homecentr · lholota · Apr 27, 2020 · Apr 27, 2020 · Apr 27, 2020 · Apr 27, 2020
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,4 @@
 * text=auto
-*.sh eol=lf
+*.sh eol=lf
+**/run eol=lf
+*/services.d/* eol=lf
diff --git a/Dockerfile b/Dockerfile
@@ -4,13 +4,22 @@ FROM homecentr/base:2.0.0-alpine
 
 ENV CADVISOR_ARGS="-logtostderr"
 
+RUN apk --no-cache add \
+ libc6-compat=1.1.24-r2 \
+ device-mapper=2.02.186-r0 \
+ findutils=4.7.0-r0 && \
+ apk --no-cache add thin-provisioning-tools=0.7.1-r3 --repository http:https://dl-3.alpinelinux.org/alpine/edge/main/
+
 # Copy cAdvisor binaries
-COPY --from=cadvisor / /
+COPY --from=cadvisor /usr/bin/cadvisor /usr/bin/cadvisor
+
+# Copy config customized in cAdvisor Docker image
+COPY --from=cadvisor /etc/nsswitch.conf /etc/nsswitch.conf
 
 # Copy S6 scripts
 COPY ./fs/ /
 
-HEALTHCHECK --interval=20s --timeout=10s --start-period=5s --retries=3 CMD wget --quiet --tries=1 --spider http:https://localhost:8080/healthz || exit 1
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 CMD wget --quiet --tries=1 --spider http:https://localhost:8080/healthz || exit 1
 
 EXPOSE 8080
 

diff --git a/README.md b/README.md
@@ -24,6 +24,7 @@ services:
  - 8080:8080
  volumes:
  - /var/run/docker.sock:/var/run/docker.sock:ro
+ - /etc/machine-id:/etc/machine-id:ro
 ```
 
 ## Environment variables

diff --git a/fs/etc/services.d/cadvisor/run b/fs/etc/services.d/cadvisor/run
@@ -1,5 +1,3 @@
 #!/usr/bin/with-contenv sh
 
-s6-setuidgid nonroot
-
-exec /usr/bin/cadvisor $CADVISOR_ARGS
+exec s6-setuidgid "$PUID:$PGID" /usr/bin/cadvisor $CADVISOR_ARGS
diff --git a/tests/.idea/uiDesigner.xml b/tests/.idea/uiDesigner.xml
diff --git a/tests/src/test/java/CadvisorContainerRunningAsNonRootShould.java b/tests/src/test/java/CadvisorContainerRunningAsNonRootShould.java
@@ -0,0 +1,24 @@
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+import java.util.HashMap;
+
+public class CadvisorContainerRunningAsNonRootShould extends CadvisorContainerTests {
+ private static ContainerController _controller;
+
+ @BeforeClass
+ public static void start() {
+ _controller = new ContainerController();
+ _controller.startContainer(new HashMap<>());
+ }
+
+ @AfterClass
+ public static void cleanUp() {
+ _controller.stopContainerIfExists();
+ }
+
+ @Override
+ protected ContainerController getController() {
+ return _controller;
+ }
+}
diff --git a/tests/src/test/java/CadvisorContainerRunningAsRootShould.java b/tests/src/test/java/CadvisorContainerRunningAsRootShould.java
@@ -0,0 +1,29 @@
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+import java.util.HashMap;
+
+public class CadvisorContainerRunningAsRootShould extends CadvisorContainerTests {
+
+ private static ContainerController _controller;
+
+ @BeforeClass
+ public static void start() {
+ HashMap<String, String> envVars = new HashMap<>();
+ envVars.put("PUID", "0");
+ envVars.put("PGID", "0");
+
+ _controller = new ContainerController();
+ _controller.startContainer(envVars);
+ }
+
+ @AfterClass
+ public static void cleanUp() {
+ _controller.stopContainerIfExists();
+ }
+
+ @Override
+ protected ContainerController getController() {
+ return _controller;
+ }
+}
diff --git a/...rc/test/java/CadvisorContainerShould.java → ...src/test/java/CadvisorContainerTests.java b/...rc/test/java/CadvisorContainerShould.java → ...src/test/java/CadvisorContainerTests.java
@@ -1,17 +1,26 @@
-import static org.junit.Assert.assertEquals;
+import org.junit.Test;
 
 import java.io.IOException;
 import java.net.HttpURLConnection;
 import java.net.URL;
 
-import org.junit.Test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+
+public abstract class CadvisorContainerTests {
+
+ protected abstract ContainerController getController();
+
+ @Test
+ public void notProduceErrorOutput() {
+ assertFalse(getController().hasErrorOutput());
+ }
 
-public class CadvisorContainerShould extends ContainerTestBase {
  @Test
  public void listenOnWebUiPort() throws IOException {
  URL root = new URL(String.format("http:https://%s:%d",
- getContainer().getContainerIpAddress(),
- getContainer().getMappedPort(8080)));
+  getController().getContainer().getContainerIpAddress(),
+  getController().getContainer().getMappedPort(8080)));
 
  HttpURLConnection connection = (HttpURLConnection)root.openConnection();
  connection.connect();
@@ -22,8 +31,8 @@ public void listenOnWebUiPort() throws IOException {
  @Test
  public void returnMetrics() throws IOException {
  URL root = new URL(String.format("http:https://%s:%d/metrics",
- getContainer().getContainerIpAddress(),
- getContainer().getMappedPort(8080)));
+  getController().getContainer().getContainerIpAddress(),
+  getController().getContainer().getMappedPort(8080)));
 
  HttpURLConnection connection = (HttpURLConnection)root.openConnection();
  connection.connect();
@@ -34,8 +43,8 @@ public void returnMetrics() throws IOException {
  @Test
  public void returnSuccessOnHealthCheckEndpoint() throws IOException {
  URL root = new URL(String.format("http:https://%s:%d/healthz",
- getContainer().getContainerIpAddress(),
- getContainer().getMappedPort(8080)));
+  getController().getContainer().getContainerIpAddress(),
+  getController().getContainer().getMappedPort(8080)));
 
  HttpURLConnection connection = (HttpURLConnection)root.openConnection();
  connection.connect();

diff --git a/tests/src/test/java/ContainerController.java b/tests/src/test/java/ContainerController.java
@@ -0,0 +1,63 @@
+import org.junit.After;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.output.OutputFrame;
+import org.testcontainers.containers.output.Slf4jLogConsumer;
+import org.testcontainers.containers.wait.strategy.Wait;
+
+import java.util.HashMap;
+
+public class ContainerController {
+ private static final Logger logger = LoggerFactory.getLogger(ContainerController.class);
+
+ private GenericContainer _container;
+
+ protected void startContainer(HashMap<String, String> envVars) {
+ String dockerImageTag = System.getProperty("image_tag");
+
+ logger.info("Tested Docker image tag: {}", dockerImageTag);
+
+ _container = new GenericContainer<>(dockerImageTag)
+ .withEnv(envVars)
+ .withPrivilegedMode(true)
+ .waitingFor(Wait.forHealthcheck());
+
+ _container.start();
+ _container.followOutput(new Slf4jLogConsumer(logger));
+ }
+
+ public void stopContainerIfExists() {
+ if(_container != null) {
+ _container.stop();
+ _container.close();
+ }
+ }
+
+ protected GenericContainer getContainer() {
+ return _container;
+ }
+
+ protected boolean hasErrorOutput() {
+ String errOut = getContainer().getLogs(OutputFrame.OutputType.STDERR);
+ String[] lines = errOut.split("\\r?\\n");
+
+ for (String line : lines) {
+ // These are warnings cAdvisor puts into output which are caused by the test environment
+ // i.e. these warnings are expected
+ if(line.startsWith("W0427") || line.startsWith("E0427")) {
+ continue;
+ }
+
+ if(line.isEmpty()) {
+ continue;
+ }
+
+ System.err.println(errOut);
+
+ return true;
+ }
+
+ return false;
+ }
+}
diff --git a/tests/src/test/java/ContainerTestBase.java b/tests/src/test/java/ContainerTestBase.java