diff options
-rw-r--r-- | contrib/cirrus/lib.sh | 61 | ||||
-rwxr-xr-x | contrib/cirrus/runner.sh | 2 | ||||
-rwxr-xr-x | contrib/cirrus/setup_environment.sh | 58 |
3 files changed, 61 insertions, 60 deletions
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 8c86925d8..050fb16f3 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -6,25 +6,23 @@ # BEGIN Global export of all variables set -a -if [[ "$CI" == "true" ]]; then - # Due to differences across platforms and runtime execution environments, - # handling of the (otherwise) default shell setup is non-uniform. Rather - # than attempt to workaround differences, simply force-load/set required - # items every time this library is utilized. - source /etc/profile - source /etc/environment - USER="$(whoami)" - HOME="$(getent passwd $USER | cut -d : -f 6)" - # Some platforms set and make this read-only - [[ -n "$UID" ]] || \ - UID=$(getent passwd $USER | cut -d : -f 3) - GID=$(getent passwd $USER | cut -d : -f 4) -fi +# Due to differences across platforms and runtime execution environments, +# handling of the (otherwise) default shell setup is non-uniform. Rather +# than attempt to workaround differences, simply force-load/set required +# items every time this library is utilized. +source /etc/profile +source /etc/environment +if [[ -r "/etc/ci_environment" ]]; then source /etc/ci_environment; fi +USER="$(whoami)" +HOME="$(getent passwd $USER | cut -d : -f 6)" +# Some platforms set and make this read-only +[[ -n "$UID" ]] || \ + UID=$(getent passwd $USER | cut -d : -f 3) # During VM Image build, the 'containers/automation' installation -# was performed. The final step of that installation sets the -# installation location in $AUTOMATION_LIB_PATH in /etc/environment -# or in the default shell profile. +# was performed. The final step of installation sets the library +# location $AUTOMATION_LIB_PATH in /etc/environment or in the +# default shell profile depending on distribution. # shellcheck disable=SC2154 if [[ -n "$AUTOMATION_LIB_PATH" ]]; then for libname in defaults anchors console_output utils; do @@ -88,8 +86,10 @@ CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)} # must be short and uniq # The starting place for linting and code validation EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA" -# Regex of env. vars. to explicitly pass when executing tests -# inside a container or as a rootless user +# Regex defining all CI-releated env. vars. necessary for all possible +# testing operations on all platforms and versions. This is necessary +# to avoid needlessly passing through global/system values across +# contexts, such as host->container or root->rootless user PASSTHROUGH_ENV_RE='(^CI.*)|(^CIRRUS)|(^DISTRO_NV)|(^GOPATH)|(^GOCACHE)|(^GOSRC)|(^SCRIPT_BASE)|(CGROUP_MANAGER)|(OCI_RUNTIME)|(^TEST.*)|(^PODBIN_NAME)|(^PRIV_NAME)|(^ALT_NAME)|(^ROOTLESS_USER)|(SKIP_USERNS)|(.*_NAME)|(.*_FQIN)' # Unsafe env. vars for display SECRET_ENV_RE='(ACCOUNT)|(GC[EP]..+)|(SSH)|(PASSWORD)|(TOKEN)' @@ -107,10 +107,8 @@ lilto() { err_retry 8 1000 "" "$@"; } # just over 4 minutes max bigto() { err_retry 7 5670 "" "$@"; } # 12 minutes max # Print shell-escaped variable=value pairs, one per line, based on -# variable name matching a regex. This is intended to support -# passthrough of CI variables from host -> container or from root -> user. -# For all other vars. we rely on tooling to load this library from inside -# the container or as rootless user to pickup the remainder. +# variable name matching a regex. This is intended to catch +# variables being passed down from higher layers, like Cirrus-CI. passthrough_envars(){ local xchars local envname @@ -176,22 +174,7 @@ setup_rootless() { echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \ tee -a /etc/subuid >> /etc/subgid - # Env. vars set by Cirrus and setup_environment.sh must be explicitly - # transferred to the test-user. - msg "Configuring rootless user's environment variables:" - - ( - echo "# Added by ${BASH_SOURCE[0]} ${FUNCNAME[0]}()" - echo "export SETUP_ENVIRONMENT=1" - ) >> "/home/$ROOTLESS_USER/.bashrc" - - while read -r env_var_val; do - echo "export $env_var_val" >> "/home/$ROOTLESS_USER/.bashrc" - done <<<"$(passthrough_envars)" - chown $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.bashrc" - cat "/home/$ROOTLESS_USER/.bashrc" | indent 2 - - msg "Ensure the systems ssh process is up and running within 5 minutes" + msg "Ensure the ssh daemon is up and running within 5 minutes" systemctl start sshd lilto ssh $ROOTLESS_USER@localhost \ -o UserKnownHostsFile=/dev/null \ diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index b97a696d9..084b196a9 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -40,7 +40,7 @@ function _run_automation() { req_env_vars CI DEST_BRANCH IMAGE_SUFFIX TEST_FLAVOR TEST_ENVIRON \ PODBIN_NAME PRIV_NAME DISTRO_NV CONTAINER USER HOME \ - UID GID AUTOMATION_LIB_PATH SCRIPT_BASE OS_RELEASE_ID \ + UID AUTOMATION_LIB_PATH SCRIPT_BASE OS_RELEASE_ID \ OS_RELEASE_VER CG_FS_TYPE bigto ooe.sh dnf install -y ShellCheck # small/quick addition $SCRIPT_BASE/shellcheck.sh diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 0f9bf4054..a3840d7e6 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -1,5 +1,12 @@ #!/usr/bin/env bash +# This script is intended to be executed early by automation before +# performing other substantial operations. It relies heavily on +# desired setup information being passed in environment variables +# from Cirrus-CI and/or other orchestration tooling. To that end, +# VM's must always be considered single-purpose, single-use, +# disposable entities. i.e. One setup, one test, then always discarded. + set -e # shellcheck source=./contrib/cirrus/lib.sh @@ -29,6 +36,17 @@ do fi done +# Ensure that all lower-level contexts and child-processes have +# ready access to higher level orchestration (e.g Cirrus-CI) +# variables. +echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \ + > "/etc/ci_environment" +( + while read -r env_var_val; do + echo "$env_var_val" + done <<<"$(passthrough_envars)" +) >> "/etc/ci_environment" + # This is a possible manual maintenance gaff, check to be sure everything matches. # shellcheck disable=SC2154 [[ "$DISTRO_NV" == "$OS_REL_VER" ]] || \ @@ -50,9 +68,9 @@ case "$CG_FS_TYPE" in if ((CONTAINER==0)); then warn "Forcing testing with runc instead of crun" if [[ "$OS_RELEASE_ID" == "ubuntu" ]]; then - echo "export OCI_RUNTIME=/usr/lib/cri-o-runc/sbin/runc" >> /etc/environment + echo "OCI_RUNTIME=/usr/lib/cri-o-runc/sbin/runc" >> /etc/ci_environment else - echo "export OCI_RUNTIME=runc" >> /etc/environment + echo "OCI_RUNTIME=runc" >> /etc/ci_environment fi fi ;; @@ -61,7 +79,7 @@ case "$CG_FS_TYPE" in # This is necessary since we've built/installed from source, # which uses runc as the default. warn "Forcing testing with crun instead of runc" - echo "export OCI_RUNTIME=crun" >> /etc/environment + echo "OCI_RUNTIME=crun" >> /etc/ci_environment fi ;; *) die_unknown CG_FS_TYPE @@ -91,15 +109,13 @@ case "$TEST_ENVIRON" in host) if [[ "$OS_RELEASE_ID" == "fedora" ]]; then # The e2e tests wrongly guess `--cgroup-manager cgroupfs` - msg "Forcing CGROUP_MANAGER=systemd" - _cgm="export CGROUP_MANAGER=systemd" - echo "$_cgm" >> /etc/environment - source /etc/environment + warn "Forcing CGROUP_MANAGER=systemd" + echo "CGROUP_MANAGER=systemd" >> /etc/ci_environment fi ;; container) if ((CONTAINER==0)); then # not yet inside a container - msg "Force loading iptables modules" + warn "Force loading iptables modules" # Since CRIU 3.11, uses iptables to lock and unlock # the network during checkpoint and restore. Needs # the following two modules loaded on the host. @@ -107,10 +123,8 @@ case "$TEST_ENVIRON" in modprobe iptable_nat || : else # The e2e tests wrongly guess `--cgroup-manager systemd` - msg "Forcing CGROUP_MANAGER=cgroupfs" - _cgm="export CGROUP_MANAGER=cgroupfs" - echo "$_cgm" >> /etc/environment - source /etc/environment + warn "Forcing CGROUP_MANAGER=cgroupfs" + echo "CGROUP_MANAGER=cgroupfs" >> /etc/ci_environment fi ;; *) die_unknown TEST_ENVIRON @@ -123,15 +137,14 @@ case "$PRIV_NAME" in if [[ "$TEST_ENVIRON" == "container" ]] && ((container)); then # There's no practical way to detect userns w/in a container # affected/related tests are sensitive to this variable. - _suns='export SKIP_USERNS=1' - echo "$_suns" >> /etc/environment - source /etc/environment + warn "Disabling usernamespace integration testing" + echo "SKIP_USERNS=1" >> /etc/ci_environment fi ;; rootless) - _ru="export ROOTLESS_USER='${ROOTLESS_USER:-some${RANDOM}dude}'" - echo "$_ru" >> /etc/environment - source /etc/environment + # Needs to exist for setup_rootless() + ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}" + echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment setup_rootless ;; *) die_unknown PRIV_NAME @@ -186,5 +199,10 @@ case "$TEST_FLAVOR" in *) die_unknown TEST_FLAVOR esac -# Must be the very last command. Establishes successful setup. -echo 'export SETUP_ENVIRONMENT=1' >> /etc/environment +# Must be the very last command. Prevents setup from running twice. +echo 'SETUP_ENVIRONMENT=1' >> /etc/ci_environment +echo -e "\n# End of global variable definitions" \ + >> /etc/ci_environment + +msg "Global CI Environment vars.:" +cat /etc/ci_environment | sort | indent |