with no infra container # skip not supported for conmon
SKIP: 20 ctr with swap should be configured # skip swap not enabled
SKIP: 21 ctr with swap should fail when swap is lower # skip swap not enabled
PASS: 22 ctr swap only configured if enabled
SKIP: 23 ctr with swap should succeed when swap is unlimited # skip swap not enabled
PASS: 24 cgroupv2 unified support
SKIP: 25 cpu-quota.crio.io can disable quota # skip node must be configured with cgroupv1 for this test
SKIP: 26 checkpoint and restore one container into a new pod (drop infra:true) # skip CRIU check failed
SKIP: 27 checkpoint and restore one container into a new pod (drop infra:false) # skip CRIU check failed
SKIP: 28 checkpoint and restore one container into a new pod using --export to OCI image # skip CRIU check failed
SKIP: 29 checkpoint and restore one container into a new pod using --export to OCI image using repoDigest # skip CRIU check failed
SKIP: 30 checkpoint and restore one container into a new pod with a new name # skip CRIU check failed
PASS: 31 crio commands
PASS: 32 invalid ulimits
PASS: 33 invalid devices
PASS: 34 invalid metrics port
PASS: 35 invalid log max
PASS: 36 log max boundary testing
PASS: 37 default config should be empty
PASS: 38 config dir should succeed
PASS: 39 config dir should fail with invalid option
PASS: 40 config dir should fail with invalid evented_pleg option
PASS: 41 choose different default runtime should succeed
PASS: 42 runc not existing when default_runtime changed should succeed
PASS: 43 retain default runtime should succeed
PASS: 44 monitor fields should be translated
PASS: 45 handle nil workloads
PASS: 46 config dir should fail with invalid disable_hostport_mapping option
SKIP: 47 conmonrs is used # skip not using conmonrs
SKIP: 48 test cpu load balancing # skip not yet supported on cgroup2
SKIP: 49 test cpu load balance disabled on manual stop # skip not yet supported on cgroup2
SKIP: 50 test cpu load balance disabled on container exit # skip not yet supported on cgroup2
PASS: 51 container memory metrics
SKIP: 52 container memory cgroupv1-specific metrics # skip
PASS: 53 storage directory check should find no issues
PASS: 54 storage directory check should find errors
PASS: 55 storage directory check should repair errors
PASS: 56 storage directory check should wipe everything on repair errors
PASS: 57 remove containers and images when remove both
PASS: 58 remove containers when remove temporary
PASS: 59 clear neither when remove persist
PASS: 60 don't clear podman containers
PASS: 61 clear everything when shutdown file not found
PASS: 62 clear podman containers when shutdown file not found
PASS: 63 fail to clear podman containers when shutdown file not found but container still running
PASS: 64 don't clear containers on a forced restart of crio
PASS: 65 don't clear containers if clean shutdown supported file not present
PASS: 66 internal_wipe remove containers and images when remove both
PASS: 67 internal_wipe remove containers when remove temporary and node reboots
PASS: 68 internal_wipe remove containers when remove temporary
PASS: 69 internal_wipe clear both when remove persist
PASS: 70 internal_wipe don't clear podman containers
PASS: 71 internal_wipe don't clear containers on a forced restart of crio
PASS: 72 internal_wipe eventually cleans network on forced restart of crio if network is slow to come up
PASS: 73 clean up image if corrupted on server restore
PASS: 74 recover from badly corrupted storage directory
SKIP: 75 run the critest suite # skip critest because RUN_CRITEST is not set
PASS: 76 ctr not found correct error message
PASS: 77 ctr termination reason Completed
PASS: 78 ctr termination reason Error
PASS: 79 ulimits
PASS: 80 ctr remove
PASS: 81 ctr lifecycle
PASS: 82 ctr pod lifecycle with evented pleg enabled
FAIL: 83 ctr logging
PASS: 84 ctr log cleaned up if container create failed
PASS: 85 ctr journald logging
PASS: 86 ctr logging [tty=true]
FAIL: 87 ctr log max
FAIL: 88 ctr log max with default value
FAIL: 89 ctr log max with minimum value
FAIL: 90 ctr partial line logging
PASS: 91 ctrs status for a pod
PASS: 92 ctr list filtering
PASS: 93 ctr list label filtering
PASS: 94 ctr metadata in list & status
PASS: 95 ctr execsync conflicting with conmon flags parsing
PASS: 96 ctr execsync
PASS: 97 ctr execsync should not overwrite initial spec args
PASS: 98 ctr execsync should succeed if container has a terminal
PASS: 99 ctr execsync should cap output
PASS: 100 ctr exec{,sync} should be cancelled when container is stopped
PASS: 101 ctr device add
PASS: 102 privileged ctr device add
PASS: 103 privileged ctr add duplicate device as host
PASS: 104 ctr hostname env
PASS: 105 ctr execsync failure
PASS: 106 ctr execsync exit code
PASS: 107 ctr execsync std{out,err}
PASS: 108 ctr stop idempotent
PASS: 109 ctr caps drop
PASS: 110 ctr with default list of capabilities from crio.conf
PASS: 111 ctr with list of capabilities given by user in crio.conf
PASS: 112 ctr with add_inheritable_capabilities has inheritable capabilities
PASS: 113 ctr /etc/resolv.conf rw/ro mode
PASS: 114 ctr create with non-existent command
PASS: 115 ctr create with non-existent command [tty]
PASS: 116 ctr update resources
PASS: 117 ctr correctly setup working directory
PASS: 118 ctr execsync conflicting with conmon env
PASS: 119 ctr resources
PASS: 120 ctr with non-root user has no effective capabilities
PASS: 121 ctr has gid in supplemental groups
PASS: 122 ctr has gid in supplemental groups with Merge policy
PASS: 123 ctr has only specified gid in supplemental groups with Strict policy
PASS: 124 ctr with low memory configured should not be created
PASS: 125 privileged ctr -- check for rw mounts
PASS: 126 annotations passed through
PASS: 127 ctr with default_env set in configuration
PASS: 128 ctr with absent mount that should be rejected
PASS: 129 ctr that mounts container storage as shared should keep shared
PASS: 130 ctr that mounts container storage as private should not be private
PASS: 131 ctr that mounts container storage as read-only option but not recursively
SKIP: 132 ctr that mounts container storage as recursively read-only # skip requires crictl version "1.30" or newer
SKIP: 133 ctr that fails to mount container storage as recursively read-only without readonly option # skip requires crictl version "1.30" or newer
SKIP: 134 ctr that fails to mount container storage as recursively read-only without private propagation # skip requires crictl version "1.30" or newer
PASS: 135 ctr has containerenv
PASS: 136 ctr stop timeouts should decrease
PASS: 137 ctr with node level pid namespace should not leak children
PASS: 138 ctr HOME env newline invalid
PASS: 139 ctr log linking
PASS: 140 ctr stop loop kill retry attempts
PASS: 141 ctr multiple stop calls
PASS: 142 pause/unpause ctr with right ctr id
PASS: 143 pause ctr with invalid ctr id
PASS: 144 pause ctr with already paused ctr
PASS: 145 unpause ctr with right ctr id with running ctr
PASS: 146 unpause ctr with invalid ctr id
PASS: 147 remove paused ctr
FAIL: 148 ctr seccomp profiles unconfined
FAIL: 149 ctr seccomp profiles runtime/default
FAIL: 150 ctr seccomp profiles wrong profile name
FAIL: 151 ctr seccomp profiles localhost profile name
FAIL: 152 ctr seccomp overrides unconfined profile with runtime/default when overridden
FAIL: 153 ctr seccomp profiles runtime/default block unshare
SKIP: 154 ctr_userns run container # skip userns testing not enabled
PASS: 155 bind secrets mounts to container
PASS: 156 default mounts correctly sorted with other mounts
PASS: 157 additional devices support
PASS: 158 additional devices permissions
PASS: 159 annotation devices support
PASS: 160 annotation should not be processed if not allowed
PASS: 161 annotation should override configured additional_devices
PASS: 162 annotation should not be processed if not allowed in allowed_devices
PASS: 163 annotation should configure multiple devices
PASS: 164 annotation should fail if one device is invalid
PASS: 165 test infra ctr dropped
PASS: 166 test infra ctr not dropped
PASS: 167 test infra ctr dropped status
PASS: 168 pod test hooks
PASS: 169 run container in pod with image ID
PASS: 170 container status when created by image ID
PASS: 171 container status when created by image tagged reference
PASS: 172 container status when created by image canonical reference
PASS: 173 container status when created by image list canonical reference
PASS: 174 image pull and list
PASS: 175 image pull and list using imagestore
SKIP: 176 image pull with signature # skip registry has some issues
PASS: 177 image pull and list by tag and ID
PASS: 178 image pull and list by digest and ID
PASS: 179 image pull and list by manifest list digest
PASS: 180 image pull and list by manifest list tag
PASS: 181 image pull and list by manifest list and individual digest
PASS: 182 image pull and list by individual and manifest list digest
PASS: 183 image list with filter
PASS: 184 image list/remove
PASS: 185 image status/remove
SKIP: 186 run container in pod with crun-wasm enabled # skip crun-wasm not installed or runtime type is VM
PASS: 187 check if image is pinned appropriately
PASS: 188 run container in pod with timezone configured
PASS: 189 run container in pod with local timezone
PASS: 190 run container with memory_limit_in_bytes -1
PASS: 191 run container with memory_limit_in_bytes 12.5MiB
PASS: 192 run container with container_min_memory 17.5MiB
PASS: 193 run container with container_min_memory 5.5MiB
PASS: 194 run container with empty container_min_memory
PASS: 195 image remove with multiple names, by name
PASS: 196 image remove with multiple names, by ID
PASS: 197 image volume ignore
PASS: 198 image volume bind
PASS: 199 image volume user mkdir
PASS: 200 image fs info with default settings should return matching container_filesystem and image_filesystem
PASS: 201 image fs info with imagestore set should return different filesystems
PASS: 202 test infra ctr cpuset
PASS: 203 info inspect
PASS: 204 ctr inspect
PASS: 205 pod inspect when dropping infra
PASS: 206 ctr inspect not found
PASS: 207 inspect image should succeed contain all necessary information
SKIP: 208 irqbalance tests (in sequence) # skip irqbalance not found.
SKIP: 209 container run with kata should have containerd-shim-kata-v2 process running # skip Not
PASS: 210 metrics with default host and port
FAIL: 211 metrics with custom host using localhost and random port
FAIL: 212 secure metrics with random port
FAIL: 213 secure metrics with random port and missing cert/key
PASS: 214 pid namespace mode pod test
PASS: 215 pid namespace mode target test
PASS: 216 KUBENSMNT mount namespace
PASS: 217 ensure correct hostname
PASS: 218 ensure correct hostname for hostnetwork:true
PASS: 219 Check for valid pod netns CIDR
PASS: 220 Ensure correct CNI plugin namespace/name/container-id arguments
SKIP: 221 Connect to pod hostport from the host # skip node configured with cgroupv2 flakes this test sometimes
PASS: 222 Clean up network if pod sandbox fails
PASS: 223 Clean up network if pod sandbox fails after plugin success
PASS: 224 Clean up network if pod sandbox gets killed
PASS: 225 Ping pod from the host / another pod
PASS: 226 run NRI PluginRegistration test
PASS: 227 run NRI PluginSynchronization test
PASS: 228 run NRI PodEvents test
PASS: 229 run NRI ContainerEvents test
PASS: 230 run NRI MountInjection test
PASS: 231 run NRI EnvironmentInjection test
PASS: 232 run NRI AnnotationInjection test
PASS: 233 run NRI DeviceInjection test
PASS: 234 run NRI CpusetAdjustment test
PASS: 235 run NRI MemsetAdjustment test
PASS: 236 run NRI CpusetAdjustmentUpdate test
PASS: 237 run NRI MemsetAdjustmentUpdate test
SKIP: 238 OCI image volume mount lifecycle # skip requires crictl version "1.31" or newer
PASS: 239 pod release name on remove
PASS: 240 pod remove
PASS: 241 pod stop ignores not found sandboxes
PASS: 242 pod list filtering
PASS: 243 pod metadata in list & status
PASS: 244 pass pod sysctls to runtime
PASS: 245 pass pod sysctls to runtime when in userns
SKIP: 246 disable crypto.fips_enabled when FIPS_DISABLE is set # skip The directory /proc/sys/crypto does not exist on this host.
PASS: 247 fail to pass pod sysctls to runtime if invalid spaces
PASS: 248 fail to pass pod sysctl to runtime if invalid value
PASS: 249 skip pod sysctls to runtime if host
PASS: 250 pod stop idempotent
PASS: 251 pod remove idempotent
PASS: 252 pod stop idempotent with ctrs already stopped
PASS: 253 restart crio and still get pod status
PASS: 254 invalid systemd cgroup_parent fail
PASS: 255 systemd cgroup_parent correctly set
PASS: 256 kubernetes pod terminationGracePeriod passthru
PASS: 257 pod pause image matches configured image in crio.conf
PASS: 258 pod stop cleans up all namespaces
PASS: 259 pod with the correct etc folder ownership
PASS: 260 verify RunAsGroup in container
PASS: 261 single cni plugin with pod annotations capability enabled
PASS: 262 single cni plugin with pod annotations capability disabled
PASS: 263 pod annotations capability for chained cni plugins
PASS: 264 accept unsigned image with default policy
PASS: 265 deny unsigned image with restrictive policy
PASS: 266 accept signed image with default policy
FAIL: 267 accept signed image with restrictive policy
PASS: 268 accept unsigned image with not existing namespace policy
PASS: 269 accept unsigned image with higher priority namespace policy
PASS: 270 deny unsigned image with higher priority namespace policy
FAIL: 271 accept signed image with higher priority namespace policy
PASS: 272 pprof
PASS: 273 pprof over unix socket
PASS: 274 reload config should succeed
PASS: 275 reload config should succeed with 'log_level'
PASS: 276 reload config should fail with 'log_level' if invalid
PASS: 277 reload config should fail with if config is malformed
PASS: 278 reload config should succeed with 'pause_image'
PASS: 279 reload config should succeed with 'pause_command'
PASS: 280 reload config should succeed with 'pause_image_auth_file'
PASS: 281 reload config should fail with non existing 'pause_image_auth_file'
PASS: 282 reload config should succeed with 'log_filter'
PASS: 283 reload config should fail with invalid 'log_filter'
PASS: 284 reload config should succeed with 'decryption_keys_path'
PASS: 285 reload config should succeed with 'seccomp_profile'
FAIL: 286 reload config should not fail with invalid 'seccomp_profile'
SKIP: 287 reload config should succeed with 'apparmor_profile' # skip apparmor not enabled
SKIP: 288 reload config should fail with invalid 'apparmor_profile' # skip apparmor not enabled
PASS: 289 reload config should add new runtime
PASS: 290 reload config should update 'pinned_images'
PASS: 291 reload config should update 'pinned_images' and only 'pause_image' is pinned
PASS: 292 reload config should update 'pause_image' and it becomes 'pinned_images'
PASS: 293 reload config should remove pinned images when an empty list is provided
PASS: 294 reload system registries should succeed
PASS: 295 reload system registries should succeed with new registry
PASS: 296 reload system registries should fail on invalid syntax in file
PASS: 297 system registries should succeed with new registry without reload
PASS: 298 system registries should fail on invalid syntax in file without reload
PASS: 299 system handles burst of configuration changes without excessive reloads
PASS: 300 system handles duplicate events for the same file
PASS: 301 crio restore
PASS: 302 crio restore with pod stopped
PASS: 303 crio restore with bad state and pod stopped
PASS: 304 crio restore with bad state and ctr stopped
PASS: 305 crio restore with bad state and ctr removed
PASS: 306 crio restore with bad state and pod removed
PASS: 307 crio restore with bad state
PASS: 308 crio restore with missing config.json
PASS: 309 crio restore first not managing then managing
PASS: 310 crio restore first managing then not managing
PASS: 311 crio restore changing managing dir
PASS: 312 crio restore upon entering KUBENSMNT
PASS: 313 crio restore upon exiting KUBENSMNT
PASS: 314 crio restore volumes for containers
PASS: 315 crictl runtimeversion
PASS: 316 if fs.may_detach_mounts is set
FAIL: 317 seccomp notifier with runtime/default
FAIL: 318 seccomp notifier with runtime/default but not stop
FAIL: 319 seccomp notifier with custom profile
FAIL: 320 seccomp notifier should not work if annotation is not allowed
FAIL: 321 seccomp OCI artifact with image annotation without suffix
FAIL: 322 seccomp OCI artifact with image annotation for pod
FAIL: 323 seccomp OCI artifact with image annotation for container
PASS: 324 seccomp OCI artifact with image annotation but not allowed annotation on runtime config
FAIL: 325 seccomp OCI artifact with image annotation and profile set to unconfined
PASS: 326 seccomp OCI artifact with image annotation but set runtime default profile with higher priority
FAIL: 327 seccomp OCI artifact with image annotation but set localhost profile with higher priority
FAIL: 328 seccomp OCI artifact with pod annotation
FAIL: 329 seccomp OCI artifact with container annotation
PASS: 330 seccomp OCI artifact with bogus annotation
PASS: 331 seccomp OCI artifact with missing artifact
PASS: 332 selinux label level=s0 is sufficient
SKIP: 333 selinux skips relabeling if TrySkipVolumeSELinuxLabel annotation is present # skip not enforcing
SKIP: 334 selinux skips relabeling for super privileged container # skip not enforcing
PASS: 335 ctr check shared /dev/shm
PASS: 336 check /dev/shm is changed
PASS: 337 check /dev/shm fails with incorrect values
PASS: 338 stats
PASS: 339 container stats
PASS: 340 pod stats
PASS: 341 status not should fail if no subcommand is provided
PASS: 342 status should succeed to retrieve the config
PASS: 343 status should fail to retrieve the config with invalid socket
PASS: 344 status should succeed to retrieve the info
PASS: 345 status should fail to retrieve the info with invalid socket
PASS: 346 succeed to retrieve the container info
PASS: 347 should fail to retrieve the container info without ID
PASS: 348 should fail to retrieve the container with invalid socket
PASS: 349 should not clean up pod after timeout
FAIL: 350 emit metric when sandbox is re-requested
PASS: 351 should not clean up container after timeout
PASS: 352 should clean up pod after timeout if request changes
PASS: 353 should clean up container after timeout if request changes
PASS: 354 should clean up pod after timeout if not re-requested
PASS: 355 should not wait for actual duplicate pod request
PASS: 356 should clean up container after timeout if not re-requested
FAIL: 357 emit metric when container is re-requested
PASS: 358 should not be able to operate on a timed out pod
PASS: 359 should not be able to operate on a timed out container
PASS: 360 should not wait for actual duplicate container request
PASS: 361 check umask is changed
FAIL: 362 userns annotation auto should succeed
PASS: 363 userns annotation auto with keep-id and map-to-root should fail
FAIL: 364 userns annotation auto should map host run_as_user
FAIL: 365 version
PASS: 366 version -j
PASS: 367 test workload gets configured to defaults
PASS: 368 test workload can override defaults
PASS: 369 test workload should not be set if not defaulted or specified
PASS: 370 test workload should not be set if annotation not specified
PASS: 371 test workload pod gets configured to defaults
PASS: 372 test workload can override pod defaults
PASS: 373 test workload pod should not be set if not defaulted or specified
PASS: 374 test workload pod should not be set if annotation not specified
PASS: 375 test workload pod should override infra_ctr_cpuset option
PASS: 376 test workload allowed annotation should not work if not configured
PASS: 377 test workload allowed annotation appended with runtime
PASS: 378 test workload allowed annotation works for pod
PASS: 379 test resource cleanup on bad annotation contents
PASS: 380 test workload pod should not be set if annotation not specified even if prefix
PASS: 381 test special runtime annotations not allowed
PASS: 382 test special runtime annotations allowed
real 9m12.847s
user 42m18.946s
sys 8m15.064s
DURATION: 553
END: /usr/lib64/cri-o/ptest
2024-11-23T14:59
STOP: ptest-runner
TOTAL: 1 FAIL: 0
root@intel-x86-64:~#