github.com/opencontainers/runtime-tools@v0.9.0/README.md

github.com/opencontainers/runtime-tools@v0.9.0/README.md (about)

     1  # oci-runtime-tool [![Build Status](https://travis-ci.org/opencontainers/runtime-tools.svg?branch=master)](https://travis-ci.org/opencontainers/runtime-tools) [![Go Report Card](https://goreportcard.com/badge/github.com/opencontainers/runtime-tools)](https://goreportcard.com/report/github.com/opencontainers/runtime-tools)
     2  
     3  oci-runtime-tool is a collection of tools for working with the [OCI runtime specification][runtime-spec].
     4  To build from source code, runtime-tools requires Go 1.10.x or above.
     5  
     6  ## Table of Contents
     7  
     8  Additional documentation about how this group operates:
     9  
    10  - [Code of Conduct][code-of-conduct]
    11  - [security][security]
    12  
    13  
    14  ## Generating an OCI runtime spec configuration files
    15  
    16  [`oci-runtime-tool generate`][generate.1] generates [configuration JSON][config.json] for an [OCI bundle][bundle].
    17  [OCI-compatible runtimes][runtime-spec] like [runC][] expect to read the configuration from `config.json`.
    18  
    19  ```console
    20  $ oci-runtime-tool generate --output config.json
    21  $ cat config.json
    22  {
    23          "ociVersion": "0.5.0",
    24          …
    25  }
    26  ```
    27  
    28  ## Validating an OCI bundle
    29  
    30  [`oci-runtime-tool validate`][validate.1] validates an OCI bundle.
    31  The error message will be printed if the OCI bundle failed the validation procedure.
    32  
    33  ```console
    34  $ oci-runtime-tool generate
    35  $ oci-runtime-tool validate
    36  INFO[0000] Bundle validation succeeded.
    37  ```
    38  
    39  ## Testing OCI runtimes
    40  
    41  The runtime validation suite uses [node-tap][], which is packaged for some distributions (for example, it is in [Debian's `node-tap` package][debian-node-tap]).
    42  If your distribution does not package node-tap, you can install [npm][] (for example, from [Gentoo's `nodejs` package][gentoo-nodejs]) and use it:
    43  
    44  ```console
    45  $ npm install tap
    46  ```
    47  
    48  Build the validation executables:
    49  
    50  ```console
    51  $ make runtimetest validation-executables
    52  ```
    53  
    54  Runtime validation currently [only supports](docs/runtime-compliance-testing.md) the [OCI Runtime Command Line Interface](docs/command-line-interface.md).
    55  If we add support for alternative APIs in the future, runtime validation will gain an option to select the desired runtime API.
    56  For the command line interface, the `RUNTIME` option selects the runtime command (`funC` in the [OCI Runtime Command Line Interface](docs/command-line-interface.md)).
    57  
    58  ```
    59  $ sudo make RUNTIME=runc localvalidation
    60  RUNTIME=runc tap validation/pidfile.t validation/linux_cgroups_hugetlb.t validation/linux_cgroups_memory.t validation/linux_rootfs_propagation_shared.t validation/kill.t validation/create.t validation/poststart.t validation/linux_cgroups_network.t validation/poststop_fail.t validation/linux_readonly_paths.t validation/prestart_fail.t validation/hooks_stdin.t validation/default.t validation/linux_masked_paths.t validation/poststop.t validation/misc_props.t validation/prestart.t validation/poststart_fail.t validation/mounts.t validation/linux_cgroups_relative_pids.t validation/process_user.t validation/process.t validation/hooks.t validation/process_capabilities_fail.t validation/process_rlimits_fail.t validation/linux_cgroups_relative_cpus.t validation/process_rlimits.t validation/linux_cgroups_relative_blkio.t validation/linux_sysctl.t validation/linux_seccomp.t validation/linux_devices.t validation/start.t validation/linux_cgroups_pids.t validation/process_capabilities.t validation/process_oom_score_adj.t validation/linux_cgroups_relative_hugetlb.t validation/linux_cgroups_cpus.t validation/linux_cgroups_relative_memory.t validation/state.t validation/root_readonly_true.t validation/linux_cgroups_blkio.t validation/linux_rootfs_propagation_unbindable.t validation/delete.t validation/linux_cgroups_relative_network.t validation/hostname.t validation/killsig.t validation/linux_uid_mappings.t
    61  validation/pidfile.t .failed to create the container
    62  container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"process_linux.go:367: setting cgroup config for procHooks process caused \\\"failed to write 56892210544640 to hugetlb.1GB.limit_in_bytes: open /sys/fs/cgroup/hugetlb/cgrouptest/hugetlb.1GB.limit_in_bytes: permission denied\\\"\""
    63  exit status 1
    64  validation/pidfile.t .................................. 1/1 315ms
    65  validation/linux_cgroups_hugetlb.t .................... 0/1
    66    not ok validation/linux_cgroups_hugetlb.t
    67      timeout: 30000
    68      file: validation/linux_cgroups_hugetlb.t
    69      command: validation/linux_cgroups_hugetlb.t
    70      args: []
    71      stdio:
    72        - 0
    73        - pipe
    74        - 2
    75      cwd: /…/go/src/github.com/opencontainers/runtime-tools
    76      exitCode: 1
    77  
    78  validation/linux_cgroups_memory.t ..................... 9/9
    79  validation/linux_rootfs_propagation_shared.t ...... 252/282
    80    not ok shared root propagation exposes "/target348456609/mount892511628/example376408222"
    81  
    82    Skipped: 29
    83       /dev/null (default device) has unconfigured permissions
    84  …
    85  total ........................................... 4381/4962
    86  
    87  
    88    4381 passing (1m)
    89    567 pending
    90    14 failing
    91  
    92  make: *** [Makefile:44: localvalidation] Error 1
    93  ```
    94  
    95  You can also run an individual test executable directly:
    96  
    97  ```console
    98  $ sudo RUNTIME=runc validation/default/default.t
    99  TAP version 13
   100  ok 1 - has expected hostname
   101    ---
   102    {
   103      "actual": "mrsdalloway",
   104      "expected": "mrsdalloway"
   105    }
   106    ...
   107  …
   108  ok 287 # SKIP linux.gidMappings not set
   109  1..287
   110  ```
   111  
   112  If you cannot install node-tap, you can probably run the test suite with another [TAP consumer][tap-consumers].
   113  For example, with [`prove`][prove]:
   114  
   115  ```console
   116  $ sudo make TAP='prove -Q -j9' RUNTIME=runc VALIDATION_TESTS=validation/pidfile/pidfile.t localvalidation
   117  RUNTIME=runc prove -Q -j9 validation/pidfile.t
   118  All tests successful.
   119  Files=1, Tests=1,  0 wallclock secs ( 0.01 usr  0.01 sys +  0.03 cusr  0.03 csys =  0.08 CPU)
   120  Result: PASS
   121  ```
   122  
   123  [security]: https://github.com/opencontainers/org/blob/master/security
   124  [code-of-conduct]: https://github.com/opencontainers/org/blob/master/CODE_OF_CONDUCT.md
   125  [bundle]: https://github.com/opencontainers/runtime-spec/blob/master/bundle.md
   126  [config.json]: https://github.com/opencontainers/runtime-spec/blob/master/config.md
   127  [debian-node-tap]: https://packages.debian.org/stretch/node-tap
   128  [debian-nodejs]: https://packages.debian.org/stretch/nodejs
   129  [gentoo-nodejs]: https://packages.gentoo.org/packages/net-libs/nodejs
   130  [node-tap]: http://www.node-tap.org/
   131  [npm]: https://www.npmjs.com/
   132  [prove]: http://search.cpan.org/~leont/Test-Harness-3.39/bin/prove
   133  [runC]: https://github.com/opencontainers/runc
   134  [runtime-spec]: https://github.com/opencontainers/runtime-spec
   135  [tap-consumers]: https://testanything.org/consumers.html
   136  
   137  [generate.1]: man/oci-runtime-tool-generate.1.md
   138  [validate.1]: man/oci-runtime-tool-validate.1.md