Update system tests to handle zstd:chunked images #24286
Conversation
openshift-ci
bot
added
release-note-none
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mtrmac The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
Ephemeral COPR build failed. @containers/packit-build please check. |
There was a problem hiding this comment.
Yeah, this is nowhere close to working, ignore for now.
Also [255] [email protected] template with rollback
#| FAIL: global auto-update policy gets applied
#| expected: '.*podman-kube@-tmp-podman_bats.roXH3U-test.yaml.service,.* (test_pod-a),quay.io/libpod/testimage:20241010,false,registry.*' (using expr)
#| actual: 'podman-kube@-tmp-podman_bats.roXH3U-test.yaml.service,c104ff383fd7 (test_pod-a),quay.io/libpod/testimage:20241010,pending,registry'
#| > 'podman-kube@-tmp-podman_bats.roXH3U-test.yaml.service,aa204347c263 (test_pod-b),localhost/image:Kl8NYi3jxL,false,local'
mtrmac
force-pushed
the
compare-image-configs
branch
8 times, most recently
from
51edef6
to
a644fe8
Compare
|
@edsantiago With this, Could you take a preliminary look to make sure I’m not missing/breaking the point of these tests, please? See individual commit messages for details. |
mtrmac
changed the title
|
@mtrmac I've been peeking periodically and have seen no major cause for alarm. I will not be able to give this a thorough review until Monday. Apologies. |
|
@edsantiago Thanks! The peeks are reassuring already, and I need to make this pass first. There’s no rush at all. |
mtrmac
force-pushed
the
compare-image-configs
branch
2 times, most recently
from
2832b1b
to
4db012e
Compare
|
Ready for review: |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
There was a problem hiding this comment.
One suggestion, one question-and-suggestion, none blockers.
The use of cd for config digest does weird things to my brain: I can't help but see it as change directory. That's indelibly hardwired and I'm actually a little amused by it. I can't propose a better alternative (except the unwieldy $config_digest, which I see is what skopeo uses in its own system tests) so I won't block on it. Just pointing out in case you're able to think of any better name.
Nice work. Thanks for the explanatory comments.
test/system/010-images.bats
Outdated
|
|
||
| CONTAINERS_STORAGE_CONF=$sconf run_podman pull -q $IMAGE | ||
| is "$output" "$id" "pull -q $IMAGE, using storage.conf" | ||
| # This is originally a regression test, (podman pull) used to output multiple image IDs. Ensure it only prints one. | ||
| [[ $(printf '%s' "$output" | wc -l) -le 1 ]] |
There was a problem hiding this comment.
Suggestion:
assert "${#lines[*]}" -le 1 "Number of output lines from podman pull"Reason: the Bats [[ etc ]] tests generate error diagnostics that are ... sub-ideal. This is an assertion that must never fail, but even those (especially those?) deserve a way to help someone debug.
There was a problem hiding this comment.
Thanks, I completely forgot assert exists despite using it elsewhere.
Fixed as proposed.
test/system/helpers.bash
Outdated
| # with zstd:chunked, the same image might have different IDs depending on whether | ||
| # creating layers happened based on the TOC (and per-file operations) or the full layer tarball | ||
| function image_config_digest() { | ||
| echo "image_config_digest $1" >&2 |
There was a problem hiding this comment.
Did you intend to leave these debug statements?
The printf | sha256sum below is subtle and potentially distracting; if you remove the debug statements, you could collapse everything down to
local sha_output; sha_output=$(skopeo inspect --raw --config "containers-storage:$1" | sha256sum)
# strip filename ("-") from sha output
# echo "${sha_output%% *}"I'm fine with leaving the debug statements in place for a few months, but if so please add a comment explaining when it might be safe to remove them, and explaining the reason for printf (preserving exact output without the additional newline that <<<"$config" would introduce)
There was a problem hiding this comment.
After the local mystery of #24286 (comment) , the most useful case of detecting broken inputs should be handled naturally; so I have dropped the logging.
| # Removing the additional store underneath can result in dangling layer references. | ||
| # Try to fix that up. | ||
| CONTAINERS_STORAGE_CONF=$sconf run_podman rmi $IMAGE | ||
| _prefetch $IMAGE |
There was a problem hiding this comment.
This makes me barf a little, but it's my fault for making bad assumptions in this test, and I pledge to clean it in a followup.
I don’t mind long and verbose names, if they avoid confusion. So I’ll rename to |
The test got the stores RW status backwards. Before zstd:chunked, both image IDs should be the same, so this used to make no difference. Signed-off-by: Miloslav Trmač <[email protected]>
When looking up the current-store image ID, do that from the same output where we verify that the ID is from the current store, instead of listing images twice. Signed-off-by: Miloslav Trmač <[email protected]>
… methods Historically, non-schema1 images had a deterministic image ID == config digest. With zstd:chunked, we don't want to deduplicate layers pulled by consuming the full tarball and layers partially pulled based on TOC, because we can't cheaply ensure equivalence; so, image IDs for images where a TOC was used differ. To accommodate that, compare images using their configs digests, not using image IDs. Signed-off-by: Miloslav Trmač <[email protected]>
The additional image store feature assumes that images / layers in the additional store never go away, while we do remove it after this test. Try to repair the store. Signed-off-by: Miloslav Trmač <[email protected]>
Don't assume that the loaded image will be deduplicated with the server image. Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
force-pushed
the
compare-image-configs
branch
from
4db012e
to
6fd0e22
Compare
|
Thanks for the review, updated (except for rearchitecting the “additional image store” test). |
|
...and I see that tests passed in #24287 as well. Thank you. Will try to re-review this afternoon after getting to a breaking point in other work. |
|
/lgtm Nice work, thank you |
Working on test failures as discussed in containers/storage#2130 .
At this point absolutely untested, andI don’t really know what I’m doing.Cc: @edsantiago — perhaps read this only later after this is at least minimally shown to be working.
Does this PR introduce a user-facing change?