diff options
| -rw-r--r-- | .cirrus.yml | 133 | ||||
| -rwxr-xr-x | contrib/cirrus/runner.sh | 4 | ||||
| -rw-r--r-- | test/e2e/config_arm64.go | 16 | ||||
| -rw-r--r-- | test/system/030-run.bats | 1 | ||||
| -rw-r--r-- | test/system/075-exec.bats | 2 | ||||
| -rw-r--r-- | test/system/150-login.bats | 2 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 1 | ||||
| -rw-r--r-- | test/system/260-sdnotify.bats | 1 | ||||
| -rw-r--r-- | test/system/410-selinux.bats | 3 | ||||
| -rw-r--r-- | test/system/helpers.bash | 10 |
10 files changed, 168 insertions, 5 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 7a488216e..bf3f1aa7b 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -28,12 +28,14 @@ env: #### Comment out fedora-35 for podman 4.x branches. #### FEDORA_NAME: "fedora-36" + FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" #PRIOR_FEDORA_NAME: "fedora-35" UBUNTU_NAME: "ubuntu-2204" # Image identifiers - IMAGE_SUFFIX: "c6013173500215296" - FEDORA_AMI_ID: "ami-0f116746f31965e41" + IMAGE_SUFFIX: "c5495735033528320" + FEDORA_AMI_ID: "ami-0df5df528071f1052" # matches c5495735033528320 + FEDORA_AARCH64_AMI_ID: "ami-02ee8b3a782a78791" # matches c5495735033528320 # Complete image names FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" #PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" @@ -139,8 +141,8 @@ automation_task: always: *runner_stats -# N/B: This task is critical. It builds all binaries for all supported -# OS platforms and versions. On success, the contents of the repository +# N/B: The two following tasks are critical. They build all binaries for all supported +# OS platforms and versions on x86_64 and aarch64. On success, the contents of the repository # are preserved as an artifact. This saves most subsequent tasks about # 3 minutes of otherwise duplicative effort. It also ensures that the # exact same binaries used throughout CI testing, are available for @@ -194,6 +196,36 @@ build_task: always: *runner_stats +build_aarch64_task: + alias: 'build_aarch64' + name: 'Build for $DISTRO_NV' + # Multiarch doesn't depend on buildability in this automation context + # Docs: ./contrib/cirrus/CIModes.md + only_if: "$CIRRUS_CRON != 'multiarch'" + ec2_instance: &standard_build_ec2_aarch64 + image: ${VM_IMAGE_NAME} + type: t4g.xlarge + region: us-east-1 + architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64". + env: &stdenvars_aarch64 + DISTRO_NV: ${FEDORA_AARCH64_NAME} + VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI_ID} + CTR_FQIN: ${FEDORA_CONTAINER_FQIN} + CI_DESIRED_RUNTIME: crun + TEST_FLAVOR: build + clone_script: *full_clone + setup_script: *setup + main_script: *main + # Cirrus-CI is very slow uploading one file at time, and the repo contains + # thousands of files. Speed this up by archiving into tarball first. + repo_prep_script: &repo_prep_aarch64 >- + tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/ + repo_artifacts: &repo_artifacts_aarch64 + path: ./repo.tbz + type: application/octet-stream + always: *runner_stats + + # Confirm the result of building on at least one platform appears sane. # This confirms the binaries can be executed, checks --help vs docs, and # other essential post-build validation checks. @@ -218,6 +250,7 @@ validate_task: memory: "16Gb" env: <<: *stdenvars + DISTRO_NV: ${FEDORA_NAME} TEST_FLAVOR: validate # N/B: This script depends on ${DISTRO_NV} being defined for the task. clone_script: &get_gosrc | @@ -230,6 +263,40 @@ validate_task: always: *runner_stats +# Confirm the result of building on at least one platform appears sane. +# This confirms the binaries can be executed, checks --help vs docs, and +# other essential post-build validation checks. +validate_aarch64_task: + name: "Validate $DISTRO_NV Build" + alias: validate_aarch64 + # This task is primarily intended to catch human-errors early on, in a + # PR. Skip it for branch-push, branch-create, and tag-push to improve + # automation reliability/speed in those contexts. Any missed errors due + # to nonsequential PR merging practices, will be caught on a future PR, + # build or test task failures. + # Docs: ./contrib/cirrus/CIModes.md + only_if: *is_pr + depends_on: + - ext_svc_check + - automation + - build_aarch64 + # golangci-lint is a very, very hungry beast. + ec2_instance: *standard_build_ec2_aarch64 + env: + <<: *stdenvars_aarch64 + TEST_FLAVOR: validate + DISTRO_NV: ${FEDORA_AARCH64_NAME} + # N/B: This script depends on ${DISTRO_NV} being defined for the task. + clone_script: &get_gosrc_aarch64 | + cd /tmp + echo "$ARTCURL/build_aarch64/repo/repo.tbz" + time $ARTCURL/build_aarch64/repo/repo.tbz + time tar xjf /tmp/repo.tbz -C $GOSRC + setup_script: *setup + main_script: *main + always: *runner_stats + + # Exercise the "libpod" API with a small set of common # operations to ensure they are functional. bindings_task: @@ -317,6 +384,28 @@ consistency_task: always: *runner_stats +# Check that all included go modules from other sources match +# what is expected in `vendor/modules.txt` vs `go.mod`. Also +# make sure that the generated bindings in pkg/bindings/... +# are in sync with the code. +consistency_aarch64_task: + name: "Test Code Consistency (aarch64)" + alias: consistency_aarch64 + # Docs: ./contrib/cirrus/CIModes.md + only_if: *is_pr + depends_on: + - build_aarch64 + ec2_instance: *standard_build_ec2_aarch64 + env: + <<: *stdenvars_aarch64 + TEST_FLAVOR: consistency + TEST_ENVIRON: container + clone_script: *get_gosrc_aarch64 + setup_script: *setup + main_script: *main + always: *runner_stats + + # There are several other important variations of podman which # must always build successfully. Most of them are handled in # this task, though a few need dedicated tasks which follow. @@ -646,6 +735,26 @@ local_system_test_task: &local_system_test_task always: *logs_artifacts +local_system_test_aarch64_task: &local_system_test_task_aarch64 + name: *std_name_fmt + alias: local_system_test_aarch64 + # Don't create task for tags, or if using [CI:DOCS], [CI:BUILD], multiarch + # Docs: ./contrib/cirrus/CIModes.md + only_if: *not_tag_build_docs_multiarch + depends_on: + - build_aarch64 + - local_integration_test + ec2_instance: *standard_build_ec2_aarch64 + env: + <<: *stdenvars_aarch64 + TEST_FLAVOR: sys + DISTRO_NV: ${FEDORA_AARCH64_NAME} + clone_script: *get_gosrc_aarch64 + setup_script: *setup + main_script: *main + always: *logs_artifacts + + remote_system_test_task: <<: *local_system_test_task alias: remote_system_test @@ -657,6 +766,17 @@ remote_system_test_task: PODBIN_NAME: remote +remote_system_test_aarch64_task: + <<: *local_system_test_task_aarch64 + alias: remote_system_test_aarch64 + depends_on: + - build_aarch64 + - remote_integration_test + env: + TEST_FLAVOR: sys + PODBIN_NAME: remote + + rootless_remote_system_test_task: matrix: # Minimal sanity testing: only the latest Fedora @@ -871,10 +991,13 @@ success_task: - ext_svc_check - automation - build + - build_aarch64 - validate + - validate_aarch64 - bindings - swagger - consistency + - consistency_aarch64 - alt_build - osx_alt_build - docker-py_test @@ -889,7 +1012,9 @@ success_task: # AND bypass in contrib/cirrus/cirrus_yaml_test.py for this name. # - podman_machine - local_system_test + - local_system_test_aarch64 - remote_system_test + - remote_system_test_aarch64 - rootless_system_test - rootless_remote_system_test - buildah_bud_test diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh index 1956968ea..35ecfd4ff 100755 --- a/contrib/cirrus/runner.sh +++ b/contrib/cirrus/runner.sh @@ -35,6 +35,10 @@ function _run_automation() { } function _run_validate() { + # TODO: aarch64 images need python3-devel installed + # https://github.com/containers/automation_images/issues/159 + bigto ooe.sh dnf install -y python3-devel + # git-validation tool fails if $EPOCH_TEST_COMMIT is empty # shellcheck disable=SC2154 if [[ -n "$EPOCH_TEST_COMMIT" ]]; then diff --git a/test/e2e/config_arm64.go b/test/e2e/config_arm64.go new file mode 100644 index 000000000..c1e0afc47 --- /dev/null +++ b/test/e2e/config_arm64.go @@ -0,0 +1,16 @@ +package integration + +var ( + STORAGE_FS = "vfs" //nolint:revive,stylecheck + STORAGE_OPTIONS = "--storage-driver vfs" //nolint:revive,stylecheck + ROOTLESS_STORAGE_FS = "vfs" //nolint:revive,stylecheck + ROOTLESS_STORAGE_OPTIONS = "--storage-driver vfs" //nolint:revive,stylecheck + CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, LABELS_IMAGE, HEALTHCHECK_IMAGE, UBI_INIT, UBI_MINIMAL, fedoraToolbox} //nolint:revive,stylecheck + NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck + BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck + REGISTRY_IMAGE = "quay.io/libpod/registry:2.6" //nolint:revive,stylecheck + LABELS_IMAGE = "quay.io/libpod/alpine_labels:latest" //nolint:revive,stylecheck + UBI_MINIMAL = "registry.access.redhat.com/ubi8-minimal" //nolint:revive,stylecheck + UBI_INIT = "registry.access.redhat.com/ubi8-init" //nolint:revive,stylecheck + CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck +) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 5014ef47b..d028a5ac7 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -3,6 +3,7 @@ load helpers @test "podman run - basic tests" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64" rand=$(random_string 30) err_no_such_cmd="Error:.*/no/such/command.*[Nn]o such file or directory" diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index 0a6048b7e..7dd43c2c3 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -6,6 +6,8 @@ load helpers @test "podman exec - basic test" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64" + rand_filename=$(random_string 20) rand_content=$(random_string 50) diff --git a/test/system/150-login.bats b/test/system/150-login.bats index dc902d5fe..b57bb44ab 100644 --- a/test/system/150-login.bats +++ b/test/system/150-login.bats @@ -52,7 +52,7 @@ function setup() { mkdir -p $AUTHDIR # Registry image; copy of docker.io, but on our own registry - local REGISTRY_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/registry:2.7" + local REGISTRY_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/registry:2.8" # Pull registry image, but into a separate container storage mkdir -p ${PODMAN_LOGIN_WORKDIR}/root diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index da2f7cd59..cbbd62ffb 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -478,6 +478,7 @@ spec: } @test "pod resource limits" { + # FIXME: #15074 - possible flake on aarch64 skip_if_remote "resource limits only implemented on non-remote" skip_if_rootless "resource limits only work with root" skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2" diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 59456de24..cd7b1262a 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -132,6 +132,7 @@ READY=1" "sdnotify sent MAINPID and READY" # These tests can fail in dev. environment because of SELinux. # quick fix: chcon -t container_runtime_exec_t ./bin/podman @test "sdnotify : container" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64 non-remote" # Sigh... we need to pull a humongous image because it has systemd-notify. # (IMPORTANT: fedora:32 and above silently removed systemd-notify; this # caused CI to hang. That's why we explicitly require fedora:31) diff --git a/test/system/410-selinux.bats b/test/system/410-selinux.bats index d437465a4..082482c7a 100644 --- a/test/system/410-selinux.bats +++ b/test/system/410-selinux.bats @@ -39,10 +39,12 @@ function check_label() { } @test "podman selinux: container with label=disable" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64" check_label "--security-opt label=disable" "spc_t" } @test "podman selinux: privileged container" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64" check_label "--privileged --userns=host" "spc_t" } @@ -63,6 +65,7 @@ function check_label() { } @test "podman selinux: pid=host" { + skip_if_aarch64 "FIXME: #15074 - fails on aarch64" # FIXME this test fails when run rootless with runc: # Error: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: readonly path /proc/asound: operation not permitted: OCI permission denied if is_rootless; then diff --git a/test/system/helpers.bash b/test/system/helpers.bash index b9da2d89a..19bc6547c 100644 --- a/test/system/helpers.bash +++ b/test/system/helpers.bash @@ -379,6 +379,10 @@ function is_netavark() { return 1 } +function is_aarch64() { + [ "$(uname -m)" == "aarch64" ] +} + # Returns the OCI runtime *basename* (typically crun or runc). Much as we'd # love to cache this result, we probably shouldn't. function podman_runtime() { @@ -546,6 +550,12 @@ function skip_if_root_ubuntu { fi } +function skip_if_aarch64 { + if is_aarch64; then + skip "${msg:-Cannot run this test on aarch64 systems}" + fi +} + ######### # die # Abort with helpful message ######### |