diff options
Diffstat (limited to 'contrib/cirrus')
-rw-r--r-- | contrib/cirrus/README.md | 35 | ||||
-rwxr-xr-x | contrib/cirrus/integration_test.sh | 26 | ||||
-rw-r--r-- | contrib/cirrus/lib.sh | 24 | ||||
-rwxr-xr-x | contrib/cirrus/logcollector.sh | 1 | ||||
-rw-r--r-- | contrib/cirrus/packer/Makefile | 11 | ||||
-rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 176 | ||||
-rw-r--r-- | contrib/cirrus/packer/image-builder-image_base-setup.sh | 6 | ||||
-rw-r--r-- | contrib/cirrus/packer/libpod_base_images.yml | 12 | ||||
-rw-r--r-- | contrib/cirrus/packer/libpod_images.yml | 9 | ||||
-rw-r--r-- | contrib/cirrus/packer/ubuntu_setup.sh | 4 | ||||
-rwxr-xr-x | contrib/cirrus/setup_environment.sh | 27 |
11 files changed, 174 insertions, 157 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 49f713a8f..3789965d6 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -216,10 +216,10 @@ the ``cache_images`` Task) some input parameters are required: to limit the base-images produced. For example, ``PACKER_BUILDS=fedora,image-builder-image``. -If there is an existing 'image-builder-image' within GCE, it may be utilized -to produce base-images (in addition to cache-images). However it must be -created with support for nested-virtualization, and with elevated cloud -privileges (to access GCE, from within the GCE VM). For example: +If there is no existing 'image-builder-image' within GCE, a new +one may be bootstrapped by creating a CentOS 7 VM with support for +nested-virtualization, and with elevated cloud privileges (to access +GCE, from within the GCE VM). For example: ``` $ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID @@ -229,34 +229,33 @@ $ URL=https://www.googleapis.com/auth $ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control # The --min-cpu-platform is critical for nested-virt. -$ pgcloud compute instances create $USER-making-images \ - --image-family image-builder-image \ +$ pgcloud compute instances create $USER-image-builder \ + --image-family centos-7 \ --boot-disk-size "200GB" \ --min-cpu-platform "Intel Haswell" \ --machine-type n1-standard-2 \ --scopes $SCOPES ``` -Alternatively, if there is no image-builder-image available yet, a bare-metal -CentOS 7 machine with network access to GCE is required. Software dependencies -can be obtained from the ``packer/image-builder-image_base_setup.sh`` script. +Then from that VM, execute the +``contrib/cirrus/packer/image-builder-image_base_setup.sh`` script. +Shutdown the VM, and convert it into a new image-builder-image. -In both cases, the following can be used to setup and build base-images. +Building new base images is done by first creating a VM from an +image-builder-image and copying the credentials json file to it. ``` -$ IP_ADDRESS=1.2.3.4 # EXTERNAL_IP from command output above -$ rsync -av $PWD centos@$IP_ADDRESS:. -$ scp $GOOGLE_APPLICATION_CREDENTIALS centos@$IP_ADDRESS:. -$ ssh centos@$IP_ADDRESS -... +$ hack/get_ci_vm.sh image-builder-image-1541772081 +...in another terminal... +$ pgcloud compute scp /path/to/gac.json $USER-image-builder-image-1541772081:. ``` -When ready, change to the ``packer`` sub-directory, and build the images: +Then, on the VM, change to the ``packer`` sub-directory, and build the images: ``` $ cd libpod/contrib/cirrus/packer $ make libpod_base_images GCP_PROJECT_ID=<VALUE> \ - GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \ + GOOGLE_APPLICATION_CREDENTIALS=/path/to/gac.json \ PACKER_BUILDS=<OPTIONAL> ``` @@ -283,7 +282,5 @@ values follows: * `rootless`: Causes a random, ordinary user account to be created and utilized for testing. * `in_podman`: Causes testing to occur within a container executed by - Podman on the host. -* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups * `windows`: See **darwin** * `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client. diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index 9fd79ab18..d5e6ec884 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -16,6 +16,16 @@ fi cd "$GOSRC" +# Transition workaround: runc is still the default for upstream development +handle_crun() { + # For systems with crun installed, assume CgroupsV2 and use it + if type -P crun &> /dev/null + then + warn "Replacing runc -> crun in libpod.conf" + sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' /usr/share/containers/libpod.conf + fi +} + case "$SPECIALMODE" in in_podman) ${CONTAINER_RUNTIME} run --rm --privileged --net=host \ @@ -36,32 +46,24 @@ case "$SPECIALMODE" in -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} ;; - cgroupv2) - setenforce 0 - dnf install -y crun - export OCI_RUNTIME=/usr/bin/crun - make - make install PREFIX=/usr ETCDIR=/etc - make install.config PREFIX=/usr - make test-binaries - make local${TESTSUITE} - ;; endpoint) make make install PREFIX=/usr ETCDIR=/etc + #handle_crun make test-binaries make endpoint ;; bindings) - make + make make install PREFIX=/usr ETCDIR=/etc - cd pkg/bindings/test && ginkgo -r + cd pkg/bindings/test && ginkgo -r ;; none) make make install PREFIX=/usr ETCDIR=/etc make install.config PREFIX=/usr make test-binaries + handle_crun if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then make remote${TESTSUITE} VARLINK_LOG=$VARLINK_LOG diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 1e237085f..71ad67c74 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -7,10 +7,10 @@ source /etc/environment # not always loaded under all circumstances # Under some contexts these values are not set, make sure they are. -USER="$(whoami)" -HOME="$(getent passwd $USER | cut -d : -f 6)" -[[ -n "$UID" ]] || UID=$(getent passwd $USER | cut -d : -f 3) -GID=$(getent passwd $USER | cut -d : -f 4) +export USER="$(whoami)" +export HOME="$(getent passwd $USER | cut -d : -f 6)" +[[ -n "$UID" ]] || export UID=$(getent passwd $USER | cut -d : -f 3) +export GID=$(getent passwd $USER | cut -d : -f 4) # Essential default paths, many are overridden when executing under Cirrus-CI export GOPATH="${GOPATH:-/var/tmp/go}" @@ -59,13 +59,13 @@ PACKER_VER="1.4.2" # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # Base-images rarely change, define them here so they're out of the way. -export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}" -# Google-maintained base-image names +export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}" +# Manually produced base-image names (see $SCRIPT_BASE/README.md) export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724" export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" -export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245" +export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410" +export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest" @@ -79,8 +79,8 @@ SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes" # Regex that finds enabled periodic apt configuration items PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;' # Short-cuts for retrying/timeout calls -LILTO="timeout_attempt_delay_command 24s 5 30s" -BIGTO="timeout_attempt_delay_command 300s 5 30s" +LILTO="timeout_attempt_delay_command 120s 5 30s" +BIGTO="timeout_attempt_delay_command 300s 5 60s" # Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately) ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)' @@ -178,8 +178,7 @@ die() { } warn() { - echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr - echo ${1:-1} > /dev/stdout + echo ">>>>> ${1:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr } bad_os_id_ver() { @@ -456,7 +455,6 @@ _finalize() { echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS" fi echo "Re-initializing so next boot does 'first-boot' setup again." - sudo history -c cd / sudo rm -rf /var/lib/cloud/instanc* sudo rm -rf /root/.ssh/* diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 17f5eb099..1769e9362 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -32,6 +32,7 @@ case $1 in df) showrun df -lhTx tmpfs ;; ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;; journal) showrun journalctl -b ;; + podman) showrun podman system info ;; varlink) if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile index fa87d7019..a911cafdb 100644 --- a/contrib/cirrus/packer/Makefile +++ b/contrib/cirrus/packer/Makefile @@ -1,9 +1,4 @@ - -# N/B: PACKER_BUILDS variable is required. Should contain CSV of -# builder name(s) from applicable YAML file, -# e.g for names see libpod_images.yml - -PACKER_VER ?= 1.4.2 +PACKER_VER ?= 1.4.3 GOARCH=$(shell go env GOARCH) ARCH=$(uname -m) PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip @@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer .PHONY: libpod_images libpod_images: guard-PACKER_BUILDS libpod_images.json packer - ./packer build -only=${PACKER_BUILDS} \ + ./packer build \ -force \ + $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \ -var GOSRC=$(GOSRC) \ -var PACKER_BASE=$(PACKER_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \ @@ -82,6 +78,7 @@ cidata.iso: user-data meta-data .PHONY: libpod_base_images libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer PACKER_CACHE_DIR=/tmp ./packer build \ + $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \ -force \ -var TIMESTAMP=$(TIMESTAMP) \ -var TTYDEV=$(TTYDEV) \ diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 6cfaa05ce..591a59a05 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -15,100 +15,106 @@ install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT -ooe.sh sudo dnf update -y +$BIGTO ooe.sh sudo dnf update -y echo "Enabling updates-testing repository" -ooe.sh sudo dnf install -y 'dnf-command(config-manager)' -ooe.sh sudo dnf config-manager --set-enabled updates-testing +$LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' +$LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing -echo "Installing general build/test dependencies" -ooe.sh sudo dnf install -y \ - atomic-registries \ - autoconf \ - automake \ - bash-completion \ - bats \ - bridge-utils \ - btrfs-progs-devel \ - bzip2 \ - conmon \ - container-selinux \ - containernetworking-plugins \ - containers-common \ - criu \ - device-mapper-devel \ - emacs-nox \ - file \ - findutils \ - fuse3 \ - fuse3-devel \ - gcc \ - git \ - glib2-devel \ - glibc-static \ - gnupg \ - go-md2man \ - golang \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - iproute \ - iptables \ - jq \ - libassuan-devel \ - libcap-devel \ - libmsi1 \ - libnet \ - libnet-devel \ - libnl3-devel \ - libseccomp \ - libseccomp-devel \ - libselinux-devel \ - libtool \ - libvarlink-util \ - lsof \ - make \ - msitools \ - nmap-ncat \ - pandoc \ - podman \ - procps-ng \ - protobuf \ - protobuf-c \ - protobuf-c-devel \ - protobuf-compiler \ - protobuf-devel \ - protobuf-python \ - python \ - python2-future \ - python3-dateutil \ - python3-psutil \ - python3-pytoml \ - runc \ - selinux-policy-devel \ - slirp4netns \ - unzip \ - vim \ - which \ - xz \ +echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" +REMOVE_PACKAGES=() +INSTALL_PACKAGES=(\ + autoconf + automake + bash-completion + bats + bridge-utils + btrfs-progs-devel + bzip2 + conmon + container-selinux + containernetworking-plugins + containers-common + criu + device-mapper-devel + dnsmasq + emacs-nox + file + findutils + fuse3 + fuse3-devel + gcc + git + glib2-devel + glibc-static + gnupg + go-md2man + golang + gpgme-devel + iproute + iptables + jq + libassuan-devel + libcap-devel + libmsi1 + libnet + libnet-devel + libnl3-devel + libseccomp + libseccomp-devel + libselinux-devel + libtool + libvarlink-util + lsof + make + msitools + nmap-ncat + pandoc + podman + procps-ng + protobuf + protobuf-c + protobuf-c-devel + protobuf-devel + protobuf-python + python + python3-dateutil + python3-psutil + python3-pytoml + selinux-policy-devel + skopeo + slirp4netns + unzip + vim + which + xz zip +) +case "$OS_RELEASE_VER" in + 30) + INSTALL_PACKAGES+=(\ + atomic-registries + golang-github-cpuguy83-go-md2man + python2-future + runc + ) + ;; + 31) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + *) + bad_os_id_ver ;; +esac +$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]} +[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \ + $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]} # Ensure there are no disruptive periodic services enabled by default in image systemd_banish -sudo /tmp/libpod/hack/install_catatonit.sh - -# Same script is used for several related contexts -case "$PACKER_BUILDER_NAME" in - xfedora*) - echo "Configuring CGroups v2 enabled on next boot" - sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1" - sudo dnf install -y crun - ;& # continue to next matching item - *) - echo "Finalizing $PACKER_BUILDER_NAME VM image" - ;; -esac +ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh rh_finalize diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh index 43cfa7180..78772da09 100644 --- a/contrib/cirrus/packer/image-builder-image_base-setup.sh +++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh @@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \ libvirt-client \ libvirt-daemon \ make \ - python34 \ - python34 \ - python34-PyYAML \ - python34-PyYAML \ + python36 \ + python36-PyYAML \ qemu-img \ qemu-kvm \ qemu-kvm-tools \ diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index bcca440ae..21f3795f1 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -17,14 +17,14 @@ variables: PRIOR_UBUNTU_BASE_IMAGE: # Latest Fedora release - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM" - FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2' + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM" + FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9' # Prior Fedora release - PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2" - PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM" - PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2' # Name to use in GCE + PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2" + PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2' # The name of the image in GCE used for packer build libpod_images.yml IBI_BASE_NAME: 'image-builder-image' diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index 01a65d867..074a813af 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -51,17 +51,12 @@ builders: source_image_family: 'prior-ubuntu-base' - <<: *gce_hosted_image - name: 'fedora-30' - source_image: '{{user `FEDORA_BASE_IMAGE`}}' - source_image_family: 'fedora-base' - - - <<: *gce_hosted_image - name: 'xfedora-30' + name: 'fedora-31' source_image: '{{user `FEDORA_BASE_IMAGE`}}' source_image_family: 'fedora-base' - <<: *gce_hosted_image - name: 'fedora-29' + name: 'fedora-30' source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}' source_image_family: 'prior-fedora-base' diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 118ee062a..7c39a76f8 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -59,6 +59,8 @@ $BIGTO $SUDOAPTGET install \ cri-o-runc \ criu \ curl \ + conmon \ + dnsmasq \ e2fslibs-dev \ emacs-nox \ file \ @@ -129,7 +131,7 @@ then ooe.sh sudo update-grub fi -sudo /tmp/libpod/hack/install_catatonit.sh +ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo ubuntu_finalize diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index edd793bb9..5364dd510 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -47,6 +47,30 @@ case "${OS_RELEASE_ID}" in setsebool container_manage_cgroup true if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then bash "$SCRIPT_BASE/add_second_partition.sh"; fi + + if [[ "$OS_RELEASE_VER" == "31" ]]; then + warn "Switching io schedular to deadline to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" > /sys/block/sda/queue/scheduler + cat /sys/block/sda/queue/scheduler + + warn "Forcing systemd cgroup manager" + X=$(echo "export CGROUP_MANAGER=systemd" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + + warn "Testing with crun instead of runc" + X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + + warn "Upgrading to the latest crun" + # Normally not something to do for stable testing + # but crun is new, and late-breaking fixes may be required + # on short notice + dnf update -y crun + + #warn "Setting SELinux into Permissive mode" + #setenforce 0 + fi ;; centos) # Current VM is an image-builder-image no local podman/testing echo "No further setup required for VM image building" @@ -62,9 +86,6 @@ source "$SCRIPT_BASE/lib.sh" make install.tools case "$SPECIALMODE" in - cgroupv2) - remove_packaged_podman_files # we're building from source - ;; none) [[ -n "$CROSS_PLATFORM" ]] || \ remove_packaged_podman_files |