/* * Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @summary Test JCMD across container boundary. The JCMD runs on a host system, * while sending commands to a JVM that runs inside a container. * @requires docker.support * @requires vm.flagless * @modules java.base/jdk.internal.misc * java.management * jdk.jartool/sun.tools.jar * @library /test/lib * @build EventGeneratorLoop * @run driver TestJcmd */ import java.util.List; import java.util.concurrent.TimeUnit; import java.util.stream.Collectors; import jdk.test.lib.Container; import jdk.test.lib.JDKToolFinder; import jdk.test.lib.Platform; import jdk.test.lib.Utils; import jdk.test.lib.containers.docker.Common; import jdk.test.lib.containers.docker.DockerRunOptions; import jdk.test.lib.containers.docker.DockerfileConfig; import jdk.test.lib.containers.docker.DockerTestUtils; import jdk.test.lib.process.OutputAnalyzer; import jdk.test.lib.process.ProcessTools; import jtreg.SkippedException; public class TestJcmd { private static final String IMAGE_NAME = Common.imageName("jcmd"); private static final int TIME_TO_RUN_CONTAINER_PROCESS = (int) (10 * Utils.TIMEOUT_FACTOR); // seconds private static final String CONTAINER_NAME = "test-container"; private static final boolean IS_PODMAN = Container.ENGINE_COMMAND.contains("podman"); private static final String ROOT_UID = "0"; public static void main(String[] args) throws Exception { DockerTestUtils.canTestDocker(); // podman versions below 3.3.1 hava a bug where cross-container testing with correct // permissions fails. See JDK-8273216 if (IS_PODMAN && PodmanVersion.VERSION_3_3_1.compareTo(getPodmanVersion()) > 0) { throw new SkippedException("Podman version too old for this test. Expected >= 3.3.1"); } // Need to create a custom dockerfile where user name and id, as well as group name and id // of the JVM running in container must match the ones from the inspecting JCMD process. String content = generateCustomDockerfile(); DockerTestUtils.buildJdkContainerImage(IMAGE_NAME, content); try { Process p = startObservedContainer(); long pid = testJcmdGetPid("EventGeneratorLoop"); assertIsAlive(p); testJcmdHelp(pid); assertIsAlive(p); testVmInfo(pid); p.waitFor(); } finally { DockerTestUtils.removeDockerImage(IMAGE_NAME); } } // Run "jcmd -l", find the target process. private static long testJcmdGetPid(String className) throws Exception { System.out.println("TestCase: testJcmdGetPid()"); ProcessBuilder pb = new ProcessBuilder(JDKToolFinder.getJDKTool("jcmd"), "-l"); OutputAnalyzer out = new OutputAnalyzer(pb.start()) .shouldHaveExitValue(0); System.out.println("------------------ jcmd -l output: "); System.out.println(out.getOutput()); System.out.println("-----------------------------------"); List l = out.asLines() .stream() .filter(s -> s.contains(className)) .collect(Collectors.toList()); if (l.isEmpty()) { throw new RuntimeException("Could not find specified process"); } String pid = l.get(0).split("\\s+", 3)[0]; return Long.parseLong(pid); } private static void testJcmdHelp(long pid) throws Exception { System.out.println("TestCase: testJcmdHelp()"); ProcessBuilder pb = new ProcessBuilder(JDKToolFinder.getJDKTool("jcmd"), "" + pid, "help"); OutputAnalyzer out = new OutputAnalyzer(pb.start()) .shouldHaveExitValue(0) .shouldContain("JFR.start") .shouldContain("VM.version"); } private static void testVmInfo(long pid) throws Exception { System.out.println("TestCase: testVmInfo()"); ProcessBuilder pb = new ProcessBuilder(JDKToolFinder.getJDKTool("jcmd"), "" + pid, "VM.info"); OutputAnalyzer out = new OutputAnalyzer(pb.start()) .shouldHaveExitValue(0) .shouldContain("vm_info") .shouldContain("VM Arguments"); } // Need to make sure that user name+id and group name+id are created for the image, and // match the host system. This is necessary to allow proper permission/access for JCMD. // For podman --userns=keep-id is sufficient. private static String generateCustomDockerfile() throws Exception { StringBuilder sb = new StringBuilder(); sb.append(String.format("FROM %s:%s\n", DockerfileConfig.getBaseImageName(), DockerfileConfig.getBaseImageVersion())); sb.append("COPY /jdk /jdk\n"); sb.append("ENV JAVA_HOME=/jdk\n"); if (!IS_PODMAN) { // only needed for docker String uid = getId("-u"); String gid = getId("-g"); String userName = getId("-un"); String groupName = getId("-gn"); // Only needed when run as regular user. UID == 0 should already exist if (!ROOT_UID.equals(uid)) { sb.append(String.format("RUN groupadd --gid %s %s \n", gid, groupName)); sb.append(String.format("RUN useradd --uid %s --gid %s %s \n", uid, gid, userName)); sb.append(String.format("USER %s \n", userName)); } } sb.append("CMD [\"/bin/bash\"]\n"); return sb.toString(); } private static Process startObservedContainer() throws Exception { DockerRunOptions opts = new DockerRunOptions(IMAGE_NAME, "/jdk/bin/java", "EventGeneratorLoop"); opts.addDockerOpts("--volume", Utils.TEST_CLASSES + ":/test-classes/:z") .addJavaOpts("-cp", "/test-classes/") .addDockerOpts("--cap-add=SYS_PTRACE") .addDockerOpts("--name", CONTAINER_NAME) .addClassOptions("" + TIME_TO_RUN_CONTAINER_PROCESS); if (IS_PODMAN && !ROOT_UID.equals(getId("-u"))) { // map the current userid to the one in the target namespace opts.addDockerOpts("--userns=keep-id"); } // avoid large Xmx opts.appendTestJavaOptions = false; List cmd = DockerTestUtils.buildJavaCommand(opts); ProcessBuilder pb = new ProcessBuilder(cmd); return ProcessTools.startProcess("main-container-process", pb, line -> line.contains(EventGeneratorLoop.MAIN_METHOD_STARTED), 5, TimeUnit.SECONDS); } private static void assertIsAlive(Process p) throws Exception { if (!p.isAlive()) { throw new RuntimeException("Main container process stopped unexpectedly, exit value: " + p.exitValue()); } } // -u for userId, -g for groupId private static String getId(String param) throws Exception { ProcessBuilder pb = new ProcessBuilder("id", param); OutputAnalyzer out = new OutputAnalyzer(pb.start()) .shouldHaveExitValue(0); String result = out.asLines().get(0); System.out.println("getId() " + param + " returning: " + result); return result; } // pre: IS_PODMAN == true private static String getPodmanVersionStr() { if (!IS_PODMAN) { return null; } try { ProcessBuilder pb = new ProcessBuilder(Container.ENGINE_COMMAND, "--version"); OutputAnalyzer out = new OutputAnalyzer(pb.start()) .shouldHaveExitValue(0); String result = out.asLines().get(0); System.out.println(Container.ENGINE_COMMAND + " --version returning: " + result); return result; } catch (Exception e) { System.out.println(Container.ENGINE_COMMAND + " --version command failed. Returning null"); return null; } } private static PodmanVersion getPodmanVersion() { return PodmanVersion.fromVersionString(getPodmanVersionStr()); } private static class PodmanVersion implements Comparable { private static final PodmanVersion DEFAULT = new PodmanVersion(0, 0, 0); private static final PodmanVersion VERSION_3_3_1 = new PodmanVersion(3, 3, 1); private final int major; private final int minor; private final int micro; private PodmanVersion(int major, int minor, int micro) { this.major = major; this.minor = minor; this.micro = micro; } @Override public int compareTo(PodmanVersion other) { if (this.major > other.major) { return 1; } else if (this.major < other.major) { return -1; } else { // equal major if (this.minor > other.minor) { return 1; } else if (this.minor < other.minor) { return -1; } else { // equal majors and minors if (this.micro > other.micro) { return 1; } else if (this.micro < other.micro) { return -1; } else { // equal majors, minors, micro return 0; } } } } private static PodmanVersion fromVersionString(String version) { try { // Example 'podman version 3.2.1' String versNums = version.split("\\s+", 3)[2]; String[] numbers = versNums.split("\\.", 3); return new PodmanVersion(Integer.parseInt(numbers[0]), Integer.parseInt(numbers[1]), Integer.parseInt(numbers[2])); } catch (Exception e) { System.out.println("Failed to parse podman version: " + version); return DEFAULT; } } } }