From 40e7b85206796ffa1a3724b07d7406b69b480c93 Mon Sep 17 00:00:00 2001 From: Adam Dyess Date: Fri, 22 Mar 2024 08:02:06 -0500 Subject: [PATCH] Remove lxd-profile.yaml from charms, but test with a well known profile (#49) --- charms/worker/lxd-profile.yaml | 17 ----------------- tests/integration/conftest.py | 12 ++++++++++++ tests/integration/cos_substrate.py | 5 +++-- .../integration/data/k8s.profile | 1 + 4 files changed, 16 insertions(+), 19 deletions(-) delete mode 100644 charms/worker/lxd-profile.yaml rename charms/worker/k8s/lxd-profile.yaml => tests/integration/data/k8s.profile (95%) diff --git a/charms/worker/lxd-profile.yaml b/charms/worker/lxd-profile.yaml deleted file mode 100644 index 6b4c696d..00000000 --- a/charms/worker/lxd-profile.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright 2024 Canonical Ltd. -# See LICENSE file for licensing details. -description: "LXD profile for Canonical Kubernetes" -config: - linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket - raw.lxc: | - lxc.apparmor.profile=unconfined - lxc.mount.auto=proc:rw sys:rw cgroup:rw - lxc.cgroup.devices.allow=a - lxc.cap.drop= - security.nesting: "true" - security.privileged: "true" -devices: - aadisable: - path: /dev/kmsg - source: /dev/kmsg - type: unix-char diff --git a/tests/integration/conftest.py b/tests/integration/conftest.py index 387a0dd7..ef7e1ea1 100644 --- a/tests/integration/conftest.py +++ b/tests/integration/conftest.py @@ -158,6 +158,17 @@ def switch(self, name: str, path: Path): app["channel"] = None +async def cloud_profile(ops_test: OpsTest): + """Apply lxd-profile to the model if the juju cloud is lxd.""" + controller = await ops_test.model.get_controller() + cloud = await controller.cloud() + if cloud.cloud.type_ == "lxd": + lxd = LXDSubstrate(None, None) + profile_name = f"juju-{ops_test.model.name}" + lxd.remove_profile(profile_name) + lxd.apply_profile("k8s.profile", profile_name) + + @contextlib.asynccontextmanager async def deploy_model( request: pytest.FixtureRequest, @@ -188,6 +199,7 @@ async def deploy_model( config=config, ) with ops_test.model_context(model_name) as the_model: + await cloud_profile(ops_test) async with ops_test.fast_forward("60s"): await the_model.deploy(bundle.render) await the_model.wait_for_idle( diff --git a/tests/integration/cos_substrate.py b/tests/integration/cos_substrate.py index d2650b49..982df321 100644 --- a/tests/integration/cos_substrate.py +++ b/tests/integration/cos_substrate.py @@ -54,7 +54,8 @@ def apply_profile( target_profile_name (Optional[str]): Name of the target profile. Defaults to 'cos-profile'. """ profile_path = Path("tests/integration/data") / profile_name - with open(profile_path) as file: + + with profile_path.open() as file: try: raw_profile = yaml.safe_load(file) config = raw_profile.get("config", {}) @@ -62,7 +63,7 @@ def apply_profile( self.client.profiles.create(target_profile_name, config=config, devices=devices) log.info(f"Profile {target_profile_name} applied successfully.") except (yaml.YAMLError, Exception) as e: - log.error(f"Failed to read or apply LXD profile: {e}") + log.exception(f"Failed to read or apply LXD profile: {e}") def create_container(self, name: str): """Create a container. diff --git a/charms/worker/k8s/lxd-profile.yaml b/tests/integration/data/k8s.profile similarity index 95% rename from charms/worker/k8s/lxd-profile.yaml rename to tests/integration/data/k8s.profile index 6b4c696d..861f529e 100644 --- a/charms/worker/k8s/lxd-profile.yaml +++ b/tests/integration/data/k8s.profile @@ -2,6 +2,7 @@ # See LICENSE file for licensing details. description: "LXD profile for Canonical Kubernetes" config: + boot.autostart: "true" linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,ip_tables,ip6_tables,iptable_raw,netlink_diag,nf_nat,overlay,br_netfilter,xt_socket raw.lxc: | lxc.apparmor.profile=unconfined