summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.cirrus.yml17
-rw-r--r--Makefile1
-rwxr-xr-xcontrib/cirrus/build_vm_images.sh22
-rw-r--r--contrib/cirrus/packer/Makefile12
-rw-r--r--contrib/cirrus/packer/centos_setup.sh1
-rw-r--r--contrib/cirrus/packer/image-builder-image_base-setup.sh3
-rw-r--r--contrib/cirrus/packer/libpod_base_images.yml8
-rw-r--r--contrib/cirrus/packer/libpod_images.yml13
-rw-r--r--contrib/cirrus/packer/rhel_base-setup.sh34
-rw-r--r--contrib/cirrus/packer/rhel_setup.sh3
10 files changed, 86 insertions, 28 deletions
diff --git a/.cirrus.yml b/.cirrus.yml
index d3a9eea40..0efe73802 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -31,7 +31,7 @@ env:
PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-7f4cd1f7"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-7f4cd1f7"
# RHEL_CACHE_IMAGE_NAME: "rhel-8-notready"
- # PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-7f4cd1f7"
+ PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-7f4cd1f7"
# CENTOS_CACHE_IMAGE_NAME: "centos-7-notready"
####
@@ -45,9 +45,9 @@ env:
CRIU_COMMIT: "c74b83cd49c00589c0c0468ba5fe685b67fdbd0a"
RUNC_COMMIT: "25f3f893c86d07426df93b7aa172f33fdf093fbd"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
- PACKER_BUILDS: "ubuntu-18,fedora-29,fedora-28" # TODO: fah-29,rhel-7,centos-7
+ PACKER_BUILDS: "ubuntu-18,fedora-29,fedora-28,rhel-7" # TODO: rhel-8,centos-7
# Version of packer to use
- PACKER_VER: "1.3.1"
+ PACKER_VER: "1.3.2"
# Special image w/ nested-libvirt + tools for creating new cache and base images
IMAGE_BUILDER_CACHE_IMAGE_NAME: "image-builder-image-1541772081"
# Google-maintained base-image names
@@ -58,7 +58,7 @@ env:
PRIOR_FEDORA_BASE_IMAGE: "fedora-cloud-base-28-1-1-1544474897"
FAH_BASE_IMAGE: "fedora-atomichost-29-20181025-1-1541787861"
# RHEL image must be imported, google bills extra for their native image.
- RHEL_BASE_IMAGE: "rhel-guest-image-7-6-210-x86-64-qcow2-1541783972"
+ RHEL_BASE_IMAGE: "rhel-guest-image-7-6-210-x86-64-qcow2-1548099756"
####
#### Credentials and other secret-sauces, decrypted at runtime when authorized.
@@ -134,6 +134,7 @@ build_each_commit_task:
- git fetch --depth $CIRRUS_CLONE_DEPTH origin $CIRRUS_BASE_BRANCH
- env GOPATH=/var/tmp/go/ make build-all-new-commits GIT_BASE_BRANCH=origin/$CIRRUS_BASE_BRANCH
+
# This task does the unit and integration testing for every platform
testing_task:
@@ -154,10 +155,10 @@ testing_task:
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
+ image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}"
# TODO: tests fail
- # image_name: "${RHEL_CACHE_IMAGE_NAME}
- # image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}
+ # image_name: "${RHEL_CACHE_IMAGE_NAME}"
# image_name: "${CENTOS_CACHE_IMAGE_NAME}"
timeout_in: 120m
@@ -191,9 +192,9 @@ optional_testing_task:
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
+ image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}"
# TODO: Make these work (also build_images_task below)
- # image_name: "${RHEL_CACHE_IMAGE_NAME}
- # image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}
+ # image_name: "${RHEL_CACHE_IMAGE_NAME}"
# image_name: "${CENTOS_CACHE_IMAGE_NAME}"
timeout_in: 60m
diff --git a/Makefile b/Makefile
index f0f6a1fab..b68b8adbe 100644
--- a/Makefile
+++ b/Makefile
@@ -224,6 +224,7 @@ install: .gopathok install.bin install.man install.cni install.systemd
install.bin:
install ${SELINUXOPT} -d -m 755 $(BINDIR)
install ${SELINUXOPT} -m 755 bin/podman $(BINDIR)/podman
+ test -z "${SELINUXOPT}" || chcon --verbose --reference=$(BINDIR)/podman bin/podman
install.man: docs
install ${SELINUXOPT} -d -m 755 $(MANDIR)/man1
diff --git a/contrib/cirrus/build_vm_images.sh b/contrib/cirrus/build_vm_images.sh
index ee45b1ead..6b86aa4d4 100755
--- a/contrib/cirrus/build_vm_images.sh
+++ b/contrib/cirrus/build_vm_images.sh
@@ -42,15 +42,33 @@ then
fi
fi
-set -x
-
cd "$GOSRC/$PACKER_BASE"
+
+# Separate PR-produced images from those produced on master.
+if [[ "${CIRRUS_BRANCH:-}" == "master" ]]
+then
+ POST_MERGE_BUCKET_SUFFIX="-master"
+else
+ POST_MERGE_BUCKET_SUFFIX=""
+fi
+
make libpod_images \
PACKER_BUILDS=$PACKER_BUILDS \
PACKER_VER=$PACKER_VER \
GOSRC=$GOSRC \
SCRIPT_BASE=$SCRIPT_BASE \
PACKER_BASE=$PACKER_BASE \
+ POST_MERGE_BUCKET_SUFFIX=$POST_MERGE_BUCKET_SUFFIX \
BUILT_IMAGE_SUFFIX=$BUILT_IMAGE_SUFFIX
record_timestamp "cache-image build end"
+
+# When successful, upload manifest of produced images using a filename unique
+# to this build.
+URI="gs://packer-import${POST_MERGE_BUCKET_SUFFIX}/manifest${BUILT_IMAGE_SUFFIX}.json"
+gsutil cp packer-manifest.json "$URI"
+
+echo "Finished."
+echo "Any tarball URI's referenced above at at $URI"
+echo "may be used to create VM images suitable for use in"
+echo ".cirrus.yml as values for the 'image_name' keys."
diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index 9bf27373e..0a783e979 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -3,7 +3,7 @@
# builder name(s) from applicable YAML file,
# e.g for names see libpod_images.yml
-PACKER_VER ?= 1.3.1
+PACKER_VER ?= 1.3.2
PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_amd64.zip
# Only needed for libpod_base_images target
@@ -11,6 +11,7 @@ TIMESTAMP := $(shell date +%s)
GOSRC ?= $(shell realpath "./../../../")
PACKER_BASE ?= contrib/cirrus/packer
SCRIPT_BASE ?= contrib/cirrus
+POST_MERGE_BUCKET_SUFFIX ?=
# For debugging nested-virt, use
#TTYDEV := $(shell tty)
@@ -50,10 +51,6 @@ endif
-var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \
libpod_images.json
- @echo ""
- @echo "Finished. The images mentioned above, and in packer-manifest.json"
- @echo "can be used in .cirrus.yml as values for the 'image_name' keys"
- @echo ""
cidata.ssh:
ssh-keygen -f $@ -P "" -q
@@ -100,9 +97,6 @@ endif
-var RHEL_IMAGE_FILE=$(RHEL_IMAGE_FILE) \
-var RHEL_CSUM_FILE=$(RHEL_CSUM_FILE) \
-var 'RHSM_COMMAND=$(RHSM_COMMAND)' \
+ -var POST_MERGE_BUCKET_SUFFIX=$(POST_MERGE_BUCKET_SUFFIX) \
-only $(PACKER_BUILDS) \
libpod_base_images.json
- @echo ""
- @echo "Finished. The images mentioned above, and in packer-manifest.json"
- @echo "can be used in .cirrus.yml as values for the *_BASE_IMAGE keys."
- @echo ""
diff --git a/contrib/cirrus/packer/centos_setup.sh b/contrib/cirrus/packer/centos_setup.sh
index a13050569..923f2563b 100644
--- a/contrib/cirrus/packer/centos_setup.sh
+++ b/contrib/cirrus/packer/centos_setup.sh
@@ -25,6 +25,7 @@ ooe.sh sudo yum -y update
ooe.sh sudo yum -y install centos-release-scl epel-release
ooe.sh sudo yum -y install \
+ PyYAML \
atomic-registries \
btrfs-progs-devel \
bzip2 \
diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh
index b8e2824a7..8cf9fd8ab 100644
--- a/contrib/cirrus/packer/image-builder-image_base-setup.sh
+++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh
@@ -45,10 +45,13 @@ ooe.sh sudo yum -y install \
qemu-kvm-tools \
qemu-user \
rsync \
+ rng-tools \
unzip \
util-linux \
vim
+sudo systemctl enable rngd
+
sudo ln -s /usr/libexec/qemu-kvm /usr/bin/
sudo tee /etc/modprobe.d/kvm-nested.conf <<EOF
diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml
index 109b9b8d5..bf568b40e 100644
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@@ -105,7 +105,7 @@ builders:
ssh_username: 'root'
- <<: *nested_virt
- name: 'prior_fedora'
+ name: 'prior-fedora'
iso_url: '{{user `PRIOR_FEDORA_IMAGE_URL`}}'
iso_checksum_url: '{{user `PRIOR_FEDORA_CSUM_URL`}}'
@@ -161,7 +161,7 @@ provisioners:
post-processors:
- - type: "compress"
- only: ['fedora', 'prior_fedora', 'fah', 'rhel']
+ only: ['fedora', 'prior-fedora', 'fah', 'rhel']
output: '/tmp/{{build_name}}/disk.raw.tar.gz'
format: '.tar.gz'
compression_level: 9
@@ -171,12 +171,12 @@ post-processors:
project_id: '{{user `GCP_PROJECT_ID`}}'
account_file: '{{user `GOOGLE_APPLICATION_CREDENTIALS`}}'
bucket: '{{user `XFERBUCKET`}}'
- gcs_object_name: '{{build_name}}-{{user `TIMESTAMP`}}-{{uuid}}.tar.gz'
+ gcs_object_name: '{{build_name}}-{{user `TIMESTAMP`}}.tar.gz'
image_name: "{{user `FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `FEDORA_IMAGE_URL`}}'
image_family: '{{user `FEDORA_BASE_IMAGE_NAME`}}'
- <<: *gcp_import
- only: ['prior_fedora']
+ only: ['prior-fedora']
image_name: "{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}'
image_family: '{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}'
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index d31c11a8d..30ad0723a 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -29,6 +29,10 @@ variables:
SERVICE_ACCOUNT: '{{env `SERVICE_ACCOUNT`}}'
GOOGLE_APPLICATION_CREDENTIALS: '{{env `GOOGLE_APPLICATION_CREDENTIALS`}}'
+ # Used to separate images produced during PR testing from those
+ # produced from post-merge testing. Must be empty for PR testing.
+ POST_MERGE_BUCKET_SUFFIX: ''
+
# Don't leak sensitive values in error messages / output
sensitive-variables:
- 'GCE_SSH_USERNAME'
@@ -84,13 +88,18 @@ provisioners:
- type: 'shell'
script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh'
environment_vars:
- - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
+ - 'GOSRC=/tmp/libpod'
- 'CNI_COMMIT={{user `CNI_COMMIT`}}'
- 'FEDORA_CNI_COMMIT={{user `FEDORA_CNI_COMMIT`}}'
- 'CRIO_COMMIT={{user `CRIO_COMMIT`}}'
- 'CRIU_COMMIT={{user `CRIU_COMMIT`}}'
- 'RUNC_COMMIT={{user `RUNC_COMMIT`}}'
+ - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
- 'RHSM_COMMAND={{user `RHSM_COMMAND`}}'
post-processors:
- - - type: 'manifest'
+ # Store VM disk in GCP storage, where it will expire based on a defined
+ # lifecycle. This prevents GCE from filling with disused images.
+ - - type: 'googlecompute-export'
+ paths: ['gs://packer-import{{user `POST_MERGE_BUCKET_SUFFIX`}}/{{build_name}}{{user `BUILT_IMAGE_SUFFIX`}}.tar.gz']
+ - type: 'manifest' # writes packer-manifest.json
diff --git a/contrib/cirrus/packer/rhel_base-setup.sh b/contrib/cirrus/packer/rhel_base-setup.sh
index 8b2073d4f..fbf9f61af 100644
--- a/contrib/cirrus/packer/rhel_base-setup.sh
+++ b/contrib/cirrus/packer/rhel_base-setup.sh
@@ -16,6 +16,8 @@ req_env_var "
install_ooe
+rhsm_enable
+
echo "Setting up repos"
# Frequently needed
ooe.sh sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
@@ -32,12 +34,15 @@ gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
-rhsm_enable
+echo "Updating all packages"
+ooe.sh sudo yum -y update
echo "Installing/removing packages"
-ooe.sh sudo yum -y install google-compute-engine google-compute-engine-oslogin
-ooe.sh sudo yum -y erase "cloud-init" "rh-amazon-rhui-client*" || true
+ooe.sh sudo yum -y install rng-tools google-compute-engine google-compute-engine-oslogin
+
+echo "Enabling critical services"
ooe.sh sudo systemctl enable \
+ rngd \
google-accounts-daemon \
google-clock-skew-daemon \
google-instance-setup \
@@ -47,6 +52,29 @@ ooe.sh sudo systemctl enable \
rhel_exit_handler # release subscription!
+echo "Configuring boot"
+cat << "EOF" | sudo tee /etc/default/grub
+GRUB_TIMEOUT=0
+GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
+GRUB_DEFAULT=saved
+GRUB_DISABLE_SUBMENU=true
+GRUB_TERMINAL="serial console"
+GRUB_SERIAL_COMMAND="serial --speed=38400"
+GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,38400n8"
+GRUB_DISABLE_RECOVERY="true"
+EOF
+sudo grub2-mkconfig -o /boot/grub2/grub.cfg
+
+echo "Configuring networking"
+ooe.sh sudo nmcli connection modify 'System eth0' 802-3-ethernet.mtu 1460
+ooe.sh sudo nmcli connection modify 'System eth0' connection.autoconnect yes
+ooe.sh sudo nmcli connection modify 'System eth0' connection.autoconnect-priority
+ooe.sh sudo nmcli connection modify 'System eth0' ipv4.method auto
+ooe.sh sudo nmcli connection modify 'System eth0' ipv4.dhcp-send-hostname yes
+ooe.sh sudo nmcli connection modify 'System eth0' ipv4.dhcp-timeout 0
+ooe.sh sudo nmcli connection modify 'System eth0' ipv4.never-default no
+ooe.sh /usr/bin/google_instance_setup
+
rh_finalize
echo "SUCCESS!"
diff --git a/contrib/cirrus/packer/rhel_setup.sh b/contrib/cirrus/packer/rhel_setup.sh
index 99376fd65..ac6866a57 100644
--- a/contrib/cirrus/packer/rhel_setup.sh
+++ b/contrib/cirrus/packer/rhel_setup.sh
@@ -31,6 +31,7 @@ ooe.sh sudo subscription-manager repos \
ooe.sh sudo yum -y update
ooe.sh sudo yum -y install \
+ PyYAML \
atomic-registries \
btrfs-progs-devel \
bzip2 \
@@ -64,9 +65,11 @@ ooe.sh sudo yum -y install \
protobuf-python \
python \
python2-future \
+ python2-pyyaml \
python34-dateutil \
python34-psutil \
python34-pytoml \
+ python34-PyYAML \
runc \
skopeo-containers \
unzip \