test: docker: Support sharing /dev nodes using --mount docker option
In device type template, one can set:
actions:
test:
methods:
docker:
share_devices: direct
share_device option value can be:
* udev (default, in case the value is not set or empty) - previous
behavior, rely on udev event forwarding, which requires additional
software running on the host (e.g. lava_dispatcher_host).
* direct - pass device nodes on docker command line using --mount
option (a more obvious --device option is not used, because it doesn't
allow device name to contain ':', which is otherwise often the case).
Only real device nodes are shared, symlinks (as usually created by
udev on the host) aren't.
* direct-symlinks - like above, but symlinks are shared too. Note that
such symlinks become real device nodes in the container, which may
pose problems with some software. (E.g. if software blindly expects
a particular node to be a symlink, and calls readlink() on it. This
was seen e.g. with mbedOS tools).
Direct sharing of the devices is mostly implemented by 2 reasons:
1. When LAVA itself runs in a docker container(s), it's yet an open
question how to perform udev forwarding (lava_dispatcher_host isn't
currently a part of the official docker-compose setup for LAVA).
2. Even if forwarding works, it apparently requires udev to be running
in a container to be the receiving side of this forwarding. But that's
oftentimes not the case (udev is not included in docker images), which
would require patching such docker images specifically for LAVA, which
is not always practical.
So, choice of sharing device nodes using native docker means is
provided. This isn't fully optimal/general solution either, e.g.:
a) it apparently won't work with dynamically appearing/disappearing
device nodes; b) there're issues with symlinks, device nodes
containing ':', and capabilities/permission required to access them
(--device doesn't work with ':' in device names, so we have to use
--mount instead; but mount requires using --privileged for most
operations on the device nodes, while --device would require only
particular --cap-add option).
That said, with these new options, there's not a good inventory
to solve different usecases, with this fairly peculiar area of
operating on device nodes in docker containers, which is kind
of fringe area, lying outside the original docker usecases, and
which still requires further evolution upstream or robust external
tools (like lava_dispatcher_host, which itself doesn't cover all
the usecases yet).
Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
| Status | Job ID | Name | Coverage | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Test | |||||||||
| passed |
#133454
amd64
|
dispatcher-debian-10 |
00:02:26
|
|
|||||
| passed |
#133456
amd64
|
dispatcher-debian-11 |
00:02:26
|
|
|||||
| passed |
#133455
amd64
|
server-debian-10 |
00:02:57
|
|
|||||
| passed |
#133457
amd64
|
server-debian-11 |
00:05:02
|
|
|||||
| Analyze | |||||||||
| passed |
#133458
amd64-dind
|
bandit-sast |
00:00:59
|
|
|||||
| passed |
#133461
amd64
|
black |
00:00:50
|
|
|||||
| passed |
#133462
amd64
|
code_quality |
00:00:26
|
|
|||||
| passed |
#133467
amd64
|
codespell |
00:00:21
|
|
|||||
| passed |
#133463
amd64
|
coverage |
00:07:00
|
61.05% |
|
||||
| passed |
#133464
amd64
|
dockerfiles |
00:00:19
|
|
|||||
| passed |
#133459
amd64-dind
|
eslint-sast |
00:00:25
|
|
|||||
| passed |
#133466
amd64
|
pylint |
00:03:20
|
|
|||||
| passed |
#133465
amd64
|
schemas |
00:00:34
|
|
|||||
| passed |
#133460
amd64-dind
|
semgrep-sast |
00:01:11
|
|
|||||
| Build | |||||||||
| passed |
#133469
amd64
|
debian/10 |
00:01:45
|
|
|||||
| passed |
#133468
amd64
|
doc |
00:00:37
|
|
|||||
| passed |
#133919
amd64-dind
|
docker-amd64-dispatcher |
00:01:50
|
|
|||||
| passed |
#133471
amd64-dind
|
docker-amd64-server |
00:03:35
|
|
|||||
| failed |
#133470
amd64-dind
|
docker-amd64-dispatcher |
00:01:57
|
|
|||||