diff options
author | Chris Evich <cevich@redhat.com> | 2020-04-29 13:35:50 -0400 |
---|---|---|
committer | Chris Evich <cevich@redhat.com> | 2020-04-30 13:21:03 -0400 |
commit | 7c44c05425774ea6189cf039cccdbe23e3ac0836 (patch) | |
tree | 830b2b8c96593361e3052ac5642b997ca9113742 | |
parent | fc9451ed15e3ea2fbdcd5754b367db74eec1063e (diff) | |
download | podman-7c44c05425774ea6189cf039cccdbe23e3ac0836.tar.gz podman-7c44c05425774ea6189cf039cccdbe23e3ac0836.tar.bz2 podman-7c44c05425774ea6189cf039cccdbe23e3ac0836.zip |
cirrus: Update to Fedora 32 proper
Now that it's officially released, update to it from the beta. Also
(and significant), adjust the SELinux context of the GCP metadata
service. Add a comment to the code explaining why this is necessary.
Signed-off-by: Chris Evich <cevich@redhat.com>
-rw-r--r-- | .cirrus.yml | 2 | ||||
-rw-r--r-- | contrib/cirrus/lib.sh | 2 | ||||
-rw-r--r-- | contrib/cirrus/packer/fedora_base-setup.sh | 21 | ||||
-rw-r--r-- | contrib/cirrus/packer/libpod_base_images.yml | 6 |
4 files changed, 21 insertions, 10 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 5898fa160..e48603eb4 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -39,7 +39,7 @@ env: UBUNTU_NAME: "ubuntu-19" PRIOR_UBUNTU_NAME: "ubuntu-18" - _BUILT_IMAGE_SUFFIX: "libpod-6220812239765504" + _BUILT_IMAGE_SUFFIX: "FIXME" FEDORA_CACHE_IMAGE_NAME: "${FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "${PRIOR_FEDORA_NAME}-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "${UBUNTU_NAME}-${_BUILT_IMAGE_SUFFIX}" diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index dd4f66f56..5ffa7fbc8 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -69,7 +69,7 @@ export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-32,fedora-31}" export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211" export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -export FEDORA_BASE_IMAGE="fedora-cloud-base-32-n-0-1586202964" +export FEDORA_BASE_IMAGE="FIXME" export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1586202964" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh index 29c23117f..f271abee0 100644 --- a/contrib/cirrus/packer/fedora_base-setup.sh +++ b/contrib/cirrus/packer/fedora_base-setup.sh @@ -8,16 +8,14 @@ set -e # Load in library (copied by packer, before this script was run) source $GOSRC/$SCRIPT_BASE/lib.sh -install_ooe - echo "Updating packages" -ooe.sh dnf -y update +dnf -y update echo "Installing necessary packages and google services" -ooe.sh dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool +dnf -y install rng-tools google-compute-engine-tools google-compute-engine-oslogin ethtool echo "Enabling services" -ooe.sh systemctl enable rngd +systemctl enable rngd # There is a race that can happen on boot between the GCE services configuring # the VM, and cloud-init trying to do similar activities. Use a customized @@ -25,6 +23,19 @@ ooe.sh systemctl enable rngd echo "Setting cloud-init service to start after google-network-daemon.service" cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/ +# ref: https://cloud.google.com/compute/docs/startupscript +# The mechanism used by Cirrus-CI to execute tasks on the system is through an +# "agent" process launched as a GCP startup-script (from the metadata service). +# This agent is responsible for cloning the repository and executing all task +# scripts and other operations. Therefor, on SELinux-enforcing systems, the +# service must be labeled properly to ensure it's child processes can +# run with the proper contexts. +METADATA_SERVICE_CTX=unconfined_u:unconfined_r:unconfined_t:s0 +METADATA_SERVICE_PATH=systemd/system/google-startup-scripts.service +sed -r -e \ + "s/Type=oneshot/Type=oneshot\nSELinuxContext=$METADATA_SERVICE_CTX/" \ + /lib/$METADATA_SERVICE_PATH > /etc/$METADATA_SERVICE_PATH + # Ensure there are no disruptive periodic services enabled by default in image systemd_banish diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index a66fac31c..f53bfafc5 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -17,9 +17,9 @@ variables: PRIOR_UBUNTU_BASE_IMAGE: # Latest Fedora release - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-20200406.n.0.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/32/Cloud/x86_64/images/Fedora-Cloud-32-x86_64-20200406.n.0-CHECKSUM" - FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-n-0' + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-Base-32-1.6.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/32/Cloud/x86_64/images/Fedora-Cloud-32-1.6-x86_64-CHECKSUM" + FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-32-1-6' # Prior Fedora release PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2" |