[no-relnote] implement a nestedContainerRunner for E2E test suite

ArangoGutierrez · ArangoGutierrez · commit bb0b341e09cb · 2025-09-25T09:13:33.000+02:00
Signed-off-by: Carlos Eduardo Arango Gutierrez &lt;eduardoa@nvidia.com&gt;
diff --git a/tests/e2e/nvidia-container-cli_test.go b/tests/e2e/nvidia-container-cli_test.go
@@ -20,58 +20,12 @@ import (
 	"context"
 	"fmt"
 	"strings"
-	"text/template"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
 const (
-	installDockerTemplate = `
-export DEBIAN_FRONTEND=noninteractive
-
-# Add Docker official GPG key:
-apt-get update
-apt-get install -y ca-certificates curl apt-utils gnupg2
-install -m 0755 -d /etc/apt/keyrings
-curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
-chmod a+r /etc/apt/keyrings/docker.asc
-
-# Add the repository to Apt sources:
-echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"${UBUNTU_CODENAME:-$VERSION_CODENAME}\") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
-apt-get update
-
-apt-get install -y docker-ce docker-ce-cli containerd.io
-
-# start dockerd in the background
-dockerd &
-
-# wait for dockerd to be ready with timeout
-timeout=30
-elapsed=0
-while ! docker info > /dev/null 2>&1 && [ $elapsed -lt $timeout ]; do
-    echo "Waiting for dockerd to be ready..."
-    sleep 1
-    elapsed=$((elapsed + 1))
-done
-if [ $elapsed -ge $timeout ]; then
-    echo "Docker failed to start within $timeout seconds"
-    exit 1
-fi
-`
-	installCTKTemplate = `
-# Create a temporary directory and rootfs path
-TMPDIR="$(mktemp -d)"
-
-# Expose TMPDIR for the child namespace
-export TMPDIR
-
-docker run --rm -v ${TMPDIR}:/host-tmpdir --entrypoint="sh" {{.ToolkitImage}}-packaging -c "cp -p -R /artifacts/* /host-tmpdir/"
-dpkg -i ${TMPDIR}/packages/ubuntu18.04/amd64/libnvidia-container1_*_amd64.deb ${TMPDIR}/packages/ubuntu18.04/amd64/nvidia-container-toolkit-base_*_amd64.deb ${TMPDIR}/packages/ubuntu18.04/amd64/libnvidia-container-tools_*_amd64.deb
-
-nvidia-container-cli --version
-`
-
 	libnvidiaContainerCliTestTemplate = `
 # Create a temporary directory and rootfs path
 TMPDIR="$(mktemp -d)"
@@ -113,22 +67,14 @@ unshare --mount --pid --fork --propagation private -- sh -eux <<'\''IN_NS'\''
 
 IN_NS
 `
-
-	startTestContainerTemplate = `docker run -d --name {{.ContainerName}} --privileged --runtime=nvidia \
-    -e NVIDIA_VISIBLE_DEVICES=runtime.nvidia.com/gpu=all \
-    -e NVIDIA_DRIVER_CAPABILITIES=all \
-	{{ range $i, $a := .AdditionalArguments -}}
-	{{ $a }} \
-	{{ end -}}
-	ubuntu sleep infinity`
 )
 
 var _ = Describe("nvidia-container-cli", Ordered, ContinueOnFailure, Label("libnvidia-container"), func() {
 	var (
-		runner                       Runner
-		containerName                = "node-container-e2e"
-		hostOutput                   string
-		additionalContainerArguments []string
+		runner                Runner
+		nestedContainerRunner Runner
+		containerName         = "node-container-e2e"
+		hostOutput            string
 	)
 
 	BeforeAll(func(ctx context.Context) {
@@ -139,44 +85,16 @@ var _ = Describe("nvidia-container-cli", Ordered, ContinueOnFailure, Label("libn
 			WithSshUser(sshUser),
 		)
 
-		if installCTK {
-			installer, err := NewToolkitInstaller(
-				WithRunner(runner),
-				WithImage(imageName+":"+imageTag),
-				WithTemplate(dockerInstallTemplate),
-			)
-			Expect(err).ToNot(HaveOccurred())
-
-			err = installer.Install()
-			Expect(err).ToNot(HaveOccurred())
-		} else {
-			// If installCTK is false, we use the preinstalled toolkit.
-			// TODO: This should be updated for other distributions and other components of the toolkit.
-			output, _, err := runner.Run("ls /lib/**/libnvidia-container*.so.*.*")
-			Expect(err).ToNot(HaveOccurred())
-
-			output = strings.TrimSpace(output)
-			Expect(output).ToNot(BeEmpty())
-
-			for _, lib := range strings.Split(output, "\n") {
-				additionalContainerArguments = append(additionalContainerArguments, "-v "+lib+":"+lib)
-			}
-			additionalContainerArguments = append(additionalContainerArguments,
-				"-v /usr/bin/nvidia-container-cli:/usr/bin/nvidia-container-cli",
-			)
-		}
+		var err error
+		nestedContainerRunner, err = NewNestedContainerRunner(runner, installCTK, imageName+":"+imageTag, containerName)
+		Expect(err).ToNot(HaveOccurred())
 
 		// Capture the host GPU list.
-		var err error
 		hostOutput, _, err = runner.Run("nvidia-smi -L")
 		Expect(err).ToNot(HaveOccurred())
 
 		// Normalize the output once
 		hostOutput = strings.TrimSpace(strings.ReplaceAll(hostOutput, "\r", ""))
-
-		// If a container with the same name exists from a previous test run, remove it first.
-		// Ignore errors as container might not exist
-		runner.Run(fmt.Sprintf("docker rm -f %s 2>/dev/null || true", containerName)) //nolint:errcheck
 	})
 
 	AfterAll(func(ctx context.Context) {
@@ -186,47 +104,8 @@ var _ = Describe("nvidia-container-cli", Ordered, ContinueOnFailure, Label("libn
 	})
 
 	It("should report the same GPUs inside the container as on the host", func(ctx context.Context) {
-		// Launch the container in detached mode.
-		var startContainerScriptBuilder strings.Builder
-		startContainerTemplate, err := template.New("startContainer").Parse(startTestContainerTemplate)
-		Expect(err).ToNot(HaveOccurred())
-		err = startContainerTemplate.Execute(&startContainerScriptBuilder, struct {
-			ContainerName       string
-			AdditionalArguments []string
-		}{
-			ContainerName:       containerName,
-			AdditionalArguments: additionalContainerArguments,
-		})
-		Expect(err).ToNot(HaveOccurred())
-
-		startContainerScript := startContainerScriptBuilder.String()
-		GinkgoLogr.Info("Starting test container", "script", startContainerScript)
-		_, _, err = runner.Run(startContainerScript)
-		Expect(err).ToNot(HaveOccurred())
-
-		// Install docker in the container.
-		_, _, err = runner.Run(fmt.Sprintf("docker exec -u root "+containerName+" bash -c '%s'", installDockerTemplate))
-		Expect(err).ToNot(HaveOccurred())
-
-		if installCTK {
-			// Install nvidia-container-cli in the container.
-			tmpl, err := template.New("toolkitInstall").Parse(installCTKTemplate)
-			Expect(err).ToNot(HaveOccurred())
-
-			var toolkitInstall strings.Builder
-			err = tmpl.Execute(&toolkitInstall, struct {
-				ToolkitImage string
-			}{
-				ToolkitImage: imageName + ":" + imageTag,
-			})
-			Expect(err).ToNot(HaveOccurred())
-
-			_, _, err = runner.Run(fmt.Sprintf("docker exec -u root "+containerName+" bash -c '%s'", toolkitInstall.String()))
-			Expect(err).ToNot(HaveOccurred())
-		}
-
 		// Run the test script in the container.
-		output, _, err := runner.Run(fmt.Sprintf("docker exec -u root "+containerName+" bash -c '%s'", libnvidiaContainerCliTestTemplate))
+		output, _, err := nestedContainerRunner.Run(libnvidiaContainerCliTestTemplate)
 		Expect(err).ToNot(HaveOccurred())
 		Expect(strings.TrimSpace(output)).ToNot(BeEmpty())
 		Expect(hostOutput).To(ContainSubstring(strings.TrimSpace(output)))
diff --git a/tests/e2e/runner.go b/tests/e2e/runner.go
@@ -21,11 +21,69 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
+	"strings"
+	"text/template"
 	"time"
 
 	"golang.org/x/crypto/ssh"
 )
 
+const (
+	startTestContainerTemplate = `docker run -d --name {{.ContainerName}} --privileged --runtime=nvidia \
+    -e NVIDIA_VISIBLE_DEVICES=runtime.nvidia.com/gpu=all \
+    -e NVIDIA_DRIVER_CAPABILITIES=all \
+	{{ range $i, $a := .AdditionalArguments -}}
+	{{ $a }} \
+	{{ end -}}
+	ubuntu sleep infinity`
+
+	installDockerTemplate = `
+	export DEBIAN_FRONTEND=noninteractive
+	
+	# Add Docker official GPG key:
+	apt-get update
+	apt-get install -y ca-certificates curl apt-utils gnupg2
+	install -m 0755 -d /etc/apt/keyrings
+	curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+	chmod a+r /etc/apt/keyrings/docker.asc
+	
+	# Add the repository to Apt sources:
+	echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo \"${UBUNTU_CODENAME:-$VERSION_CODENAME}\") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+	apt-get update
+	
+	apt-get install -y docker-ce docker-ce-cli containerd.io
+	
+	# start dockerd in the background
+	dockerd &
+	
+	# wait for dockerd to be ready with timeout
+	timeout=30
+	elapsed=0
+	while ! docker info > /dev/null 2>&1 && [ $elapsed -lt $timeout ]; do
+		echo "Waiting for dockerd to be ready..."
+		sleep 1
+		elapsed=$((elapsed + 1))
+	done
+	if [ $elapsed -ge $timeout ]; then
+		echo "Docker failed to start within $timeout seconds"
+		exit 1
+	fi
+	`
+
+	installCTKTemplate = `
+	# Create a temporary directory and rootfs path
+	TMPDIR="$(mktemp -d)"
+	
+	# Expose TMPDIR for the child namespace
+	export TMPDIR
+	
+	docker run --rm -v ${TMPDIR}:/host-tmpdir --entrypoint="sh" {{.ToolkitImage}}-packaging -c "cp -p -R /artifacts/* /host-tmpdir/"
+	dpkg -i ${TMPDIR}/packages/ubuntu18.04/amd64/libnvidia-container1_*_amd64.deb ${TMPDIR}/packages/ubuntu18.04/amd64/nvidia-container-toolkit-base_*_amd64.deb ${TMPDIR}/packages/ubuntu18.04/amd64/libnvidia-container-tools_*_amd64.deb
+
+	nvidia-ctk --version
+	`
+)
+
 type localRunner struct{}
 type remoteRunner struct {
 	sshKey  string
@@ -34,7 +92,13 @@ type remoteRunner struct {
 	port    string
 }
 
+type nestedContainerRunner struct {
+	runner        Runner
+	containerName string
+}
+
 type runnerOption func(*remoteRunner)
+type nestedContainerOption func(*nestedContainerRunner)
 
 type Runner interface {
 	Run(script string) (string, string, error)
@@ -79,6 +143,112 @@ func NewRunner(opts ...runnerOption) Runner {
 	return r
 }
 
+// NewNestedContainerRunner creates a new nested container runner.
+// A nested container runs a container inside another container based on a
+// given runner (remote or local).
+func NewNestedContainerRunner(runner Runner, installCTK bool, image string, containerName string, opts ...nestedContainerOption) (Runner, error) {
+	additionalContainerArguments := []string{}
+
+	// If a container with the same name exists from a previous test run, remove it first.
+	// Ignore errors as container might not exist
+	_, _, err := runner.Run(fmt.Sprintf("docker rm -f %s 2>/dev/null || true", containerName)) //nolint:errcheck
+	if err != nil {
+		return nil, fmt.Errorf("failed to remove container: %w", err)
+	}
+
+	if installCTK {
+		installer, err := NewToolkitInstaller(
+			WithRunner(runner),
+			WithImage(image),
+			WithTemplate(dockerInstallTemplate),
+		)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create toolkit installer: %w", err)
+		}
+
+		err = installer.Install()
+		if err != nil {
+			return nil, fmt.Errorf("failed to install toolkit: %w", err)
+		}
+	} else {
+		// If installCTK is false, we use the preinstalled toolkit.
+		// TODO: This should be updated for other distributions and other components of the toolkit.
+		output, _, err := runner.Run("ls /lib/**/libnvidia-container*.so.*.*")
+		if err != nil {
+			return nil, fmt.Errorf("failed to list toolkit libraries: %w", err)
+		}
+
+		output = strings.TrimSpace(output)
+		if output == "" {
+			return nil, fmt.Errorf("no toolkit libraries found") //nolint:goerr113
+		}
+
+		for _, lib := range strings.Split(output, "\n") {
+			additionalContainerArguments = append(additionalContainerArguments, "-v "+lib+":"+lib)
+		}
+		additionalContainerArguments = append(additionalContainerArguments, "-v /usr/bin/nvidia-container-cli:/usr/bin/nvidia-container-cli")
+	}
+
+	// Launch the container in detached mode.
+	var startContainerScriptBuilder strings.Builder
+	startContainerTemplate, err := template.New("startContainer").Parse(startTestContainerTemplate)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse start container template: %w", err)
+	}
+	err = startContainerTemplate.Execute(&startContainerScriptBuilder, struct {
+		ContainerName       string
+		AdditionalArguments []string
+	}{
+		ContainerName:       containerName,
+		AdditionalArguments: additionalContainerArguments,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute start container template: %w", err)
+	}
+
+	startContainerScript := startContainerScriptBuilder.String()
+	_, _, err = runner.Run(startContainerScript)
+	if err != nil {
+		return nil, fmt.Errorf("failed to run start container script: %w", err)
+	}
+
+	// install docker in the nested container
+	_, _, err = runner.Run(fmt.Sprintf("docker exec -u root "+containerName+" bash -c '%s'", installDockerTemplate))
+	if err != nil {
+		return nil, fmt.Errorf("failed to install docker: %w", err)
+	}
+
+	if installCTK {
+		// Install nvidia-container-cli in the container.
+		tmpl, err := template.New("toolkitInstall").Parse(installCTKTemplate)
+		if err != nil {
+			return nil, fmt.Errorf("failed to parse installCTK template: %w", err)
+		}
+
+		var toolkitInstall strings.Builder
+		err = tmpl.Execute(&toolkitInstall, struct {
+			ToolkitImage string
+		}{
+			ToolkitImage: image,
+		})
+		if err != nil {
+			return nil, fmt.Errorf("failed to execute installCTK template: %w", err)
+		}
+
+		_, _, err = runner.Run(fmt.Sprintf("docker exec -u root "+containerName+" bash -c '%s'", toolkitInstall.String()))
+		if err != nil {
+			return nil, fmt.Errorf("failed to install nvidia-container-cli: %w", err)
+		}
+	}
+
+	nc := &nestedContainerRunner{
+		runner:        runner,
+		containerName: containerName,
+	}
+
+	return nc, nil
+}
+
 func (l localRunner) Run(script string) (string, string, error) {
 	// Create a command to run the script using bash
 	cmd := exec.Command("bash", "-c", script)
@@ -131,6 +301,10 @@ func (r remoteRunner) Run(script string) (string, string, error) {
 	return stdout.String(), "", nil
 }
 
+func (r nestedContainerRunner) Run(script string) (string, string, error) {
+	return r.runner.Run(fmt.Sprintf("docker exec -u root "+r.containerName+" bash -c '%s'", script))
+}
+
 // createSshClient creates a ssh client, and retries if it fails to connect
 func connectOrDie(sshKey, sshUser, host, port string) (*ssh.Client, error) {
 	var client *ssh.Client
