summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml72
-rwxr-xr-xAPI.md5
-rw-r--r--cmd/podman/varlink/io.podman.varlink3
-rw-r--r--contrib/cirrus/README.md8
-rwxr-xr-xcontrib/cirrus/check_image.sh13
-rwxr-xr-xcontrib/cirrus/integration_test.sh9
-rw-r--r--contrib/cirrus/lib.sh4
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh13
-rw-r--r--contrib/cirrus/packer/libpod_images.yml5
-rw-r--r--contrib/cirrus/packer/ubuntu_setup.sh6
l---------contrib/cirrus/packer/xfedora_setup.sh1
-rwxr-xr-xcontrib/cirrus/setup_environment.sh7
-rwxr-xr-xhack/get_ci_vm.sh3
-rw-r--r--libpod/events/journal_linux.go12
-rw-r--r--pkg/varlinkapi/containers.go9
15 files changed, 146 insertions, 24 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index dfcd86a5d..84b483b57 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -28,11 +28,13 @@ env:
TIMESTAMP: "awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk"
####
- #### Cache-image names to test with
+ #### Cache-image names to test with (double-quotes around names are critical)
###
- FEDORA_CACHE_IMAGE_NAME: "fedora-30-libpod-5789386598252544"
- PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5789386598252544"
- UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5789386598252544"
+ _BUILT_IMAGE_SUFFIX: "libpod-5751722641719296"
+ FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
+ PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-${_BUILT_IMAGE_SUFFIX}"
+ SPECIAL_FEDORA_CACHE_IMAGE_NAME: "xfedora-30-${_BUILT_IMAGE_SUFFIX}"
+ UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
####
#### Variables for composing new cache-images (used in PR testing) from
@@ -262,6 +264,7 @@ meta_task:
IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+ ${SPECIAL_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME}
${IMAGE_BUILDER_CACHE_IMAGE_NAME}
BUILDID: "${CIRRUS_BUILD_ID}"
@@ -404,7 +407,6 @@ special_testing_rootless_task:
env:
ADD_SECOND_PARTITION: true
SPECIALMODE: 'rootless' # See docs
-
matrix:
TEST_REMOTE_CLIENT: true
TEST_REMOTE_CLIENT: false
@@ -472,6 +474,36 @@ special_testing_cross_task:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
+special_testing_cgroupv2_task:
+
+ depends_on:
+ - "gating"
+ - "varlink_api"
+ - "vendor"
+
+ only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
+
+ gce_instance:
+ image_name: "${SPECIAL_FEDORA_CACHE_IMAGE_NAME}"
+
+ env:
+ SPECIALMODE: 'cgroupv2' # See docs
+ matrix:
+ TEST_REMOTE_CLIENT: true
+ TEST_REMOTE_CLIENT: false
+
+ timeout_in: 20m
+
+ setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
+ integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
+
+ on_failure:
+ failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
+
+ always:
+ <<: *standardlogs
+
+
# Test building of new cache-images for future PR testing, in this PR.
test_build_cache_images_task:
@@ -521,25 +553,35 @@ verify_test_built_images_task:
- "test_build_cache_images"
gce_instance:
- matrix:
- # Images are generated separately, from build_images_task (below)
- image_name: "fedora-29${BUILT_IMAGE_SUFFIX}"
- image_name: "fedora-30${BUILT_IMAGE_SUFFIX}"
- image_name: "ubuntu-18${BUILT_IMAGE_SUFFIX}"
+ # Images generated by test_build_cache_images_task (above)
+ image_name: "${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
env:
ADD_SECOND_PARTITION: true
matrix:
TEST_REMOTE_CLIENT: true
TEST_REMOTE_CLIENT: false
+ matrix:
+ # Required env. var. by check_image_script
+ PACKER_BUILDER_NAME: "fedora-29"
+ PACKER_BUILDER_NAME: "fedora-30"
+ PACKER_BUILDER_NAME: "xfedora-30"
+ PACKER_BUILDER_NAME: "ubuntu-18"
+ environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
+ # Verify expectations once per image
+ check_image_script: >-
+ [[ "$TEST_REMOTE_CLIENT" == "false" ]] || \
+ $SCRIPT_BASE/check_image.sh |& ${TIMESTAMP}
# Note: A truncated form of normal testing. It only needs to confirm new images
# "probably" work. A full round of testing will happen again after $*_CACHE_IMAGE_NAME
# are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***').
- environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
- check_image_script: '$SCRIPT_BASE/check_image.sh'
- integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
- system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}'
+ integration_test_script: >-
+ [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
+ $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}
+ system_test_script: >-
+ [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
+ $SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}
always:
<<: *standardlogs
@@ -564,6 +606,7 @@ success_task:
- "testing_crun"
- "special_testing_rootless"
- "special_testing_in_podman"
+ - "special_testing_cgroupv2"
- "special_testing_cross"
- "test_build_cache_images"
- "verify_test_built_images"
@@ -603,6 +646,7 @@ release_task:
- "testing_crun"
- "special_testing_rootless"
- "special_testing_in_podman"
+ - "special_testing_cgroupv2"
- "special_testing_cross"
- "test_build_cache_images"
- "verify_test_built_images"
diff --git a/API.md b/API.md
index d468ba53d..336902616 100755
--- a/API.md
+++ b/API.md
@@ -265,6 +265,8 @@ in the [API.md](https://github.com/containers/libpod/blob/master/API.md) file in
[error ErrCtrStopped](#ErrCtrStopped)
+[error ErrRequiresCgroupsV2ForRootless](#ErrRequiresCgroupsV2ForRootless)
+
[error ErrorOccurred](#ErrorOccurred)
[error ImageNotFound](#ImageNotFound)
@@ -2006,6 +2008,9 @@ ContainerNotFound means the container could not be found by the provided name or
### <a name="ErrCtrStopped"></a>type ErrCtrStopped
Container is already stopped
+### <a name="ErrRequiresCgroupsV2ForRootless"></a>type ErrRequiresCgroupsV2ForRootless
+
+This function requires CGroupsV2 to run in rootless mode.
### <a name="ErrorOccurred"></a>type ErrorOccurred
ErrorOccurred is a generic error for an error that occurs during the execution. The actual error message
diff --git a/cmd/podman/varlink/io.podman.varlink b/cmd/podman/varlink/io.podman.varlink
index b867dccc1..4a4c97e99 100644
--- a/cmd/podman/varlink/io.podman.varlink
+++ b/cmd/podman/varlink/io.podman.varlink
@@ -1277,3 +1277,6 @@ error WantsMoreRequired (reason: string)
# Container is already stopped
error ErrCtrStopped (id: string)
+
+# This function requires CGroupsV2 to run in rootless mode.
+error ErrRequiresCgroupsV2ForRootless(reason: string) \ No newline at end of file
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md
index 18ef3e7f7..ada362d95 100644
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@@ -69,6 +69,13 @@ Confirm that cross-compile of podman-remote functions for both `windows`
and `darwin` targets.
+### ``special_testing_cgroupv2`` Task
+
+Use the latest Fedora release with the required kernel options pre-set for
+exercising cgroups v2 with podman integration tests. Also depends on
+having `SPECIALMODE` set to 'cgroupv2`
+
+
### ``test_build_cache_images_task`` Task
Modifying the contents of cache-images is tested by making changes to
@@ -266,5 +273,6 @@ values follows:
and utilized for testing.
* `in_podman`: Causes testing to occur within a container executed by
podman on the host.
+* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
* `windows`: See **darwin**
* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.
diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh
index 8a9fbae1d..c8e8c4c63 100755
--- a/contrib/cirrus/check_image.sh
+++ b/contrib/cirrus/check_image.sh
@@ -4,6 +4,8 @@ set -eo pipefail
source $(dirname $0)/lib.sh
+req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID
+
NFAILS=0
echo "Validating VM image"
@@ -49,5 +51,16 @@ then
item_test "On ubuntu /usr/bin/runc is /usr/lib/cri-o-runc/sbin/runc" "$SAMESAME" -eq "0" || let "NFAILS+=1"
fi
+echo "Checking items specific to ${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
+case "$PACKER_BUILDER_NAME" in
+ xfedora*)
+ echo "Kernel Command-line: $(cat /proc/cmdline)"
+ item_test \
+ "On ${PACKER_BUILDER_NAME} images, the /sys/fs/cgroup/unified directory does NOT exist" \
+ "!" "-d" "/sys/fs/cgroup/unified" || let "NFAILS+=1"
+ ;;
+ *) echo "No vm-image specific items to check"
+esac
+
echo "Total failed tests: $NFAILS"
exit $NFAILS
diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index cfaf33b85..8a43176e4 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -36,6 +36,13 @@ case "$SPECIALMODE" in
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
-o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
;;
+ cgroupv2)
+ make
+ make install PREFIX=/usr ETCDIR=/etc
+ make test-binaries
+ echo "WARNING: Integration tests not yet ready for cgroups V2"
+ #TODO: make local${TESTSUITE}
+ ;;
none)
make
make install PREFIX=/usr ETCDIR=/etc
@@ -52,5 +59,5 @@ case "$SPECIALMODE" in
warn '' "No $SPECIALMODE remote client integration tests configured"
;;
*)
- die 110 "Unsupported \$SPECIAL_MODE: $SPECIALMODE"
+ die 110 "Unsupported \$SPECIALMODE: $SPECIALMODE"
esac
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index ffb7cd45b..a20ee5a62 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -55,9 +55,9 @@ PACKER_VER="1.3.5"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
# Base-images rarely change, define them here so they're out of the way.
-export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}"
+export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,xfedora-30,fedora-29}"
# Google-maintained base-image names
-export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a"
+export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md)
export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849"
export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849"
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index e9b145391..f73df4182 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -8,7 +8,7 @@ set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
-req_env_var SCRIPT_BASE
+req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC
install_ooe
@@ -85,6 +85,17 @@ systemd_banish
sudo /tmp/libpod/hack/install_catatonit.sh
+# Same script is used for several related contexts
+case "$PACKER_BUILDER_NAME" in
+ xfedora*)
+ echo "Configuring CGroups v2 enabled on next boot"
+ sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
+ ;& # continue to next matching item
+ *)
+ echo "Finalizing $PACKER_BUILDER_NAME VM image"
+ ;;
+esac
+
rh_finalize
echo "SUCCESS!"
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index 2e2b21426..cae5d4138 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -48,6 +48,10 @@ builders:
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
- <<: *gce_hosted_image
+ name: 'xfedora-30'
+ source_image: '{{user `FEDORA_BASE_IMAGE`}}'
+
+ - <<: *gce_hosted_image
name: 'fedora-29'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
@@ -60,6 +64,7 @@ provisioners:
- type: 'shell'
script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh'
environment_vars:
+ - 'PACKER_BUILDER_NAME={{build_name}}'
- 'GOSRC=/tmp/libpod'
- 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index dba191ad2..4b50d6dc3 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -15,6 +15,9 @@ install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
+
echo "Updating/configuring package repositories."
$LILTO $SUDOAPTGET update
$LILTO $SUDOAPTGET install software-properties-common
@@ -100,9 +103,6 @@ ooe.sh sudo update-grub
sudo /tmp/libpod/hack/install_catatonit.sh
ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
-
ubuntu_finalize
echo "SUCCESS!"
diff --git a/contrib/cirrus/packer/xfedora_setup.sh b/contrib/cirrus/packer/xfedora_setup.sh
new file mode 120000
index 000000000..5e9f1ec77
--- /dev/null
+++ b/contrib/cirrus/packer/xfedora_setup.sh
@@ -0,0 +1 @@
+fedora_setup.sh \ No newline at end of file
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index ab7279b11..03acaf1da 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -67,9 +67,12 @@ install_test_configs
make install.tools
case "$SPECIALMODE" in
- none)
+ cgroupv2)
remove_packaged_podman_files # we're building from source
;;
+ none)
+ remove_packaged_podman_files
+ ;;
rootless)
# Only do this once, even if ROOTLESS_USER (somehow) changes
if ! grep -q 'ROOTLESS_USER' /etc/environment
@@ -90,5 +93,5 @@ case "$SPECIALMODE" in
windows) ;& # for podman-remote building only
darwin) ;;
*)
- die 111 "Unsupported \$SPECIAL_MODE: $SPECIALMODE"
+ die 111 "Unsupported \$SPECIALMODE: $SPECIALMODE"
esac
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index 90e3aea8e..e1588d570 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -68,9 +68,10 @@ delvm() {
}
image_hints() {
+ _BIS=$(egrep -m 1 '_BUILT_IMAGE_SUFFIX:[[:space:]+"[[:print:]]+"' "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]')
egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \
"$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \
- grep -v 'notready' | sort -u
+ sed -r -e "s/\\\$[{]_BUILT_IMAGE_SUFFIX[}]/$_BIS/" | sort -u
}
show_usage() {
diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
index 7d195dc79..3bc3f6de7 100644
--- a/libpod/events/journal_linux.go
+++ b/libpod/events/journal_linux.go
@@ -4,6 +4,7 @@ package events
import (
"fmt"
+ "strconv"
"time"
"github.com/coreos/go-systemd/journal"
@@ -42,6 +43,9 @@ func (e EventJournalD) Write(ee Event) error {
m["PODMAN_IMAGE"] = ee.Image
m["PODMAN_NAME"] = ee.Name
m["PODMAN_ID"] = ee.ID
+ if ee.ContainerExitCode != 0 {
+ m["PODMAN_EXIT_CODE"] = strconv.Itoa(ee.ContainerExitCode)
+ }
case Volume:
m["PODMAN_NAME"] = ee.Name
}
@@ -150,6 +154,14 @@ func newEventFromJournalEntry(entry *sdjournal.JournalEntry) (*Event, error) { /
case Container, Pod:
newEvent.ID = entry.Fields["PODMAN_ID"]
newEvent.Image = entry.Fields["PODMAN_IMAGE"]
+ if code, ok := entry.Fields["PODMAN_EXIT_CODE"]; ok {
+ intCode, err := strconv.Atoi(code)
+ if err != nil {
+ logrus.Errorf("Error parsing event exit code %s", code)
+ } else {
+ newEvent.ContainerExitCode = intCode
+ }
+ }
case Image:
newEvent.ID = entry.Fields["PODMAN_ID"]
}
diff --git a/pkg/varlinkapi/containers.go b/pkg/varlinkapi/containers.go
index bb66ff962..c7aa5233f 100644
--- a/pkg/varlinkapi/containers.go
+++ b/pkg/varlinkapi/containers.go
@@ -19,6 +19,8 @@ import (
"github.com/containers/libpod/libpod/define"
"github.com/containers/libpod/libpod/logs"
"github.com/containers/libpod/pkg/adapter/shortcuts"
+ "github.com/containers/libpod/pkg/cgroups"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/varlinkapi/virtwriter"
"github.com/containers/storage/pkg/archive"
"github.com/pkg/errors"
@@ -317,6 +319,13 @@ func (i *LibpodAPI) ExportContainer(call iopodman.VarlinkCall, name, outPath str
// GetContainerStats ...
func (i *LibpodAPI) GetContainerStats(call iopodman.VarlinkCall, name string) error {
+ cgroupv2, err := cgroups.IsCgroup2UnifiedMode()
+ if err != nil {
+ return call.ReplyErrorOccurred(err.Error())
+ }
+ if rootless.IsRootless() && !cgroupv2 {
+ return call.ReplyErrRequiresCgroupsV2ForRootless("rootless containers cannot report container stats")
+ }
ctr, err := i.Runtime.LookupContainer(name)
if err != nil {
return call.ReplyContainerNotFound(name, err.Error())