github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-19 07:49:17 +00:00
Code Issues Projects Releases Wiki Activity

test: Run full set of zcrypttest for VFIO-AP coldplug

Browse Source 
Previously, the test for VFIO-AP coldplug only checked whether a
passthrough device was attached to the VM guest. This commit expands
the test to include a full set of zcrypttest to verify that the device
functions properly within a container.

Additionally, since containerd has been upgraded to v1.7.25 on the
test machine, it is no longer necessary to run the test via crictl.
The commit removes all related codes/files.

Signed-off-by: Hyounggyu Choi <Hyounggyu.Choi@ibm.com>
This commit is contained in:
Hyounggyu Choi
2025-01-21 14:09:30 +01:00
parent 47db9b3773
commit dde627cef4
2 changed files with 13 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
tests/functional/vfio-ap/container-config.json.in
View File

@@ -1,33 +0,0 @@
#
# Copyright (c) 2024 IBM Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
{
"metadata": {
"name": "test-container",
"namespace": "default"
},
"image": {
"image": "$IMAGE_NAME"
},
"command": [
"sh",
"-c",
"sleep 3600"
],
"mounts": [],
"log_path": "test-container.log",
"linux": {
"security_context": {
"privileged": true
}
},
"devices": [
{
"container_path": "/dev/vfio/$DEVICE_INDEX",
"host_path": "/dev/vfio/$DEVICE_INDEX",
"permissions": "rwm"
}
]
}

40
tests/functional/vfio-ap/run.sh
View File

@@ -58,7 +58,7 @@ setup_hotplug() {
setup_coldplug() { setup_coldplug() {
echo "Set up the configuration file for Coldplug" echo "Set up the configuration file for Coldplug"
setup_config_file "vfio_mode" "replace" "guest-kernel" setup_config_file "vfio_mode" "replace" "vfio"
setup_config_file "hot_plug_vfio" "comment_out" setup_config_file "hot_plug_vfio" "comment_out"
setup_config_file "cold_plug_vfio" "replace" "bridge-port" setup_config_file "cold_plug_vfio" "replace" "bridge-port"
show_config_file show_config_file
@@ -91,7 +91,7 @@ cleanup() {
echo 0x$(printf -- 'f%.0s' {1..64}) | sudo tee /sys/bus/ap/aqmask > /dev/null echo 0x$(printf -- 'f%.0s' {1..64}) | sudo tee /sys/bus/ap/aqmask > /dev/null
# Remove files used for testing # Remove files used for testing
rm -f ${script_path}/zcrypttest ${script_path}/container-config.json rm -f ${script_path}/zcrypttest
} }
validate_env() { validate_env() {
@@ -202,46 +202,22 @@ create_mediated_device() {
run_test() { run_test() {
local run_index=$1 local run_index=$1
local container_cli=$2 local test_message=$2
local test_message=$3 local extra_cmd=${3:-}
local extra_cmd=${4:-}
local start_time=$(date +"%Y-%m-%d %H:%M:%S") local start_time=$(date +"%Y-%m-%d %H:%M:%S")
[ -n "${dev_index}" ] || { echo "No dev_index" >&2; exit 1; } [ -n "${dev_index}" ] || { echo "No dev_index" >&2; exit 1; }
# Set time granularity to a second for capturing the log # Set time granularity to a second for capturing the log
sleep 1 sleep 1
if [ "${container_cli}" == "crictl" ]; then
sudo crictl pull ${test_image_name}
# Prepare container-config.json
IMAGE_NAME="${test_image_name}" DEVICE_INDEX="${dev_index}" \
envsubst < ${script_path}/container-config.json.in > ${script_path}/container-config.json
# Create a container and run the test
POD_ID=$(sudo crictl runp --runtime=kata ${script_path}/sandbox-config.json)
sudo crictl pods
CONTAINER_ID=$(sudo crictl create $POD_ID ${script_path}/container-config.json ${script_path}/sandbox-config.json)
sudo crictl start $CONTAINER_ID
sudo crictl ps
# Give enough time for the container to start
sleep 5
sudo crictl exec $CONTAINER_ID \
bash -c "lszcrypt ${_APID}.${_APQI} | grep ${APQN} ${extra_cmd}"
[ $? -eq 0 ] && result=0 || result=1
# Clean up the container
echo "Clean up the container"
sudo crictl stopp $POD_ID
sudo crictl rmp $POD_ID
elif [ "${container_cli}" == "ctr" ]; then
sudo ctr image pull --plain-http ${test_image_name} sudo ctr image pull --plain-http ${test_image_name}
# Create a container and run the test # Create a container and run the test
sudo ctr run --runtime io.containerd.run.kata.v2 --rm \ sudo ctr run --runtime io.containerd.run.kata.v2 --rm \
--privileged --privileged-without-host-devices \
--device ${dev_base}/${dev_index} ${test_image_name} test \ --device ${dev_base}/${dev_index} ${test_image_name} test \
bash -c "lszcrypt ${_APID}.${_APQI} | grep ${APQN}" bash -c "lszcrypt ${_APID}.${_APQI} | grep ${APQN} ${extra_cmd}"
[ $? -eq 0 ] && result=0 || result=1 [ $? -eq 0 ] && result=0 || result=1
fi
if [ $result -eq 0 ]; then if [ $result -eq 0 ]; then
echo "ok ${run_index} ${test_category} ${test_message}" echo "ok ${run_index} ${test_category} ${test_message}"
@@ -254,10 +230,10 @@ run_test() {
run_tests() { run_tests() {
setup_hotplug setup_hotplug
run_test "1" "crictl" "Test can assign a CEX device inside the guest via VFIO-AP Hotplug" "&& zcrypttest -a -v" run_test "1" "Test can assign a CEX device inside the guest via VFIO-AP Hotplug" "&& zcrypttest -a -v"
setup_coldplug setup_coldplug
run_test "2" "ctr" "Test can assign a CEX device inside the guest via VFIO-AP Coldplug" run_test "2" "Test can assign a CEX device inside the guest via VFIO-AP Coldplug" "&& zcrypttest -a -v"
} }
main() { main() {