summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChris Evich <cevich@redhat.com>2019-02-25 11:06:29 -0500
committerChris Evich <cevich@redhat.com>2019-03-01 12:12:46 -0500
commit0666d25b4fa0477b62bc1d9b823793c830e8053a (patch)
tree4e137ff0809822e12eb768f9c1eced824a3fd4bb
parent0bf06b9e3b2af08c4cb2f4d6f6d598671f326051 (diff)
downloadpodman-0666d25b4fa0477b62bc1d9b823793c830e8053a.tar.gz
podman-0666d25b4fa0477b62bc1d9b823793c830e8053a.tar.bz2
podman-0666d25b4fa0477b62bc1d9b823793c830e8053a.zip
get_ci_vm.sh: Fix conflicting homedir files
Previously, the script would bind mount the user's home directory into the container in order to execute gcloud commands. This was done to preserve the `.config/gcloud` directory and new ssh keys in `.ssh`. However, it's possible the user has modified `.bash*` or `.ssh/config` files which do not play nicely with gcloud and/or the container. Fix this by mounting the existing temporary directory on the host, as the user's home directory. Then bind mount in a dedicated `gcloud/ssh` sub-directory, and the libpod repo directory on top. Pre-create the necessary mount-points as the user, so later removal does not require root on the host. The gcloud tool takes minutes to setup/manage its ssh-keys, so preserving that work between runs is a necessary optimization. Similarly, saving the `.gcloud` directory prevents repeatedly going through the lengthy client-auth process. Overall, these changes make the container environment much more selective with the host-side data it has access to use/modify. Preventing unrelated details from getting in the way, and preserving only the bare-minimum of details on the host, between runs. Signed-off-by: Chris Evich <cevich@redhat.com>
-rwxr-xr-xhack/get_ci_vm.sh44
1 files changed, 30 insertions, 14 deletions
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 3c2d193af..3f9a3a1bb 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -23,14 +23,15 @@ GCLOUD_SUDO=${GCLOUD_SUDO-sudo}
# Shared tmp directory between container and us
TMPDIR=$(mktemp -d --tmpdir $(basename $0)_tmpdir_XXXXXX)
-# Command shortcuts save some typing
-PGCLOUD="$GCLOUD_SUDO podman run -it --rm -e AS_ID=$UID -e AS_USER=$USER --security-opt label=disable -v /home/$USER:$HOME -v $TMPDIR:/tmp $GCLOUD_IMAGE --configuration=libpod --project=$PROJECT"
-SCP_CMD="$PGCLOUD compute scp"
-
LIBPODROOT=$(realpath "$(dirname $0)/../")
# else: Assume $PWD is the root of the libpod repository
[[ "$LIBPODROOT" != "/" ]] || LIBPODROOT=$PWD
+# Command shortcuts save some typing (asumes $LIBPODROOT is subdir of $HOME)
+PGCLOUD="$GCLOUD_SUDO podman run -it --rm -e AS_ID=$UID -e AS_USER=$USER --security-opt label=disable -v $TMPDIR:$HOME -v $HOME/.config/gcloud:$HOME/.config/gcloud -v $HOME/.config/gcloud/ssh:$HOME/.ssh -v $LIBPODROOT:$LIBPODROOT $GCLOUD_IMAGE --configuration=libpod --project=$PROJECT"
+SCP_CMD="$PGCLOUD compute scp"
+
+
showrun() {
if [[ "$1" == "--background" ]]
then
@@ -57,6 +58,7 @@ trap cleanup EXIT
delvm() {
echo -e "\n"
echo -e "\n${YEL}Offering to Delete $VMNAME ${RED}(Might take a minute or two)${NOR}"
+ echo -e "\n${YEL}Note: It's safe to answer N, then re-run script again later.${NOR}"
showrun $CLEANUP_CMD # prompts for Yes/No
cleanup
}
@@ -92,19 +94,24 @@ for k,v in env.items():
}
parse_args(){
+ echo -e "$USAGE_WARNING"
+
if [[ -z "$1" ]]
then
show_usage "Must specify at least one command-line parameter."
elif [[ "$1" == "-p" ]]
then
+ echo -e "${YEL}Hint: Use -p for package-based dependencies or -s for source-based.${NOR}"
DEPS="PACKAGE_DEPS=true SOURCE_DEPS=false"
IMAGE_NAME="$2"
elif [[ "$1" == "-s" ]]
then
+ echo -e "${RED}Using source-based dependencies.${NOR}"
DEPS="PACKAGE_DEPS=false SOURCE_DEPS=true"
IMAGE_NAME="$2"
else # no -s or -p
+ echo -e "${RED}Using package-based dependencies.${NOR}"
DEPS="$(get_env_vars)"
IMAGE_NAME="$1"
fi
@@ -119,8 +126,6 @@ parse_args(){
show_usage "This script must be run as a regular user."
fi
- echo -e "$USAGE_WARNING"
-
SETUP_CMD="env $DEPS $GOSRC/contrib/cirrus/setup_environment.sh"
VMNAME="${VMNAME:-${USER}-${IMAGE_NAME}}"
CREATE_CMD="$PGCLOUD compute instances create --zone=$ZONE --image=${IMAGE_NAME} --custom-cpu=$CPUS --custom-memory=$MEMORY --boot-disk-size=$DISK --labels=in-use-by=$USER $VMNAME"
@@ -130,8 +135,21 @@ parse_args(){
##### main
+[[ "${LIBPODROOT%%${LIBPODROOT##$HOME}}" == "$HOME" ]] || \
+ show_usage "Repo clone must be sub-dir of $HOME"
+
+cd "$LIBPODROOT"
+
parse_args $@
+# Ensure mount-points and data directories exist on host as $USER. Also prevents
+# permission-denied errors during cleanup() b/c `sudo podman` created mount-points
+# owned by root.
+mkdir -p $TMPDIR/${LIBPODROOT##$HOME}
+mkdir -p $TMPDIR/.ssh
+mkdir -p {$HOME,$TMPDIR}/.config/gcloud/ssh
+chmod 700 {$HOME,$TMPDIR}/.config/gcloud/ssh $TMPDIR/.ssh
+
cd $LIBPODROOT
# Attempt to determine if named 'libpod' gcloud configuration exists
@@ -157,10 +175,9 @@ then
fi
# Couldn't make rsync work with gcloud's ssh wrapper :(
-TARBALL_BASENAME=$VMNAME.tar.bz2
-TARBALL=/tmp/$TARBALL_BASENAME
+TARBALL=$VMNAME.tar.bz2
echo -e "\n${YEL}Packing up repository into a tarball $VMNAME.${NOR}"
-showrun --background tar cjf $TMPDIR/$TARBALL_BASENAME --warning=no-file-changed -C $LIBPODROOT .
+showrun --background tar cjf $TMPDIR/$TARBALL --warning=no-file-changed -C $LIBPODROOT .
trap delvm INT # Allow deleting VM if CTRL-C during create
# This fails if VM already exists: permit this usage to re-init
@@ -171,6 +188,7 @@ showrun $CREATE_CMD || true # allow re-running commands below when "delete: N"
trap delvm EXIT
echo -e "\n${YEL}Waiting up to 30s for ssh port to open${NOR}"
+trap 'COUNT=9999' INT
ATTEMPTS=10
for (( COUNT=1 ; COUNT <= $ATTEMPTS ; COUNT++ ))
do
@@ -195,17 +213,15 @@ showrun $SSH_CMD --command "mkdir -p $GOSRC"
echo -e "\n${YEL}Transfering tarball to $VMNAME.${NOR}"
wait
-showrun $SCP_CMD $TARBALL root@$VMNAME:$TARBALL
+showrun $SCP_CMD $HOME/$TARBALL root@$VMNAME:/tmp/$TARBALL
echo -e "\n${YEL}Unpacking tarball into $GOSRC on $VMNAME.${NOR}"
-showrun $SSH_CMD --command "tar xjf $TARBALL -C $GOSRC"
+showrun $SSH_CMD --command "tar xjf /tmp/$TARBALL -C $GOSRC"
echo -e "\n${YEL}Removing tarball on $VMNAME.${NOR}"
-showrun $SSH_CMD --command "rm -f $TARBALL"
+showrun $SSH_CMD --command "rm -f /tmp/$TARBALL"
echo -e "\n${YEL}Executing environment setup${NOR}"
-[[ "$1" == "-p" ]] && echo -e "${RED}Using package-based dependencies.${NOR}"
-[[ "$1" == "-s" ]] && echo -e "${RED}Using source-based dependencies.${NOR}"
showrun $SSH_CMD --command "$SETUP_CMD"
echo -e "\n${YEL}Connecting to $VMNAME ${RED}(option to delete VM upon logout).${NOR}\n"