Run tests in containers.

[sipsma]

The original motivation for this change was to enable tests that verify
our shim exits as expected when a container exits. We decided this was
best enabled via running tests in containers, which allows you to
easily separate shim processes running in parallel from one another
and make assertions about the one created by your test in particular.
The Dockerfile used to build the environment in which tests run should
be useful in general too for enabling devs to quickly rebuild/test
changes.

While Buildkite does offer plugins for docker-compose and docker, they
are not used here for a few reasons:

1. docker-compose doesn't support docker-buildkit, which we use to
   parallelize builds and cache gomod/apt dependencies, which both
   speed up the builds (~4 mins vs. ~10 mins) and improve reliability
2. The plain docker Buildkite plugin doesn't support all the parameters
   we need to configure, such as setting the ipc namespace to host for
   the snapshotter tests

Signed-off-by: Erik Sipsma sipsma@amazon.com

As of this commit, only the "firecracker-containerd-test-base" image is actually used by our CI system; the "firecracker-containerd-e2etest" and "firecracker-containerd-dev" images are not yet. However, I wanted to keep them here for a few reasons:

1. They can already provide utility by giving devs a way to quickly test changes to code (this was helpful for me while trying to get firecracker 0.15 working in the docker container)
2. They will be used in the CI system very soon to implement a test for the new event forwarder

If there are objections to this, I can remove those stages for now and add them later when I add the test for the event forwarder PR, let me know.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[sipsma]

The travis CI build failed because of commits layered on top of the first one that I'm planning on squashing into one before merging, so I don't think it's a "real" failure.

[nmeyerhans]

Why do we need btrfs-tools?

[sipsma]

Without it you get this containerd compilation error:

#19 15.06 bin/containerd
#19 16.02 # github.com/containerd/containerd/vendor/github.com/containerd/btrfs
#19 16.02 vendor/github.com/containerd/btrfs/btrfs.go:22:25: fatal error: btrfs/ioctl.h: No such file or directory
#19 16.02 #include <btrfs/ioctl.h>
#19 16.02                        ^
#19 16.02 compilation terminated.

However, I found in their docs you can use BUILDTAGS=no_btrfs, which I'll update with given that I can't envision any scenario in which we'd use their (unmodified) btrfs snapshotter (though let me know if that may not be true).

[nmeyerhans]

nit: whitespace

[sipsma]

fixed (my IDE was formatting tabs as 4 spaces)

[nmeyerhans]

I'd usually prefer curl over wget, with options such as --max-time, --retry, and --silent (maybe among others, depending on circumstances). You don't need to switch to curl, but it'd be nice make sure equivalent options are applied here (or not, if wget's defaults are reasonable).

[sipsma]

Ah good to know, I just updated to curl with those options you suggested

[nmeyerhans]

Similar comments to above about DEBIAN_FRONTEND and apt-get

[sipsma]

Done

[nmeyerhans]

nit: It's often a good idea to drop file extensions on installation. If we ever decide to rewrite this script in something other than shell, it'd be nice not to have to worry about chasing down and updating all references. (Not a big deal here, just something to consider generally.)

[sipsma]

Great point, updated

[nmeyerhans]

Am I missing something or are we not actually using this image anywhere? I understand why you might want to keep it defined in the Dockerfile, but why are we actually building it here?

[sipsma]

Mentioned this in the PR description towards the bottom, but I changed the approach here either way to make there be a "base" test image that is capable of starting a full firecracker-containerd stack and one image derived from that base that specifically starts up the naive snapshotter.

The idea is that we can add another image deriving from the base in the future that starts up the devmapper-snapshotter (and more images for whatever other permutations of our stack we want to test with).

[mxpv]

I'm not super fan of huge Dockerfile with lots of dependencies between stages as it's harder to maintain. I would rather split it on smaller files somehow. But probably this is fine for now.

[sipsma]

I'm not super fan of huge Dockerfile with lots of dependencies between stages as it's harder to maintain. I would rather split it on smaller files somehow. But probably this is fine for now.

I agree this Dockerfile is pretty much at max capacity at this point. Unfortunately, splitting it up into separate files would make it more difficult for buildkit to automatically parallelize different build stages. If we expand it in the future we can consider splitting it up into separate files and then just appending them together into a single file during docker build as a Makefile target or something like that.

[sipsma]

Combined all the fixup commits into one; there was a final fix needed which I noticed this morning after seeing a build on a fresh instance related to setting the go mod cache permissions. This is working now and both Travis+Buildkite builds are passing.

Addressed feedback, have approval from others