unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#75203] Fix rootless podman system tests and support I/O delegation
@ 2024-12-30 15:54 paul via Guix-patches via
  2024-12-30 15:55 ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Giacomo Leidi via Guix-patches via
  2025-01-06 21:05 ` [bug#75203] [PATCH v2 " Giacomo Leidi via Guix-patches via
  0 siblings, 2 replies; 8+ messages in thread
From: paul via Guix-patches via @ 2024-12-30 15:54 UTC (permalink / raw)
  To: 75203; +Cc: Ludovic Courtès

Hi Guix,

since rootless Podman tests are failing on CI ( 
https://ci.guix.gnu.org/build/7694600/details and past jobs), but are 
working on my machine ( :) ), I'm sending a patch adding a delay to 
allow services to start also on slower machines.

I'm using this occasion also to introduce a minor change (implement 
rootless I/O controller delegation) required for correct cgroups v2 
setup, according to [0].

Thank you for all your work,


giacomo


[0]: https://rootlesscontaine.rs/getting-started/common/cgroup2/





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test.
  2024-12-30 15:54 [bug#75203] Fix rootless podman system tests and support I/O delegation paul via Guix-patches via
@ 2024-12-30 15:55 ` Giacomo Leidi via Guix-patches via
  2024-12-30 15:55   ` [bug#75203] [PATCH 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
  2024-12-31 12:58   ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Tomas Volf
  2025-01-06 21:05 ` [bug#75203] [PATCH v2 " Giacomo Leidi via Guix-patches via
  1 sibling, 2 replies; 8+ messages in thread
From: Giacomo Leidi via Guix-patches via @ 2024-12-30 15:55 UTC (permalink / raw)
  To: 75203; +Cc: Giacomo Leidi

* gnu/tests/containers.scm (run-rootless-podman-test): Add 60 seconds
long delay before tests are actually run.

Change-Id: Ifcf70f7258f9e0886bf829884d7daedc9803352b
---
 gnu/tests/containers.scm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gnu/tests/containers.scm b/gnu/tests/containers.scm
index ba2fb22df6..047010037e 100644
--- a/gnu/tests/containers.scm
+++ b/gnu/tests/containers.scm
@@ -109,6 +109,9 @@ (define (run-rootless-podman-test oci-tarball)
                   (('service response-parts ...) #t)))
              marionette))
 
+          ;; Allow services to start on slower machines
+          (sleep 60)
+
           (test-equal "/sys/fs/cgroup/cgroup.subtree_control content is sound"
             (list "cpu" "cpuset" "memory" "pids")
             (marionette-eval

base-commit: 18463019a24a7c5acc9c2f3ddf3c0ba04a36db96
-- 
2.47.1





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH 2/2] services: rootless-podman: Enable I/O delegation.
  2024-12-30 15:55 ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Giacomo Leidi via Guix-patches via
@ 2024-12-30 15:55   ` Giacomo Leidi via Guix-patches via
  2024-12-31 12:58   ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Tomas Volf
  1 sibling, 0 replies; 8+ messages in thread
From: Giacomo Leidi via Guix-patches via @ 2024-12-30 15:55 UTC (permalink / raw)
  To: 75203; +Cc: Giacomo Leidi

Based on
https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cpu-cpuset-and-io-delegation
, this patch enables I/O delegation for cgroups v2 enabled users.

* gnu/services/containers.scm (cgroups-limits-entrypoint): Enable I/O
controller delegation.
* gnu/tests/containers.scm: Test it.

Change-Id: I7caba33695f11830bea477c4ab3afb89cfaa2fa5
---
 gnu/services/containers.scm | 2 +-
 gnu/tests/containers.scm    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/services/containers.scm b/gnu/services/containers.scm
index d8f533f44c..cb4b617e4b 100644
--- a/gnu/services/containers.scm
+++ b/gnu/services/containers.scm
@@ -169,7 +169,7 @@ (define cgroups-limits-entrypoint
                 #~(system*
                    (string-append #+bash-minimal "/bin/bash") "-c"
                    (string-append "echo Setting cgroups v2 limits && "
-                                  "echo +cpu +cpuset +memory +pids"
+                                  "echo +cpu +cpuset +io +memory +pids"
                                   " >> /sys/fs/cgroup/cgroup.subtree_control"))))
 
 (define (rootless-podman-cgroups-limits-service config)
diff --git a/gnu/tests/containers.scm b/gnu/tests/containers.scm
index 047010037e..ec8a9ad440 100644
--- a/gnu/tests/containers.scm
+++ b/gnu/tests/containers.scm
@@ -113,7 +113,7 @@ (define (run-rootless-podman-test oci-tarball)
           (sleep 60)
 
           (test-equal "/sys/fs/cgroup/cgroup.subtree_control content is sound"
-            (list "cpu" "cpuset" "memory" "pids")
+            (list "cpu" "cpuset" "io" "memory" "pids")
             (marionette-eval
              `(begin
                 (use-modules (srfi srfi-1)
-- 
2.47.1





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test.
  2024-12-30 15:55 ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Giacomo Leidi via Guix-patches via
  2024-12-30 15:55   ` [bug#75203] [PATCH 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
@ 2024-12-31 12:58   ` Tomas Volf
  2025-01-06 21:05     ` paul via Guix-patches via
  1 sibling, 1 reply; 8+ messages in thread
From: Tomas Volf @ 2024-12-31 12:58 UTC (permalink / raw)
  To: 75203; +Cc: goodoldpaul

[-- Attachment #1: Type: text/plain, Size: 1309 bytes --]

Giacomo Leidi via Guix-patches via <guix-patches@gnu.org> writes:

> * gnu/tests/containers.scm (run-rootless-podman-test): Add 60 seconds
> long delay before tests are actually run.
>
> Change-Id: Ifcf70f7258f9e0886bf829884d7daedc9803352b
> ---
>  gnu/tests/containers.scm | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/gnu/tests/containers.scm b/gnu/tests/containers.scm
> index ba2fb22df6..047010037e 100644
> --- a/gnu/tests/containers.scm
> +++ b/gnu/tests/containers.scm
> @@ -109,6 +109,9 @@ (define (run-rootless-podman-test oci-tarball)
>                    (('service response-parts ...) #t)))
>               marionette))
>  
> +          ;; Allow services to start on slower machines
> +          (sleep 60)

Would it be possible to detect whether the services started?  This seems
like needless test run time penalty for fast systems.  Even a busy loop
with (sleep 1) would be much better in my opinion.

> +
>            (test-equal "/sys/fs/cgroup/cgroup.subtree_control content is sound"
>              (list "cpu" "cpuset" "memory" "pids")
>              (marionette-eval
>
> base-commit: 18463019a24a7c5acc9c2f3ddf3c0ba04a36db96

-- 
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 853 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test.
  2024-12-31 12:58   ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Tomas Volf
@ 2025-01-06 21:05     ` paul via Guix-patches via
  0 siblings, 0 replies; 8+ messages in thread
From: paul via Guix-patches via @ 2025-01-06 21:05 UTC (permalink / raw)
  To: 75203

Hi Tomas,

good point, thank you for bringing that up! I didn't do it in the first 
place as I was not able to easily test the completion status of one shot 
Shepherd services. I hope revision 2 fixes tests also on CI.


cheers,

giacomo





^ permalink raw reply	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH v2 1/2] services: tests: Add delay for rootless Podman system test.
  2024-12-30 15:54 [bug#75203] Fix rootless podman system tests and support I/O delegation paul via Guix-patches via
  2024-12-30 15:55 ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Giacomo Leidi via Guix-patches via
@ 2025-01-06 21:05 ` Giacomo Leidi via Guix-patches via
  2025-01-06 21:05   ` [bug#75203] [PATCH v2 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
  1 sibling, 1 reply; 8+ messages in thread
From: Giacomo Leidi via Guix-patches via @ 2025-01-06 21:05 UTC (permalink / raw)
  To: 75203; +Cc: Giacomo Leidi

* gnu/tests/containers.scm (run-rootless-podman-test): Add 60 seconds
long delay before tests are actually run.

Change-Id: Ifcf70f7258f9e0886bf829884d7daedc9803352b
---
 gnu/tests/containers.scm | 113 +++++++++++++++++++++------------------
 1 file changed, 60 insertions(+), 53 deletions(-)

diff --git a/gnu/tests/containers.scm b/gnu/tests/containers.scm
index ba2fb22df6..69cd311c82 100644
--- a/gnu/tests/containers.scm
+++ b/gnu/tests/containers.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2024 Giacomo Leidi <goodoldpaul@autistici.org>
+;;; Copyright © 2024, 2025 Giacomo Leidi <goodoldpaul@autistici.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -97,17 +97,65 @@ (define (run-rootless-podman-test oci-tarball)
 
           (test-runner-current (system-test-runner #$output))
           (test-begin "rootless-podman")
-
-          (test-assert "service started"
-            (marionette-eval
-             '(begin
-                (use-modules (gnu services herd))
-                (match (start-service 'cgroups2-fs-owner)
-                  (#f #f)
-                  ;; herd returns (running #f), likely because of one shot,
-                  ;; so consider any non-error a success.
-                  (('service response-parts ...) #t)))
-             marionette))
+          (marionette-eval
+           '(begin
+              (use-modules (gnu services herd))
+              (wait-for-service 'file-system-/sys/fs/cgroup))
+           marionette)
+
+          (test-assert "services started successfully and /sys/fs/cgroup has correct permissions"
+            (begin
+              (define (run-test)
+                (marionette-eval
+                 `(begin
+                    (use-modules (ice-9 popen)
+                                 (ice-9 match)
+                                 (ice-9 rdelim))
+
+                    (define (read-lines file-or-port)
+                      (define (loop-lines port)
+                        (let loop ((lines '()))
+                          (match (read-line port)
+                            ((? eof-object?)
+                             (reverse lines))
+                            (line
+                             (loop (cons line lines))))))
+
+                      (if (port? file-or-port)
+                          (loop-lines file-or-port)
+                          (call-with-input-file file-or-port
+                            loop-lines)))
+
+                    (define slurp
+                      (lambda args
+                        (let* ((port (apply open-pipe* OPEN_READ args))
+                               (output (read-lines port))
+                               (status (close-pipe port)))
+                          output)))
+                    (let* ((bash
+                            ,(string-append #$bash "/bin/bash"))
+                           (response1
+                            (slurp bash "-c"
+                                   (string-append "ls -la /sys/fs/cgroup | "
+                                                  "grep -E ' \\./?$' | awk '{ print $4 }'")))
+                           (response2 (slurp bash "-c"
+                                             (string-append "ls -l /sys/fs/cgroup/cgroup"
+                                                            ".{procs,subtree_control,threads} | "
+                                                            "awk '{ print $4 }' | sort -u"))))
+                      (list (string-join response1 "\n") (string-join response2 "\n"))))
+                 marionette))
+              ;; Allow services to come up on slower machines
+              (let loop ((attempts 0))
+                (if (= attempts 60)
+                    (error "Services didn't come up after more than 60 seconds")
+                    (if (equal? '("cgroup" "cgroup")
+                                (run-test))
+                        #t
+                        (begin
+                          (sleep 1)
+                          (format #t "Services didn't come up yet, retrying with attempt ~a~%"
+                                  (+ 1 attempts))
+                          (loop (+ 1 attempts))))))))
 
           (test-equal "/sys/fs/cgroup/cgroup.subtree_control content is sound"
             (list "cpu" "cpuset" "memory" "pids")
@@ -144,47 +192,6 @@ (define (run-rootless-podman-test oci-tarball)
                   (sort-list (string-split (first response1) #\space) string<?)))
              marionette))
 
-          (test-equal "/sys/fs/cgroup has correct permissions"
-            '("cgroup" "cgroup")
-            (marionette-eval
-             `(begin
-                (use-modules (ice-9 popen)
-                             (ice-9 match)
-                             (ice-9 rdelim))
-
-                (define (read-lines file-or-port)
-                  (define (loop-lines port)
-                    (let loop ((lines '()))
-                      (match (read-line port)
-                        ((? eof-object?)
-                         (reverse lines))
-                        (line
-                         (loop (cons line lines))))))
-
-                  (if (port? file-or-port)
-                      (loop-lines file-or-port)
-                      (call-with-input-file file-or-port
-                        loop-lines)))
-
-                (define slurp
-                  (lambda args
-                    (let* ((port (apply open-pipe* OPEN_READ args))
-                           (output (read-lines port))
-                           (status (close-pipe port)))
-                      output)))
-                (let* ((bash
-                        ,(string-append #$bash "/bin/bash"))
-                       (response1
-                        (slurp bash "-c"
-                               (string-append "ls -la /sys/fs/cgroup | "
-                                              "grep -E ' \\./?$' | awk '{ print $4 }'")))
-                       (response2 (slurp bash "-c"
-                                         (string-append "ls -l /sys/fs/cgroup/cgroup"
-                                                        ".{procs,subtree_control,threads} | "
-                                                        "awk '{ print $4 }' | sort -u"))))
-                  (list (string-join response1 "\n") (string-join response2 "\n"))))
-             marionette))
-
           (test-equal "Load oci image and run it (unprivileged)"
             '("hello world" "hi!" "JSON!" #o1777)
             (marionette-eval

base-commit: ee3673217b82d50e97434ae85145b8d68f077446
-- 
2.47.1





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [bug#75203] [PATCH v2 2/2] services: rootless-podman: Enable I/O delegation.
  2025-01-06 21:05 ` [bug#75203] [PATCH v2 " Giacomo Leidi via Guix-patches via
@ 2025-01-06 21:05   ` Giacomo Leidi via Guix-patches via
  2025-01-11 23:20     ` bug#75203: Fix rootless podman system tests and support " Ludovic Courtès
  0 siblings, 1 reply; 8+ messages in thread
From: Giacomo Leidi via Guix-patches via @ 2025-01-06 21:05 UTC (permalink / raw)
  To: 75203; +Cc: Giacomo Leidi

Based on
https://rootlesscontaine.rs/getting-started/common/cgroup2/#enabling-cpu-cpuset-and-io-delegation
, this patch enables I/O delegation for cgroups v2 enabled users.

* gnu/services/containers.scm (cgroups-limits-entrypoint): Enable I/O
controller delegation.
* gnu/tests/containers.scm: Test it.

Change-Id: I7caba33695f11830bea477c4ab3afb89cfaa2fa5
---
 gnu/services/containers.scm | 2 +-
 gnu/tests/containers.scm    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/gnu/services/containers.scm b/gnu/services/containers.scm
index a82fb64db3..19d35ccbcb 100644
--- a/gnu/services/containers.scm
+++ b/gnu/services/containers.scm
@@ -174,7 +174,7 @@ (define cgroups-limits-entrypoint
                 #~(system*
                    (string-append #+bash-minimal "/bin/bash") "-c"
                    (string-append "echo Setting cgroups v2 limits && "
-                                  "echo +cpu +cpuset +memory +pids"
+                                  "echo +cpu +cpuset +io +memory +pids"
                                   " >> /sys/fs/cgroup/cgroup.subtree_control"))))
 
 (define (rootless-podman-cgroups-limits-service config)
diff --git a/gnu/tests/containers.scm b/gnu/tests/containers.scm
index 69cd311c82..0ecc8ddb12 100644
--- a/gnu/tests/containers.scm
+++ b/gnu/tests/containers.scm
@@ -158,7 +158,7 @@ (define (run-rootless-podman-test oci-tarball)
                           (loop (+ 1 attempts))))))))
 
           (test-equal "/sys/fs/cgroup/cgroup.subtree_control content is sound"
-            (list "cpu" "cpuset" "memory" "pids")
+            (list "cpu" "cpuset" "io" "memory" "pids")
             (marionette-eval
              `(begin
                 (use-modules (srfi srfi-1)
-- 
2.47.1





^ permalink raw reply related	[flat|nested] 8+ messages in thread

* bug#75203: Fix rootless podman system tests and support I/O delegation
  2025-01-06 21:05   ` [bug#75203] [PATCH v2 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
@ 2025-01-11 23:20     ` Ludovic Courtès
  0 siblings, 0 replies; 8+ messages in thread
From: Ludovic Courtès @ 2025-01-11 23:20 UTC (permalink / raw)
  To: Giacomo Leidi; +Cc: 75203-done

Applied, thanks!




^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2025-01-11 23:21 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-12-30 15:54 [bug#75203] Fix rootless podman system tests and support I/O delegation paul via Guix-patches via
2024-12-30 15:55 ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Giacomo Leidi via Guix-patches via
2024-12-30 15:55   ` [bug#75203] [PATCH 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
2024-12-31 12:58   ` [bug#75203] [PATCH 1/2] services: tests: Add delay for rootless Podman system test Tomas Volf
2025-01-06 21:05     ` paul via Guix-patches via
2025-01-06 21:05 ` [bug#75203] [PATCH v2 " Giacomo Leidi via Guix-patches via
2025-01-06 21:05   ` [bug#75203] [PATCH v2 2/2] services: rootless-podman: Enable I/O delegation Giacomo Leidi via Guix-patches via
2025-01-11 23:20     ` bug#75203: Fix rootless podman system tests and support " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).