diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 173e2e162e0..6b782633047 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -131,61 +131,83 @@ jobs: matrix: go: - stable + - oldstable + - tip suite: - cluster - standalone + test-category: + - all backend: - dir - - btrfs - - lvm - - zfs - - ceph - - linstor - - random os: - ubuntu-24.04 + - ubuntu-24.04-arm include: - - go: oldstable + # cluster full test with various backends + - go: stable suite: cluster - backend: dir + test-category: all + backend: btrfs os: ubuntu-24.04 - - go: oldstable - suite: standalone - backend: dir + - go: stable + suite: cluster + test-category: all + backend: lvm os: ubuntu-24.04 - - go: tip + - go: stable suite: cluster - backend: dir + test-category: all + backend: zfs os: ubuntu-24.04 - - go: tip - suite: standalone - backend: dir + - go: stable + suite: cluster + test-category: all + backend: ceph os: ubuntu-24.04 - - - go: oldstable + - go: stable suite: cluster - backend: dir - os: ubuntu-24.04-arm - - go: oldstable - suite: standalone - backend: dir - os: ubuntu-24.04-arm + test-category: all + backend: linstor + os: ubuntu-24.04 - go: stable suite: cluster - backend: dir - os: ubuntu-24.04-arm + test-category: all + backend: random + os: ubuntu-24.04 + + # standalone storage test with various backends - go: stable suite: standalone - backend: dir - os: ubuntu-24.04-arm - - go: tip - suite: cluster - backend: dir - os: ubuntu-24.04-arm - - go: tip + test-category: storage + backend: btrfs + os: ubuntu-24.04 + - go: stable + suite: standalone + test-category: storage + backend: lvm + os: ubuntu-24.04 + - go: stable + suite: standalone + test-category: storage + backend: zfs + os: ubuntu-24.04 + - go: stable suite: standalone - backend: dir - os: ubuntu-24.04-arm + test-category: storage + backend: ceph + os: ubuntu-24.04 + - go: stable + suite: standalone + test-category: storage + backend: linstor + os: ubuntu-24.04 + - go: stable + suite: standalone + test-category: storage + backend: random + os: ubuntu-24.04 + runs-on: ${{ matrix.os }} steps: @@ -443,7 +465,7 @@ jobs: sudo nft add rule inet filter output ip daddr 45.45.148.8 reject sudo nft add rule inet filter output ip6 daddr 2602:fc62:a:1::8 reject - - name: "Run system tests (${{ matrix.go }}, ${{ matrix.suite }}, ${{ matrix.backend }})" + - name: "Run system tests (${{ matrix.go }}, ${{ matrix.suite }}, ${{matrix.test-category}}, ${{ matrix.backend }})" env: CGO_LDFLAGS_ALLOW: "(-Wl,-wrap,pthread_create)|(-Wl,-z,now)" INCUS_CEPH_CLUSTER: "ceph" @@ -459,7 +481,7 @@ jobs: chmod +x ~ echo "root:1000000:1000000000" | sudo tee /etc/subuid /etc/subgid cd test - sudo --preserve-env=PATH,GOPATH,GITHUB_ACTIONS,INCUS_VERBOSE,INCUS_BACKEND,INCUS_CEPH_CLUSTER,INCUS_CEPH_CEPHFS,INCUS_CEPH_CEPHOBJECT_RADOSGW,INCUS_LINSTOR_LOCAL_SATELLITE,INCUS_LINSTOR_CLUSTER,INCUS_OFFLINE,INCUS_SKIP_TESTS,INCUS_REQUIRED_TESTS, INCUS_BACKEND=${{ matrix.backend }} ./main.sh ${{ matrix.suite }} + sudo --preserve-env=PATH,GOPATH,GITHUB_ACTIONS,INCUS_VERBOSE,INCUS_BACKEND,INCUS_CEPH_CLUSTER,INCUS_CEPH_CEPHFS,INCUS_CEPH_CEPHOBJECT_RADOSGW,INCUS_LINSTOR_LOCAL_SATELLITE,INCUS_LINSTOR_CLUSTER,INCUS_OFFLINE,INCUS_SKIP_TESTS,INCUS_REQUIRED_TESTS, INCUS_BACKEND=${{ matrix.backend }} ./main.sh ${{ matrix.suite }} ${{ matrix.test-category }} client: name: Client @@ -486,7 +508,7 @@ jobs: - name: Create build directory run: | - mkdir bin + mkdir bin - name: Build static incus (x86_64) env: diff --git a/test/main.sh b/test/main.sh index 270a0c5b3d9..62fa8ba35e2 100755 --- a/test/main.sh +++ b/test/main.sh @@ -213,58 +213,16 @@ if [ "$#" -gt 0 ] && [ "$1" != "all" ] && [ "$1" != "cluster" ] && [ "$1" != "st exit fi -if [ "${1:-"all"}" != "cluster" ]; then +# Essential features that make Incus work +run_standalone_core() { run_test test_check_deps "checking dependencies" run_test test_database_restore "database restore" run_test test_database_no_disk_space "database out of disk space" run_test test_sql "SQL" - run_test test_tls_restrictions "TLS restrictions" - run_test test_oidc "OpenID Connect" - run_test test_openfga "OpenFGA" - run_test test_certificate_edit "Certificate edit" run_test test_basic_usage "basic usage" run_test test_remote_url "remote url handling" run_test test_remote_admin "remote administration" run_test test_remote_usage "remote usage" - run_test test_tls_jwt "JWT authentication" -fi - -if [ "${1:-"all"}" != "standalone" ]; then - run_test test_clustering_enable "clustering enable" - run_test test_clustering_membership "clustering membership" - run_test test_clustering_containers "clustering containers" - run_test test_clustering_storage "clustering storage" - run_test test_clustering_storage_single_node "clustering storage single node" - run_test test_clustering_network "clustering network" - run_test test_clustering_publish "clustering publish" - run_test test_clustering_profiles "clustering profiles" - run_test test_clustering_join_api "clustering join api" - run_test test_clustering_shutdown_nodes "clustering shutdown" - run_test test_clustering_projects "clustering projects" - run_test test_clustering_update_cert "clustering update cert" - run_test test_clustering_update_cert_reversion "clustering update cert reversion" - run_test test_clustering_address "clustering address" - run_test test_clustering_image_replication "clustering image replication" - run_test test_clustering_recover "clustering recovery" - run_test test_clustering_handover "clustering handover" - run_test test_clustering_rebalance "clustering rebalance" - run_test test_clustering_remove_raft_node "clustering remove raft node" - run_test test_clustering_failure_domains "clustering failure domains" - run_test test_clustering_image_refresh "clustering image refresh" - run_test test_clustering_evacuation "clustering evacuation" - run_test test_clustering_instance_placement_scriptlet "clustering instance placement scriptlet" - run_test test_clustering_move "clustering move" - run_test test_clustering_edit_configuration "clustering config edit" - run_test test_clustering_remove_members "clustering config remove members" - run_test test_clustering_autotarget "clustering autotarget member" - # run_test test_clustering_upgrade "clustering upgrade" - run_test test_clustering_groups "clustering groups" - run_test test_clustering_events "clustering events" - run_test test_clustering_uuid "clustering uuid" - run_test test_clustering_openfga "clustering OpenFGA" -fi - -if [ "${1:-"all"}" != "cluster" ]; then run_test test_projects_default "default project" run_test test_projects_crud "projects CRUD operations" run_test test_projects_containers "containers inside projects" @@ -274,35 +232,12 @@ if [ "${1:-"all"}" != "cluster" ]; then run_test test_projects_profiles_default "profiles from the global default project" run_test test_projects_images "images inside projects" run_test test_projects_images_default "images from the global default project" - run_test test_projects_storage "projects and storage pools" run_test test_projects_network "projects and networks" run_test test_projects_limits "projects limits" run_test test_projects_usage "projects usage" run_test test_projects_restrictions "projects restrictions" - run_test test_container_devices_disk "container devices - disk" - run_test test_container_devices_disk_restricted "container devices - disk - restricted" - run_test test_container_devices_nic_p2p "container devices - nic - p2p" - run_test test_container_devices_nic_bridged "container devices - nic - bridged" - run_test test_container_devices_nic_bridged_acl "container devices - nic - bridged - acl" - run_test test_container_devices_nic_bridged_filtering "container devices - nic - bridged - filtering" - run_test test_container_devices_nic_bridged_vlan "container devices - nic - bridged - vlan" - run_test test_container_devices_nic_physical "container devices - nic - physical" - run_test test_container_devices_nic_macvlan "container devices - nic - macvlan" - run_test test_container_devices_nic_ipvlan "container devices - nic - ipvlan" - run_test test_container_devices_nic_sriov "container devices - nic - sriov" - run_test test_container_devices_nic_routed "container devices - nic - routed" - run_test test_container_devices_infiniband_physical "container devices - infiniband - physical" - run_test test_container_devices_infiniband_sriov "container devices - infiniband - sriov" - run_test test_container_devices_proxy "container devices - proxy" - run_test test_container_devices_gpu "container devices - gpu" - run_test test_container_devices_unix_char "container devices - unix-char" - run_test test_container_devices_unix_block "container devices - unix-block" - run_test test_container_devices_tpm "container devices - tpm" run_test test_container_move "container server-side move" run_test test_container_oci "OCI containers" - run_test test_container_syscall_interception "container syscall interception" - run_test test_security "security features" - run_test test_security_protection "container protection" run_test test_image_expiry "image expiry" run_test test_image_list_all_aliases "image list all aliases" run_test test_image_auto_update "image auto-update" @@ -312,66 +247,25 @@ if [ "${1:-"all"}" != "cluster" ]; then run_test test_image_refresh "image refresh" run_test test_image_split "image split" run_test test_image_acl "image acl" - run_test test_cloud_init "cloud-init" + run_test test_filemanip "file manipulations" run_test test_exec "exec" run_test test_exec_exit_code "exec exit code" run_test test_concurrent_exec "concurrent exec" run_test test_concurrent "concurrent startup" - run_test test_snapshots "container snapshots" - run_test test_snap_restore "snapshot restores" - run_test test_snap_expiry "snapshot expiry" - run_test test_snap_schedule "snapshot scheduling" - run_test test_snap_volume_db_recovery "snapshot volume database record recovery" + run_test test_cloud_init "cloud-init" run_test test_config_profiles "profiles and configuration" run_test test_config_edit "container configuration edit" run_test test_property "container property" - run_test test_config_edit_container_snapshot_pool_config "container and snapshot volume configuration edit" - run_test test_container_metadata "manage container metadata and templates" - run_test test_container_snapshot_config "container snapshot configuration" run_test test_server_config "server configuration" - run_test test_filemanip "file manipulations" - run_test test_network "network management" - run_test test_network_dhcp_routes "network dhcp routes" - run_test test_network_peers "network peers" - run_test test_network_acl "network ACL management" - run_test test_address_set "network address set" - run_test test_network_forward "network address forwards" - run_test test_network_zone "network DNS zones" - run_test test_network_hwaddr_pattern "network MAC address pattern" - run_test test_idmap "id mapping" run_test test_template "file templating" - run_test test_pki "PKI mode" run_test test_dev_incus "/dev/incus" - run_test test_fuidshift "fuidshift" run_test test_migration "migration" run_test test_lxc_to_incus "LXC to Incus" run_test test_fdleak "fd leak" - run_test test_storage "storage" - run_test test_storage_volume_snapshots "storage volume snapshots" - run_test test_init_auto "incus admin init auto" - run_test test_init_interactive "incus admin init interactive" - run_test test_init_preseed "incus admin init preseed" - run_test test_storage_profiles "storage profiles" - run_test test_container_recover "container recover" - run_test test_bucket_recover "bucket recover" - run_test test_get_operations "test_get_operations" - run_test test_storage_volume_attach "attaching storage volumes" - run_test test_storage_driver_btrfs "btrfs storage driver" - run_test test_storage_driver_ceph "ceph storage driver" - run_test test_storage_driver_cephfs "cephfs storage driver" - run_test test_storage_driver_linstor "linstor storage driver" - run_test test_storage_driver_truenas "truenas storage driver" - run_test test_storage_driver_zfs "zfs storage driver" - run_test test_storage_buckets "storage buckets" - run_test test_storage_bucket_export "storage buckets export and import" - run_test test_storage_volume_import "storage volume import" - run_test test_storage_volume_initial_config "storage volume initial configuration" - run_test test_storage_volume_filemanip "storage volume file manipulations" run_test test_resources "resources" run_test test_kernel_limits "kernel limits" run_test test_console "console" run_test test_query "query" - run_test test_storage_local_volume_handling "storage local volume handling" run_test test_backup_import "backup import" run_test test_backup_export "backup export" run_test test_backup_rename "backup rename" @@ -381,8 +275,6 @@ if [ "${1:-"all"}" != "cluster" ]; then run_test test_backup_different_instance_uuid "backup instance and check instance UUIDs" run_test test_backup_volume_expiry "backup volume expiry" run_test test_backup_export_import_recover "backup export, import, and recovery" - run_test test_container_local_cross_pool_handling "container local cross pool handling" - run_test test_incremental_copy "incremental container copy" run_test test_profiles_project_default "profiles in default project" run_test test_profiles_project_images_profiles "profiles in project with images and profiles enabled" run_test test_profiles_project_images "profiles in project with images enabled and profiles disabled" @@ -390,12 +282,174 @@ if [ "${1:-"all"}" != "cluster" ]; then run_test test_filtering "API filtering" run_test test_warnings "Warnings" run_test test_metrics "Metrics" - run_test test_storage_volume_recover "Recover storage volumes" - run_test test_syslog_socket "Syslog socket" run_test test_incus_user "incus-user" run_test test_systemd "systemd" + +} + +# Disk, volume, quota, and filesystem management +run_standalone_storage() { + run_test test_storage "storage" + run_test test_storage_volume_snapshots "storage volume snapshots" + run_test test_storage_profiles "storage profiles" + run_test test_container_local_cross_pool_handling "container local cross pool handling" + run_test test_storage_local_volume_handling "storage local volume handling" + run_test test_storage_driver_btrfs "btrfs storage driver" + run_test test_storage_driver_ceph "ceph storage driver" + run_test test_storage_driver_cephfs "cephfs storage driver" + run_test test_storage_driver_linstor "linstor storage driver" + run_test test_storage_driver_truenas "truenas storage driver" + run_test test_storage_driver_zfs "zfs storage driver" + run_test test_storage_buckets "storage buckets" + run_test test_storage_bucket_export "storage buckets export and import" + run_test test_storage_volume_import "storage volume import" + run_test test_storage_volume_initial_config "storage volume initial configuration" + run_test test_storage_volume_filemanip "storage volume file manipulations" + run_test test_storage_volume_recover "Recover storage volumes" + run_test test_projects_storage "projects and storage pools" + run_test test_container_devices_disk "container devices - disk" + run_test test_snapshots "container snapshots" + run_test test_snap_restore "snapshot restores" + run_test test_snap_expiry "snapshot expiry" + run_test test_snap_schedule "snapshot scheduling" + run_test test_snap_volume_db_recovery "snapshot volume database record recovery" +} + +# Concerns IP, communication protocols, and network devices +run_standalone_network() { + run_test test_network "network management" + run_test test_network_dhcp_routes "network dhcp routes" + run_test test_network_peers "network peers" + run_test test_network_acl "network ACL management" + run_test test_address_set "network address set" + run_test test_network_forward "network address forwards" + run_test test_network_zone "network DNS zones" + run_test test_network_hwaddr_pattern "network MAC address pattern" + run_test test_container_devices_nic_p2p "container devices - nic - p2p" + run_test test_container_devices_nic_bridged "container devices - nic - bridged" + run_test test_container_devices_nic_bridged_acl "container devices - nic - bridged - acl" + run_test test_container_devices_nic_bridged_filtering "container devices - nic - bridged - filtering" + run_test test_container_devices_nic_bridged_vlan "container devices - nic - bridged - vlan" + run_test test_container_devices_nic_physical "container devices - nic - physical" + run_test test_container_devices_nic_macvlan "container devices - nic - macvlan" + run_test test_container_devices_nic_ipvlan "container devices - nic - ipvlan" + run_test test_container_devices_nic_sriov "container devices - nic - sriov" + run_test test_container_devices_nic_routed "container devices - nic - routed" + run_test test_container_devices_infiniband_physical "container devices - infiniband - physical" + run_test test_container_devices_infiniband_sriov "container devices - infiniband - sriov" + run_test test_container_devices_proxy "container devices - proxy" + run_test test_syslog_socket "Syslog socket" +} + +# Mechanisms that prevent attacks, privilege escalation, or unauthorized access +run_standalone_security() { + run_test test_security "security features" + run_test test_security_protection "container protection" + run_test test_idmap "id mapping" + run_test test_container_syscall_interception "container syscall interception" run_test test_container_bpf_token "BPF token delegation" -fi + run_test test_container_devices_disk_restricted "container devices - disk - restricted" + run_test test_tls_restrictions "TLS restrictions" + run_test test_oidc "OpenID Connect" + run_test test_openfga "OpenFGA" + run_test test_certificate_edit "Certificate edit" + run_test test_tls_jwt "JWT authentication" + run_test test_pki "PKI mode" + run_test test_fuidshift "fuidshift" +} + +run_standalone_misc() { + run_test test_container_devices_gpu "container devices - gpu" + run_test test_container_devices_unix_char "container devices - unix-char" + run_test test_container_devices_unix_block "container devices - unix-block" + run_test test_container_devices_tpm "container devices - tpm" +} + +run_standalone_all() { + run_standalone_core + run_standalone_storage + run_standalone_network + run_standalone_security + run_standalone_misc +} + +run_cluster_all() { + run_test test_clustering_enable "clustering enable" + run_test test_clustering_membership "clustering membership" + run_test test_clustering_containers "clustering containers" + run_test test_clustering_storage "clustering storage" + run_test test_clustering_storage_single_node "clustering storage single node" + run_test test_clustering_network "clustering network" + run_test test_clustering_publish "clustering publish" + run_test test_clustering_profiles "clustering profiles" + run_test test_clustering_join_api "clustering join api" + run_test test_clustering_shutdown_nodes "clustering shutdown" + run_test test_clustering_projects "clustering projects" + run_test test_clustering_update_cert "clustering update cert" + run_test test_clustering_update_cert_reversion "clustering update cert reversion" + run_test test_clustering_address "clustering address" + run_test test_clustering_image_replication "clustering image replication" + run_test test_clustering_recover "clustering recovery" + run_test test_clustering_handover "clustering handover" + run_test test_clustering_rebalance "clustering rebalance" + run_test test_clustering_remove_raft_node "clustering remove raft node" + run_test test_clustering_failure_domains "clustering failure domains" + run_test test_clustering_image_refresh "clustering image refresh" + run_test test_clustering_evacuation "clustering evacuation" + run_test test_clustering_instance_placement_scriptlet "clustering instance placement scriptlet" + run_test test_clustering_move "clustering move" + run_test test_clustering_edit_configuration "clustering config edit" + run_test test_clustering_remove_members "clustering config remove members" + run_test test_clustering_autotarget "clustering autotarget member" + # run_test test_clustering_upgrade "clustering upgrade" + run_test test_clustering_groups "clustering groups" + run_test test_clustering_events "clustering events" + run_test test_clustering_uuid "clustering uuid" + run_test test_clustering_openfga "clustering OpenFGA" +} + + +suite="${1:-all}" +category="${2:-all}" + +run_suite_category() { + s="$1" + c="$2" + test_category="run_${s}_${c}" + + if type "$test_category" >/dev/null 2>&1; then + $test_category + else + echo "Unknown test category: $s $c" + exit 1 + fi +} + +case "$suite" in + all) + run_standalone_all + run_cluster_all + ;; + standalone) + if [ "$category" = "all" ]; then + run_standalone_all + else + run_suite_category standalone "$category" + fi + ;; + cluster) + if [ "$category" = "all" ]; then + run_cluster_all + else + run_suite_category cluster "$category" + fi + ;; + *) + echo "Unknown suite: $suite" + exit 1 + ;; +esac + # shellcheck disable=SC2034 TEST_RESULT=success