Make CI working with latest Nomad version

Author: olljanat

.github/workflows/config.yml

@@ -12,6 +12,7 @@ jobs:
       - uses: actions/checkout@v2
       - name: Run containerd-driver integration tests
         run: |
+          sudo modprobe bridge
           mkdir -p /home/runner/go/src/github.com/hashistack4u
           ln -s /home/runner/work/nomad-driver-containerd/nomad-driver-containerd /home/runner/go/src/github.com/hashistack4u/nomad-driver-containerd
           cd /home/runner/go/src/github.com/hashistack4u/nomad-driver-containerd

Vagrantfile

@@ -23,7 +23,7 @@ Vagrant.configure("2") do |config|
     apt-get install -y unzip gcc runc jq make
     echo "export GOPATH=/home/vagrant/go" >> /home/vagrant/.bashrc
     echo "export PATH=$PATH:/usr/local/go/bin" >> /home/vagrant/.bashrc
-    echo "export CONTAINERD_NAMESPACE=nomad" >> /home/vagrant/.bashrc
+    echo "export CONTAINERD_NAMESPACE=nomad.slice" >> /home/vagrant/.bashrc
     source /home/vagrant/.bashrc
     # without keeping HOME env, 'sudo make test' will try to find files under /root/go/
     echo "Defaults env_keep += HOME" | sudo tee /etc/sudoers.d/keep_home

example/agent.hcl

@@ -1,11 +1,18 @@
 log_level = "INFO"
 data_dir = "/tmp/nomad"
 
+advertise {
+  http = "127.0.0.1"
+  rpc  = "127.0.0.1"
+  serf = "127.0.0.1"
+}
+
 plugin "containerd-driver" {
   config {
     enabled = true
     containerd_runtime = "io.containerd.runc.v2"
     stats_interval = "5s"
+    allow_privileged = true
   }
 }
 
@@ -30,4 +37,7 @@ client {
     path = "/tmp/host_volume/s1"
     read_only = false
   }
+  options {
+    "driver.allowlist" = "containerd-driver"
+  }
 }

tests/001-test-redis.sh

@@ -50,13 +50,13 @@ test_redis_nomad_job() {
     fi
 
     echo "INFO: Check if memory and memory_max are set correctly in the cgroup filesystem."
-    task_name=$(sudo CONTAINERD_NAMESPACE=nomad ctr containers ls|awk 'NR!=1'|cut -d' ' -f1)
-    memory_soft_limit=$(sudo cat /sys/fs/cgroup/memory/nomad/$task_name/memory.soft_limit_in_bytes)
+    task_name=$(sudo CONTAINERD_NAMESPACE=nomad.slice ctr containers ls|awk 'NR!=1'|cut -d' ' -f1)
+    memory_soft_limit=$(sudo cat /sys/fs/cgroup/nomad.slice/$task_name/memory.low)
     if [ $memory_soft_limit != "$(( 256 * 1024 * 1024 ))" ]; then
        echo "ERROR: memory should be 256 MB. Found ${memory_soft_limit}."
        exit 1
     fi
-    memory_hard_limit=$(sudo cat /sys/fs/cgroup/memory/nomad/$task_name/memory.limit_in_bytes)
+    memory_hard_limit=$(sudo cat /sys/fs/cgroup/nomad.slice/$task_name/memory.max)
     if [ $memory_hard_limit != "$(( 512 * 1024 * 1024 ))" ]; then
        echo "ERROR: memory_max should be 512 MB. Found ${memory_hard_limit}."
        exit 1

tests/002-test-signal-handler.sh

@@ -32,7 +32,7 @@ test_signal_handler_nomad_job() {
     alloc_id=$(nomad job status signal|awk 'END{print}'|cut -d ' ' -f 1)
     local outfile=$(mktemp /tmp/signal.XXXXXX)
     nomad alloc signal -s INVALID $alloc_id >> $outfile 2>&1
-    if ! grep -q "Invalid signal" $outfile; then
+    if ! grep -q "invalid signal" $outfile; then
         echo "ERROR: Invalid signal didn't error out."
         cleanup "$outfile"
         exit 1

tests/011-test-allow-privileged.sh

@@ -7,10 +7,13 @@ job_name=privileged-not-allowed
 test_allow_privileged() {
     pushd ~/go/src/github.com/hashistack4u/nomad-driver-containerd/example
 
+    sudo systemctl stop nomad
+    sleep 10s
     cp agent.hcl agent.hcl.bkp
 
-    sed -i '9 i \    allow_privileged = false' agent.hcl
-    sudo systemctl restart nomad
+    sed -i -e 's/allow_privileged = true/allow_privileged = false/' agent.hcl
+    sudo systemctl start nomad
+    sleep 10s
     is_systemd_service_active "nomad.service" true
 
     echo "INFO: Starting nomad ${job_name} job using nomad-driver-containerd."
@@ -21,7 +24,7 @@ test_allow_privileged() {
     echo "INFO: Checking status of ${job_name} job."
     alloc_id=$(nomad job status ${job_name}|grep failed|awk 'NR==1'|cut -d ' ' -f 1)
     output=$(nomad alloc status $alloc_id)
-    echo -e "$output" |grep "Running privileged jobs are not allowed" &>/dev/null
+    echo -e "$output" |grep "running privileged jobs are not allowed" &>/dev/null
     if [ $? -ne 0 ];then
        echo "ERROR: ${job_name} should have failed to run."
        return 1

tests/run_tests.sh

@@ -2,8 +2,9 @@
 
 set -eo pipefail
 
-export NOMAD_VERSION=1.9.5
+export NOMAD_VERSION=1.9.6
 export CONTAINERD_VERSION=1.7.25
+export RUNC_VERSION=1.2.4
 export PATH=$PATH:/usr/local/go/bin
 export PATH=$PATH:/usr/local/bin
 if [ -e /home/runner ]; then
@@ -89,6 +90,11 @@ setup() {
 	sudo tar -C /usr/local -xzf containerd-${CONTAINERD_VERSION}-linux-amd64.tar.gz
 	rm -f containerd-${CONTAINERD_VERSION}-linux-amd64.tar.gz
 
+	# Install runc
+	curl -L -o runc https://github.com/opencontainers/runc/releases/download/v${RUNC_VERSION}/runc.amd64
+	chmod 0755 runc
+	sudo mv runc /usr/local/bin/
+
 	# Drop containerd systemd unit file into /lib/systemd/system.
 	cat << EOF > containerd.service
 # /lib/systemd/system/containerd.service

tests/utils.sh

@@ -26,7 +26,7 @@ is_container_active() {
         i="0"
         while test $i -lt 5
         do
-                sudo CONTAINERD_NAMESPACE=nomad ctr task ls|grep -q RUNNING
+                sudo CONTAINERD_NAMESPACE=nomad.slice ctr task ls|grep -q RUNNING
                 if [ $? -eq 0 ]; then
                         echo "INFO: ${job_name} container is up and running"
 			if [ "$is_sleep" = true ]; then