10. ch-test
¶
Run some or all of the Charliecloud test suite.
10.1. Synopsis¶
$ ch-test [PHASE] [--scope SCOPE] [--pack-fmt FMT] [ARGS]
10.2. Description¶
Charliecloud comes with a comprehensive test suite that exercises the
container workflow itself as well as a few example applications.
ch-test
coordinates running the test suite.
While the CLI has lots of options, the defaults are reasonable, and bare
ch-test
will give useful results in a few minutes on single-node,
internet-connected systems with a few GB available in /var/tmp
.
The test suite requires a few GB (standard scope) or tens of GB (full scope) of storage for test fixtures:
Builder storage (e.g., layer cache). This goes wherever the builder puts it.
Packed images directory: image tarballs or SquashFS files.
Unpacked images directory. Images are unpacked into and then run from here.
Filesystem permissions directories. These are used to test that the kernel is enforcing permissions correctly. Note that this exercises the kernel, not Charliecloud, and can be omitted from routine Charliecloud testing.
The first three are created when needed if they don’t exist, while the filesystem permissions fixtures must be created manually, in order to accommodate configurations where sudo is not available via the same login path used for running tests.
The packed and unpacked image directories specified for testing are volatile. The contents of these directories are deleted before the build and run phases, respectively.
In all four cases, when creating directories, only the final path component is
created. Parent directories must already exist, i.e., ch-test
uses the
behavior of mkdir
rather than mkdir -p
.
Some of the tests exercise parallel functionality. If ch-test
is run
on a single node, multiple cores will be used; if in a Slurm allocation,
multiple nodes too.
The subset of tests to run mostly splits along two key dimensions. The phase is which parts of the workflow to run. Different parts of the workflow can be tested on different systems by copying the necessary artifacts between them, e.g. by building images on one system and running them on another. The scope allows trading off thoroughness versus time.
PHASE
must be one of the following:
build
Image building and associated functionality, with the selected builder.
run
Running containers and associated functionality. This requires a packed images directory produced by a successful
build
phase, which can be copied from the build system if it’s not also the run system.rootemu
Test the root emulation modes (
seccomp
,fakeroot
, andnone
) on various linux distributions.examples
Example applications. Requires an unpacked images directory produced by a successful
run
phase.all
Execute phases
build
,rootemu
,run
, andexamples
, in that order.mk-perm-dirs
Create the filesystem permissions directories. Requires
--perm-dirs
.build-images
Build images from
build
phase, without running the associated tests.clean
Delete automatically-generated test files, and packed and unpacked image directories.
rm-perm-dirs
Remove the filesystem permissions directories. Requires
--perm-dirs
.-f
,--file FILE[:TEST]
Run the tests in the given file only, which can be an arbitrary
.bats
file, except fortest.bats
underexamples
, where you must specify the corresponding Dockerfile orBuild
file instead. This is somewhat brittle and typically used for development or debugging. For example, it does not check whether the pre-requisites of whatever is in the file are satisfied. Often runningbuild
andrun
first is sufficient, but this varies.If
TEST
is also given, then run only tests with name containing that string, skipping the others. The separator is a literal colon. If the string contains shell metacharacters such as space, you’ll need to quote the argument to protect it from the shell.
Scope is specified with:
-s
,--scope SCOPE
SCOPE
must be one of the following:
quick
: Most important subset of workflow. Handy for development.
standard
: All tested workflow functionality and a selection of more important examples. (Default.)
full
: All available tests, including all examples.
Image format is specified with:
--pack-fmt FMT
FMT
must be one of the following:
squash-mount
or 🐘: SquashFS archive, run directly from the archive usingch-run
’s internal SquashFUSE functionality. In this mode, tests that require writing to the image are skipped.
tar-unpack
or 📠: Tarball, and the images are unpacked before running.
squash-unpack
or 🎃: SquashFS, and the images are unpacked before running.Default:
$CH_TEST_PACK_FMT
if set. Otherwise, ifmksquashfs(1)
is available andch-run
was built withlibsquashfuse
support, thensquash-mount
, elsetar-unpack
.
Additional arguments:
-b
,--builder BUILDER
Image builder to use. Default:
$CH_TEST_BUILDER
if set, otherwisech-image
.--dry-run
Print summary of what would be tested and then exit.
-h
,--help
Print usage and then exit.
--img-dir DIR
Set unpacked images directory to
DIR
. In a multi-node allocation, this directory may not be shared between nodes. Default:$CH_TEST_IMGDIR
if set; otherwise/var/tmp/${USER}.img
.--lustre DIR
Use
DIR
for run-phase Lustre tests. Default:CH_TEST_LUSTREDIR
if set; otherwise skip them.The tests will create, populate, and delete a new subdirectory under
DIR
, leaving everything else inDIR
untouched.--pack-dir DIR
Set packed images directory to
DIR
. Default:$CH_TEST_TARDIR
if set; otherwise/var/tmp/${USER}.pack
.--pedantic (yes|no)
Some tests require configurations that are very specific (e.g., being a member of at least two groups) or unusual (e.g., sudo to a non-root group). If
yes
, then fail if the requirement is not met; ifno
, then skip. The default isyes
for CI environments or people listed inREADME.md
,no
otherwise.If
yes
and sudo seems to be available, implies--sudo
.--perm-dir DIR
Add
DIR
to filesystem permission fixture directories; can be specified multiple times. We recommend one such directory per mounted filesystem type whose kernel module you do not trust; e.g., you probably don’t need to test yourtmpfs
es, but out-of-tree filesystems very likely need this.Implies
--sudo
. Default:CH_TEST_PERMDIRS
if set; otherwise skip the filesystem permissions tests.--sudo
Enable things that require sudo, such as certain privilege escalation tests and creating/removing the filesystem permissions fixtures. Requires generic
sudo
capabilities. Note that the Docker builder usessudo docker
even without this option.
10.3. Exit status¶
Zero if all tests passed; non-zero if any failed. For setup and teardown phases, zero if everything was created or deleted correctly, non-zero otherwise.
10.4. Bugs¶
Bats will wait until all descendant processes finish before exiting, so if you
get into a failure mode where a test sequence doesn’t clean up all its
processes, ch-test
will hang.
10.5. Examples¶
Many systems can simply use the defaults. To run the build
,
run
, and examples
phases on a single system, without the
filesystem permissions tests:
$ ch-test
ch-test version 0.12
ch-run: 0.12 /usr/local/bin/ch-run
bats: 0.4.0 /usr/bin/bats
tests: /usr/local/libexec/charliecloud/test
phase: build run examples
scope: standard (default)
builder: docker (default)
use generic sudo: no (default)
unpacked images dir: /var/tmp/img (default)
packed images dir: /var/tmp/tar (default)
fs permissions dirs: skip (default)
checking namespaces ...
ok
checking builder ...
found: /usr/bin/docker 19.03.2
bats build.bats build_auto.bats build_post.bats
✓ documentation seems sane
✓ version number seems sane
[...]
All tests passed.
The next example is for a more complex setup like you might find in HPC centers:
Non-default fixture directories.
Non-default scope.
Different build and run systems.
Run the filesystem permissions tests.
Output has been omitted.
(mybox)$ ssh hpc-admin
(hpc-admin)$ ch-test mk-perm-dirs --perm-dir /scratch/$USER/perms \
--perm-dir /home/$USER/perms
(hpc-admin)$ exit
(mybox)$ ch-test build --scope full
(mybox)$ scp -r /var/tmp/pack hpc:/scratch/$USER/pack
(mybox)$ ssh hpc
(hpc)$ salloc -N2
(cn001)$ export CH_TEST_TARDIR=/scratch/$USER/pack
(cn001)$ export CH_TEST_IMGDIR=/local/tmp
(cn001)$ export CH_TEST_PERMDIRS="/scratch/$USER/perms /home/$USER/perms"
(cn001)$ export CH_TEST_SCOPE=full
(cn001)$ ch-test run
(cn001)$ ch-test examples