diff --git a/.travis.yml b/.travis.yml index a534e912..0f4b8554 100644 --- a/.travis.yml +++ b/.travis.yml @@ -19,7 +19,7 @@ sudo: required language: go go: - - "1.12" + - "1.13.15" services: - docker @@ -32,18 +32,19 @@ go_import_path: "github.com/ibm-messaging/mq-container" env: global: - - RELEASE="" + - RELEASE="r2" jobs: include: - - stage: build - name: "Basic build" + - stage: basic-build if: branch != private-master AND tag IS blank + name: "Basic AMD64 build" os: linux env: - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_AMD64 script: bash -e travis-build-scripts/run.sh - - if: branch = private-master OR tag =~ ^release-candidate* + - stage: build + if: branch = private-master OR tag =~ ^release-candidate* name: "Multi-Arch AMD64 build" os: linux env: @@ -60,16 +61,20 @@ jobs: # # - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_PPC64LE # - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_PPC64LE # script: bash -e travis-build-scripts/run.sh - # - if: branch = private-master OR tag =~ ^release-candidate* - # name: "Multi-Arch S390X build" - # os: linux-s390 - # env: - # - BUILD_ALL=true - # - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics" - # # - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_S390X - # - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_S390X - # script: bash -e travis-build-scripts/run.sh - + - stage: build + if: branch = private-master OR tag =~ ^release-candidate* + name: "Multi-Arch S390X build" + os: linux-s390 + env: + - BUILD_ALL=true + - TEST_OPTS_DOCKER="-run TestGoldenPathWithMetrics" + - MQ_ARCHIVE_REPOSITORY=$MQ_920_ARCHIVE_REPOSITORY_S390X + - MQ_ARCHIVE_REPOSITORY_DEV=$MQ_920_ARCHIVE_REPOSITORY_DEV_S390X + script: bash -e travis-build-scripts/run.sh + - stage: push-manifest + if: branch = private-master OR tag =~ ^release-candidate* + name: "Push Manifest-list to registry" + script: make push-manifest before_install: - make install-build-deps - make install-credential-helper diff --git a/Dockerfile-server b/Dockerfile-server index c8f0f049..5e20b9e8 100644 --- a/Dockerfile-server +++ b/Dockerfile-server @@ -13,18 +13,20 @@ # limitations under the License. ARG BASE_IMAGE=registry.redhat.io/ubi8/ubi-minimal -ARG BASE_TAG=8.2-301.1593113563 +ARG BASE_TAG=8.2-349 +ARG GO_WORKDIR=/go/src/github.com/ibm-messaging/mq-container +ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/9.2.0.0-IBM-MQ-Advanced-for-Developers-Non-Install-LinuxX64.tar.gz" ############################################################################### # Build stage to build Go code ############################################################################### -FROM registry.redhat.io/ubi8/go-toolset:1.13.4-22 as builder -# FROM docker.io/centos/go-toolset-7-centos7 as builder +FROM golang:1.13.15 as builder # The URL to download the MQ installer from in tar.gz format -# This assumes an archive containing the MQ RPM install packages -ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev912_linux_x86-64.tar.gz" +# This assumes an archive containing the MQ Non-Install packages +ARG MQ_URL ARG IMAGE_REVISION="Not specified" ARG IMAGE_SOURCE="Not specified" ARG IMAGE_TAG="Not specified" +ARG GO_WORKDIR USER 0 COPY install-mq.sh /usr/local/bin/ RUN mkdir /opt/mqm \ @@ -32,13 +34,12 @@ RUN mkdir /opt/mqm \ && sleep 1 \ && INSTALL_SDK=1 install-mq.sh \ && chown -R 1001:root /opt/mqm/* -WORKDIR /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/ +WORKDIR $GO_WORKDIR/ COPY cmd/ ./cmd COPY internal/ ./internal COPY pkg/ ./pkg COPY vendor/ ./vendor -ENV PATH="${PATH}:/opt/rh/go-toolset-1.11/root/usr/bin" \ - CGO_CFLAGS="-I/opt/mqm/inc/" \ +ENV CGO_CFLAGS="-I/opt/mqm/inc/" \ CGO_LDFLAGS_ALLOW="-Wl,-rpath.*" RUN go build -ldflags "-X \"main.ImageCreated=$(date --iso-8601=seconds)\" -X \"main.ImageRevision=$IMAGE_REVISION\" -X \"main.ImageSource=$IMAGE_SOURCE\" -X \"main.ImageTag=$IMAGE_TAG\"" ./cmd/runmqserver/ RUN go build ./cmd/chkmqready/ @@ -58,11 +59,10 @@ RUN go vet ./cmd/... ./internal/... ############################################################################### FROM $BASE_IMAGE:$BASE_TAG AS mq-server # The MQ packages to install - see install-mq.sh for default value -ARG MQ_URL="https://public.dhe.ibm.com/ibmdl/export/pub/software/websphere/messaging/mqadv/mqadv_dev914_linux_x86-64.tar.gz" -ARG MQ_PACKAGES="MQSeriesRuntime-*.rpm MQSeriesServer-*.rpm MQSeriesJava*.rpm MQSeriesJRE*.rpm MQSeriesGSKit*.rpm MQSeriesMsg*.rpm MQSeriesSamples*.rpm MQSeriesWeb*.rpm MQSeriesAMS-*.rpm" -#ARG MQ_PACKAGES="ibmmq-server ibmmq-java ibmmq-jre ibmmq-gskit ibmmq-msg-.* ibmmq-samples ibmmq-web ibmmq-ams" +ARG MQ_URL ARG BASE_IMAGE ARG BASE_TAG +ARG GO_WORKDIR LABEL summary="IBM MQ Advanced Server" LABEL description="Simplify, accelerate and facilitate the reliable exchange of data with a security-rich messaging solution — trusted by the world’s most successful enterprises" LABEL vendor="IBM" @@ -89,15 +89,15 @@ RUN env \ # Create a directory for runtime data from runmqserver RUN mkdir -p /run/runmqserver \ && chown 1001:root /run/runmqserver -COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqserver /usr/local/bin/ -COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/chkmq* /usr/local/bin/ +COPY --from=builder $GO_WORKDIR/runmqserver /usr/local/bin/ +COPY --from=builder $GO_WORKDIR/chkmq* /usr/local/bin/ COPY NOTICES.txt /opt/mqm/licenses/notices-container.txt # Copy web XML files COPY web /etc/mqm/web COPY etc/mqm/*.tpl /etc/mqm/ RUN chmod ug+x /usr/local/bin/runmqserver \ && chown 1001:root /usr/local/bin/*mq* \ - && chmod ug+xs /usr/local/bin/chkmq* \ + && chmod ug+x /usr/local/bin/chkmq* \ && chown -R 1001:root /etc/mqm/* \ && install --directory --mode 2775 --owner 1001 --group root /run/runmqserver \ && touch /run/termination-log \ @@ -120,6 +120,7 @@ ENTRYPOINT ["runmqserver"] FROM mq-server AS mq-dev-server ARG BASE_IMAGE ARG BASE_TAG +ARG GO_WORKDIR # Enable MQ developer default configuration ENV MQ_DEV=true LABEL summary="IBM MQ Advanced for Developers Server" @@ -134,7 +135,7 @@ LABEL io.k8s.description="Simplify, accelerate and facilitate the reliable excha LABEL base-image=$BASE_IMAGE LABEL base-image-release=$BASE_TAG USER 0 -COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/amqpas* /opt/mqm/lib64/ +COPY --from=builder $GO_WORKDIR/amqpas* /opt/mqm/lib64/ COPY etc/mqm/*.ini /etc/mqm/ COPY etc/mqm/mq.htpasswd /etc/mqm/ RUN chmod 0660 /etc/mqm/mq.htpasswd @@ -145,7 +146,7 @@ RUN chmod u+x /usr/local/bin/install-extra-packages.sh \ # Create a directory for runtime data from runmqserver RUN mkdir -p /run/runmqdevserver \ && chown 1001:root /run/runmqdevserver -COPY --from=builder /opt/app-root/src/go/src/github.com/ibm-messaging/mq-container/runmqdevserver /usr/local/bin/ +COPY --from=builder $GO_WORKDIR/runmqdevserver /usr/local/bin/ # Copy template files COPY incubating/mqadvanced-server-dev/*.tpl /etc/mqm/ # Copy web XML files for default developer configuration diff --git a/Makefile b/Makefile index 5b7af543..7b9d537f 100644 --- a/Makefile +++ b/Makefile @@ -37,7 +37,9 @@ MQ_ARCHIVE_DEV ?= $(MQ_VERSION)-IBM-MQ-Advanced-for-Developers-Non-Install-$(MQ_ # MQ_SDK_ARCHIVE specifies the archive to use for building the golang programs. Defaults vary on developer or advanced. MQ_SDK_ARCHIVE ?= $(MQ_ARCHIVE_DEV_$(MQ_VERSION)) # Options to `go test` for the Docker tests -TEST_OPTS_DOCKER ?= +TEST_OPTS_DOCKER ?= +# Timeout for the Docker tests +TEST_TIMEOUT_DOCKER ?= 30m # MQ_IMAGE_ADVANCEDSERVER is the name of the built MQ Advanced image MQ_IMAGE_ADVANCEDSERVER ?=ibm-mqadvanced-server # MQ_IMAGE_DEVSERVER is the name of the built MQ Advanced for Developers image @@ -60,6 +62,8 @@ REGISTRY_USER ?= REGISTRY_PASS ?= # ARCH is the platform architecture (e.g. amd64, ppc64le or s390x) ARCH ?= $(if $(findstring x86_64,$(shell uname -m)),amd64,$(shell uname -m)) +# Tag to use for fat-manifest +MQ_MANIFEST_TAG=$(MQ_VERSION) ############################################################################### # Other variables @@ -71,7 +75,7 @@ MQ_ARCHIVE_DEV_TYPE=Linux BUILD_SERVER_CONTAINER=build-server # NUM_CPU is the number of CPUs available to Docker. Used to control how many # test run in parallel -NUM_CPU = $(or $(shell docker info --format "{{ .NCPU }}"),2) +NUM_CPU ?= $(or $(shell docker info --format "{{ .NCPU }}"),2) # BASE_IMAGE_TAG is a normalized version of BASE_IMAGE, suitable for use in a Docker tag BASE_IMAGE_TAG=$(lastword $(subst /, ,$(subst :,-,$(BASE_IMAGE)))) #BASE_IMAGE_TAG=$(subst /,-,$(subst :,-,$(BASE_IMAGE))) @@ -113,10 +117,19 @@ endif ifneq "$(RELEASE)" "$(EMPTY)" MQ_TAG=$(MQ_VERSION)-$(RELEASE)-$(ARCH) EXTRA_LABELS=--label release=$(RELEASE) + MQ_MANIFEST_TAG=$(MQ_VERSION)-$(RELEASE) endif MQ_IMAGE_FULL_RELEASE_NAME=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) MQ_IMAGE_DEV_FULL_RELEASE_NAME=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) +#setup variables for fat-manifests +MQ_IMAGE_DEVSERVER_MANIFEST=$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG) +MQ_IMAGE_ADVANCEDSERVER_MANIFEST=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG) +MQ_IMAGE_DEVSERVER_AMD64=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG)-amd64 +MQ_IMAGE_DEVSERVER_S390X=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEVSERVER):$(MQ_MANIFEST_TAG)-s390x +MQ_IMAGE_ADVANCEDSERVER_AMD64=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG)-amd64 +MQ_IMAGE_ADVANCEDSERVER_S390X=$(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_MANIFEST_TAG)-s390x + ############################################################################### # Build targets ############################################################################### @@ -133,6 +146,9 @@ test-all: build-devjmstest test-devserver test-advancedserver .PHONY: devserver devserver: build-devserver build-devjmstest test-devserver +.PHONY: advancedserver +advancedserver: build-advancedserver test-advancedserver + # Build incubating components .PHONY: incubating incubating: build-explorer @@ -169,7 +185,7 @@ test-unit: test-advancedserver: test/docker/vendor $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) on $(shell docker --version)"$(END))) docker inspect $(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) $(TEST_OPTS_DOCKER) + cd test/docker && TEST_IMAGE=$(MQ_IMAGE_ADVANCEDSERVER):$(MQ_TAG) EXPECTED_LICENSE=Production go test -parallel $(NUM_CPU) -timeout $(TEST_TIMEOUT_DOCKER) $(TEST_OPTS_DOCKER) .PHONY: build-devjmstest build-devjmstest: @@ -179,8 +195,9 @@ build-devjmstest: .PHONY: test-devserver test-devserver: test/docker/vendor $(info $(SPACER)$(shell printf $(TITLE)"Test $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) on $(shell docker --version)"$(END))) + docker inspect $(MQ_IMAGE_DEVSERVER):$(MQ_TAG) - cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -tags mqdev $(TEST_OPTS_DOCKER) + cd test/docker && TEST_IMAGE=$(MQ_IMAGE_DEVSERVER):$(MQ_TAG) EXPECTED_LICENSE=Developer DEV_JMS_IMAGE=$(DEV_JMS_IMAGE) IBMJRE=true go test -parallel $(NUM_CPU) -timeout $(TEST_TIMEOUT_DOCKER) -tags mqdev $(TEST_OPTS_DOCKER) .PHONY: coverage coverage: @@ -342,6 +359,26 @@ pull-devserver: $(COMMAND) pull $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME) $(COMMAND) tag $(MQ_DELIVERY_REGISTRY_FULL_PATH)/$(MQ_IMAGE_DEV_FULL_RELEASE_NAME) $(MQ_IMAGE_DEVSERVER)\:$(MQ_TAG) +.PHONY: push-manifest +push-manifest: build-skopeo-container + $(info $(SPACER)$(shell printf $(TITLE)"** Determining the image digests **"$(END))) + $(eval MQ_IMAGE_DEVSERVER_AMD64_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux --override-arch s390x inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_DEVSERVER_AMD64) | jq -r .Digest)) + $(eval MQ_IMAGE_DEVSERVER_S390X_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_DEVSERVER_S390X) | jq -r .Digest)) + $(eval MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_ADVANCEDSERVER_AMD64) | jq -r .Digest)) + $(eval MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST=$(shell $(COMMAND) run skopeo:latest --override-os linux inspect --creds $(MQ_ARCHIVE_REPOSITORY_USER):$(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) docker://$(MQ_IMAGE_ADVANCEDSERVER_S390X) | jq -r .Digest)) + $(info $(shell printf "** Determined the built $(MQ_IMAGE_DEVSERVER_AMD64) has a digest of $(MQ_IMAGE_DEVSERVER_AMD64_DIGEST)**"$(END))) + $(info $(shell printf "** Determined the built $(MQ_IMAGE_DEVSERVER_S390X) has a digest of $(MQ_IMAGE_DEVSERVER_S390X_DIGEST)**"$(END))) + $(info $(shell printf "** Determined the built $(MQ_IMAGE_ADVANCEDSERVER_AMD64) has a digest of $(MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST)**"$(END))) + $(info $(shell printf "** Determined the built $(MQ_IMAGE_ADVANCEDSERVER_S390X) has a digest of $(MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST)**"$(END))) + $(info $(shell printf "** Calling script to create fat-manifest for $(MQ_IMAGE_DEVSERVER_MANIFEST)**"$(END))) + echo $(shell ./travis-build-scripts/create-manifest-list.sh -r $(MQ_DELIVERY_REGISTRY_HOSTNAME) -n $(MQ_DELIVERY_REGISTRY_NAMESPACE) -i $(MQ_IMAGE_DEVSERVER) -t $(MQ_MANIFEST_TAG) -u $(MQ_ARCHIVE_REPOSITORY_USER) -p $(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -d "$(MQ_IMAGE_DEVSERVER_AMD64_DIGEST) $(MQ_IMAGE_DEVSERVER_S390X_DIGEST)" $(END)) + $(info $(shell printf "** Calling script to create fat-manifest for $(MQ_IMAGE_ADVANCEDSERVER_MANIFEST)**"$(END))) + echo $(shell ./travis-build-scripts/create-manifest-list.sh -r $(MQ_DELIVERY_REGISTRY_HOSTNAME) -n $(MQ_DELIVERY_REGISTRY_NAMESPACE) -i $(MQ_IMAGE_ADVANCEDSERVER) -t $(MQ_MANIFEST_TAG) -u $(MQ_ARCHIVE_REPOSITORY_USER) -p $(MQ_ARCHIVE_REPOSITORY_CREDENTIAL) -d "$(MQ_IMAGE_ADVANCEDSERVER_AMD64_DIGEST) $(MQ_IMAGE_ADVANCEDSERVER_S390X_DIGEST)" $(END)) + +.PHONY: build-skopeo-container +build-skopeo-container: + $(COMMAND) images | grep -q "skopeo"; if [ $$? != 0 ]; then docker build -t skopeo:latest ./docker-builds/skopeo/; fi + .PHONY: clean clean: rm -rf ./coverage diff --git a/cmd/chkmqhealthy/main.go b/cmd/chkmqhealthy/main.go index 623a554c..7132bda5 100644 --- a/cmd/chkmqhealthy/main.go +++ b/cmd/chkmqhealthy/main.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2017, 2019 +© Copyright IBM Corporation 2017, 2020 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -36,11 +36,11 @@ func queueManagerHealthy() (bool, error) { cmd := exec.Command("dspmq", "-n", "-m", name) // Run the command and wait for completion out, err := cmd.CombinedOutput() + fmt.Printf("%s", out) if err != nil { fmt.Println(err) return false, err } - fmt.Printf("%s", out) if !strings.Contains(string(out), "(RUNNING)") && !strings.Contains(string(out), "(RUNNING AS STANDBY)") && !strings.Contains(string(out), "(STARTING)") { return false, nil } diff --git a/docker-builds/skopeo/Dockerfile b/docker-builds/skopeo/Dockerfile new file mode 100644 index 00000000..7447e463 --- /dev/null +++ b/docker-builds/skopeo/Dockerfile @@ -0,0 +1,17 @@ +# © Copyright IBM Corporation 2020 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM fedora:32 +RUN yum install skopeo -y -qq +ENTRYPOINT [ "skopeo" ] diff --git a/docs/testing.md b/docs/testing.md index 07bf3a0e..55ded8a8 100644 --- a/docs/testing.md +++ b/docs/testing.md @@ -14,17 +14,19 @@ There are two main sets of tests: 2. Docker tests, which test a complete Docker image, using the Docker API ### Running the Docker tests -The Docker tests can be run locally on a machine with Docker. For example: + +The Docker tests can be run locally on a machine with Docker. For example: ``` -make test-devserver -make test-advancedserver +make devserver +make advancedserver ``` You can specify the image to use directly by using the `MQ_IMAGE_ADVANCEDSERVER` or `MQ_IMAGE_DEVSERVER` variables, for example: ``` MQ_IMAGE_ADVANCEDSERVER=ibm-mqadvanced-server:9.2.0.0-amd64 make test-advancedserver +``` You can pass parameters to `go test` with an environment variable. For example, to run the "TestGoldenPath" test, run the following command: diff --git a/test/docker/docker_api_test.go b/test/docker/docker_api_test.go index bd41c336..daba66d1 100644 --- a/test/docker/docker_api_test.go +++ b/test/docker/docker_api_test.go @@ -1,5 +1,5 @@ /* -© Copyright IBM Corporation 2017, 2019 +© Copyright IBM Corporation 2017, 2020 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -1433,3 +1433,44 @@ func TestTraceStrmqm(t *testing.T) { t.Fatalf("No trace files found in trace directory /var/mqm/trace. RC=%d.", rc) } } + +// utilTestHealthCheck is used by TestHealthCheck* to run a container with +// privileges enabled or disabled. Otherwise the same as the golden path tests. +func utilTestHealthCheck(t *testing.T, nonewpriv bool) { + t.Parallel() + cli, err := client.NewEnvClient() + if err != nil { + t.Fatal(err) + } + containerConfig := container.Config{ + Env: []string{"LICENSE=accept", "MQ_QMGR_NAME=qm1"}, + } + hostConfig := getDefaultHostConfig(t, cli) + hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, fmt.Sprintf("no-new-privileges:%v", nonewpriv)) + id := runContainerWithHostConfig(t, cli, &containerConfig, hostConfig) + defer cleanContainer(t, cli, id) + waitForReady(t, cli, id) + rc, out := execContainer(t, cli, id, "", []string{"chkmqhealthy"}) + t.Log(out) + if rc != 0 { + t.Errorf("Expected chkmqhealthy to return with exit code 0; got \"%v\"", rc) + t.Logf("Output from chkmqhealthy:\n%v", out) + } + // Stop the container cleanly + stopContainer(t, cli, id) +} + +// TestHealthCheckWithNoNewPrivileges tests golden path start/stop plus +// chkmqhealthy, when running in a container where no new privileges are +// allowed (i.e. setuid is disabled) +func TestHealthCheckWithNoNewPrivileges(t *testing.T) { + utilTestHealthCheck(t, true) +} + +// TestHealthCheckWithNoNewPrivileges tests golden path start/stop plus +// chkmqhealthy when running in a container where new privileges are +// allowed (i.e. setuid is allowed) +// See https://github.com/ibm-messaging/mq-container/issues/428 +func TestHealthCheckWithNewPrivileges(t *testing.T) { + utilTestHealthCheck(t, false) +} diff --git a/test/docker/docker_api_test_util.go b/test/docker/docker_api_test_util.go index c2c589cc..597d1552 100644 --- a/test/docker/docker_api_test_util.go +++ b/test/docker/docker_api_test_util.go @@ -267,20 +267,8 @@ func generateRandomUID() string { return fmt.Sprint(rand.Intn(max-min) + min) } -// runContainerWithPorts creates and starts a container, exposing the specified ports on the host. -// If no image is specified in the container config, then the image name is retrieved from the TEST_IMAGE -// environment variable. -func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *container.Config, ports []int) string { - if containerConfig.Image == "" { - containerConfig.Image = imageName() - } - // Always run as a random user, unless the test has specified otherwise - if containerConfig.User == "" { - containerConfig.User = generateRandomUID() - } - // if coverage - containerConfig.Env = append(containerConfig.Env, "COVERAGE_FILE="+t.Name()+".cov") - containerConfig.Env = append(containerConfig.Env, "EXIT_CODE_FILE="+getExitCodeFilename(t)) +// getDefaultHostConfig creates a HostConfig and populates it with the defaults used in testing +func getDefaultHostConfig(t *testing.T, cli *client.Client) *container.HostConfig { hostConfig := container.HostConfig{ Binds: []string{ coverageBind(t), @@ -299,17 +287,25 @@ func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *co } else { t.Logf("Detected MQ Advanced image - dropping all capabilities") } - for _, p := range ports { - port := nat.Port(fmt.Sprintf("%v/tcp", p)) - hostConfig.PortBindings[port] = []nat.PortBinding{ - { - HostIP: "0.0.0.0", - }, - } + return &hostConfig +} + +// runContainerWithHostConfig creates and starts a container, using the supplied HostConfig. +// Note that a default HostConfig can be created using getDefaultHostConfig. +func runContainerWithHostConfig(t *testing.T, cli *client.Client, containerConfig *container.Config, hostConfig *container.HostConfig) string { + if containerConfig.Image == "" { + containerConfig.Image = imageName() + } + // Always run as a random user, unless the test has specified otherwise + if containerConfig.User == "" { + containerConfig.User = generateRandomUID() } + // if coverage + containerConfig.Env = append(containerConfig.Env, "COVERAGE_FILE="+t.Name()+".cov") + containerConfig.Env = append(containerConfig.Env, "EXIT_CODE_FILE="+getExitCodeFilename(t)) networkingConfig := network.NetworkingConfig{} t.Logf("Running container (%s)", containerConfig.Image) - ctr, err := cli.ContainerCreate(context.Background(), containerConfig, &hostConfig, &networkingConfig, t.Name()) + ctr, err := cli.ContainerCreate(context.Background(), containerConfig, hostConfig, &networkingConfig, t.Name()) if err != nil { t.Fatal(err) } @@ -317,6 +313,22 @@ func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *co return ctr.ID } +// runContainerWithPorts creates and starts a container, exposing the specified ports on the host. +// If no image is specified in the container config, then the image name is retrieved from the TEST_IMAGE +// environment variable. +func runContainerWithPorts(t *testing.T, cli *client.Client, containerConfig *container.Config, ports []int) string { + hostConfig := getDefaultHostConfig(t, cli) + for _, p := range ports { + port := nat.Port(fmt.Sprintf("%v/tcp", p)) + hostConfig.PortBindings[port] = []nat.PortBinding{ + { + HostIP: "0.0.0.0", + }, + } + } + return runContainerWithHostConfig(t, cli, containerConfig, hostConfig) +} + // runContainer creates and starts a container. If no image is specified in // the container config, then the image name is retrieved from the TEST_IMAGE // environment variable. @@ -526,6 +538,7 @@ func waitForContainer(t *testing.T, cli *client.Client, ID string, timeout time. // execContainer runs a command in a running container, and returns the exit code and output func execContainer(t *testing.T, cli *client.Client, ID string, user string, cmd []string) (int, string) { + t.Logf("Running command: %v", cmd) config := types.ExecConfig{ User: user, Privileged: false, diff --git a/travis-build-scripts/build.sh b/travis-build-scripts/build.sh index c9fae5a4..cd634fd3 100755 --- a/travis-build-scripts/build.sh +++ b/travis-build-scripts/build.sh @@ -23,7 +23,7 @@ echo 'Building Developer image...' && echo -en 'travis_fold:start:build-devserve make build-devserver echo -en 'travis_fold:end:build-devserver\\r' if [ "$BUILD_ALL" = true ] ; then - if [ "$ARCH" = "amd64" ] ; then + if [[ "$ARCH" = "amd64" || "$ARCH" = "s390x" ]] ; then echo 'Building Production image...' && echo -en 'travis_fold:start:build-advancedserver\\r' make build-advancedserver echo -en 'travis_fold:end:build-advancedserver\\r' diff --git a/travis-build-scripts/create-manifest-list.sh b/travis-build-scripts/create-manifest-list.sh new file mode 100755 index 00000000..788e5ef0 --- /dev/null +++ b/travis-build-scripts/create-manifest-list.sh @@ -0,0 +1,90 @@ +#!/bin/bash + +# © Copyright IBM Corporation 2020 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +usage=" +Usage: create-image-manifest.sh -r hyc-mq-container-team-docker-local.artifactory.swg-devops.com -n foo -i ibm-mqadvanced-server-dev -t test -d \"sha256:038ad492532b099c324b897ce9da31ae0be312a1d0063f6456f2e3143cc4f4b8 sha256:754f466cf2cfc5183ac705689ce6720f27fecd07c97970ba3ec48769acba067d\" + +Where: +-r - The image registry hostname +-n - The image registry namespace +-i - The image name +-t - The desired top level manifest tag +-d - A space separated list of sha256 image digests to be included +" + +GREEN="\033[32m" +RED="\033[31m" +BLUE="\033[34m" +PURPLE="\033[35m" +AQUA="\033[36m" + +END="\033[0m" + +UNDERLINE="\033[4m" +BOLD="\033[1m" +ITALIC="\033[3m" +TITLE=${BLUE}${BOLD}${UNDERLINE} +STEPTITLE=${BLUERIGHTARROW}" "${BOLD}${ITALIC} +SUBSTEPTITLE=${MINIARROW}${MINIARROW}${MINIARROW}" "${ITALIC} +RIGHTARROW="\xE2\x96\xB6" +MINIARROW="\xE2\x96\xBB" +BLUERIGHTARROW=${BLUE}${RIGHTARROW}${END} +GREENRIGHTARROW=${GREEN}${RIGHTARROW}${END} + +ERROR=${RED} + +TICK="\xE2\x9C\x94" +CROSS="\xE2\x9C\x97" +GREENTICK=${GREEN}${TICK}${END} +REDCROSS=${RED}${CROSS}${END} + + +SPACER="\n\n" + +while getopts r:n:i:t:d:h:u:p: flag +do + case "${flag}" in + r) REGISTRY=${OPTARG};; + n) NAMESPACE=${OPTARG};; + i) IMAGE=${OPTARG};; + t) TAG=${OPTARG};; + d) DIGESTS=${OPTARG};; + u) USER=${OPTARG};; + p) CREDENTIAL=${OPTARG};; + esac +done + +if [[ -z $REGISTRY || -z $NAMESPACE || -z $IMAGE || -z $TAG || -z $DIGESTS ]] ; then + printf "${REDCROSS} ${ERROR}Missing parameter!${END}\n" + printf "${ERROR}$usage${END}\n" + exit 1 +fi + +# Docker CLI manifest commands require experimental features to be turned on +export DOCKER_CLI_EXPERIMENTAL=enabled + +MANIFESTS="" +for digest in $DIGESTS ; do \ + MANIFESTS+=" $REGISTRY/$NAMESPACE/$IMAGE@$digest" +done + +docker login $REGISTRY -u $USER -p $CREDENTIAL +docker manifest create $REGISTRY/$NAMESPACE/$IMAGE:$TAG $MANIFESTS > /dev/null +MANIFEST_DIGEST=$(docker manifest push --purge $REGISTRY/$NAMESPACE/$IMAGE:$TAG) + +echo $MANIFEST_DIGEST diff --git a/travis-build-scripts/push.sh b/travis-build-scripts/push.sh index 55154bb0..5165cc2d 100755 --- a/travis-build-scripts/push.sh +++ b/travis-build-scripts/push.sh @@ -32,7 +32,7 @@ function push_developer { } function push_production { - if [ "$ARCH" = "amd64" ] ; then + if [[ "$ARCH" = "amd64" || "$ARCH" = "s390x" ]] ; then echo 'Pushing Production image...' && echo -en 'travis_fold:start:push-advancedserver\\r' make push-advancedserver echo -en 'travis_fold:end:push-advancedserver\\r' diff --git a/travis-build-scripts/test.sh b/travis-build-scripts/test.sh index a54b170d..031cfdfe 100755 --- a/travis-build-scripts/test.sh +++ b/travis-build-scripts/test.sh @@ -16,11 +16,14 @@ set -e +# Use verbose test output +export TEST_OPTS_DOCKER="-v" + echo 'Testing Developer image...' && echo -en 'travis_fold:start:test-devserver\\r' make test-devserver echo -en 'travis_fold:end:test-devserver\\r' if [ "$BUILD_ALL" = true ] ; then - if [ "$ARCH" = "amd64" ] ; then + if [[ "$ARCH" = "amd64" || "$ARCH" = "s390x" ]] ; then echo 'Testing Production image...' && echo -en 'travis_fold:start:test-advancedserver\\r' make test-advancedserver echo -en 'travis_fold:end:test-advancedserver\\r'