diff options
Diffstat (limited to 'contrib/cirrus')
| -rwxr-xr-x | contrib/cirrus/build_vm_images.sh | 39 | ||||
| -rwxr-xr-x | contrib/cirrus/check_image.sh | 10 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 27 | ||||
| -rwxr-xr-x | contrib/cirrus/notice_branch_failure.sh (renamed from contrib/cirrus/notice_master_failure.sh) | 4 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_base-setup.sh | 3 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 3 | ||||
| -rw-r--r-- | contrib/cirrus/packer/ubuntu_setup.sh | 3 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 6 |
8 files changed, 88 insertions, 7 deletions
diff --git a/contrib/cirrus/build_vm_images.sh b/contrib/cirrus/build_vm_images.sh index f5d53a92e..74b10158c 100755 --- a/contrib/cirrus/build_vm_images.sh +++ b/contrib/cirrus/build_vm_images.sh @@ -3,7 +3,8 @@ set -e source $(dirname $0)/lib.sh -ENV_VARS='PACKER_BUILDS BUILT_IMAGE_SUFFIX UBUNTU_BASE_IMAGE FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE' +BASE_IMAGE_VARS='FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE UBUNTU_BASE_IMAGE' +ENV_VARS="PACKER_BUILDS BUILT_IMAGE_SUFFIX $BASE_IMAGE_VARS SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE CIRRUS_BUILD_ID CIRRUS_CHANGE_IN_REPO" req_env_var $ENV_VARS # Must also be made available through make, into packer process export $ENV_VARS @@ -24,6 +25,20 @@ then fi cd "$GOSRC/$PACKER_BASE" +# Add/update labels on base-images used in this build to prevent premature deletion +ARGS=" +" +for base_image_var in $BASE_IMAGE_VARS +do + # See entrypoint.sh in contrib/imgts and contrib/imgprune + # These updates can take a while, run them in the background, check later + gcloud compute images update "$image" \ + --update-labels=last-used=$(date +%s) \ + --update-labels=build-id=$CIRRUS_BUILD_ID \ + --update-labels=repo-ref=$CIRRUS_CHANGE_IN_REPO \ + --update-labels=project=$GCP_PROJECT_ID \ + ${!base_image_var} & +done make libpod_images \ PACKER_BUILDS=$PACKER_BUILDS \ @@ -33,9 +48,31 @@ make libpod_images \ PACKER_BASE=$PACKER_BASE \ BUILT_IMAGE_SUFFIX=$BUILT_IMAGE_SUFFIX +# Separate PR-produced images from those produced on master. +if [[ "${CIRRUS_BRANCH:-}" == "master" ]] +then + POST_MERGE_BUCKET_SUFFIX="-master" +else + POST_MERGE_BUCKET_SUFFIX="" +fi + # When successful, upload manifest of produced images using a filename unique # to this build. URI="gs://packer-import${POST_MERGE_BUCKET_SUFFIX}/manifest${BUILT_IMAGE_SUFFIX}.json" gsutil cp packer-manifest.json "$URI" +# Ensure any background 'gcloud compute images update' processes finish +set +e # need 'wait' exit code to avoid race +while [[ -n "$(jobs)" ]] +do + wait -n + RET=$? + if [[ "$RET" -eq "127" ]] || \ # Avoid TOCTOU race w/ jobs + wait + [[ "$RET" -eq "0" ]] + then + continue + fi + die $RET "Required base-image metadata update failed" +done + echo "Finished. A JSON manifest of produced images is available at $URI" diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh index 948039234..690a38119 100755 --- a/contrib/cirrus/check_image.sh +++ b/contrib/cirrus/check_image.sh @@ -16,7 +16,9 @@ MIN_MEM_MB=2000 read JUNK TOTAL USED MEM_FREE JUNK <<<$(free -tm | tail -1) item_test 'Minimum available memory' $MEM_FREE -ge $MIN_MEM_MB || let "RET+=1" -item_test "podman command NOT found on path" -z "$(type -P podman)" || let "RET+=1" +# We're testing a custom-built podman; make sure there isn't a distro-provided +# binary anywhere; that could potentially taint our results. +item_test "remove_packaged_podman_files() did it's job" -z "$(type -P podman)" || let "RET+=1" MIN_ZIP_VER='3.0' VER_RE='.+([[:digit:]]+\.[[:digit:]]+).+' @@ -34,4 +36,10 @@ do "$(systemctl list-unit-files --no-legend $REQ_UNIT)" = "$REQ_UNIT enabled" || let "RET+=1" done +# Exits zero if any unit matching pattern is running +UNIT_STATUS=$(systemctl is-active $EVIL_UNITS; echo $?) +item_test "No interfering background units are active:" \ + "$UNIT_STATUS" -ne "0" || let "RET+=1" + +echo "Total failed tests: $RET" exit $RET diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index ea0f9e326..a9da3f4ce 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -45,6 +45,7 @@ fi # Defaults when not running under CI export CI="${CI:-false}" CIRRUS_CI="${CIRRUS_CI:-false}" +DEST_BRANCH="${DEST_BRANCH:-master}" CONTINUOUS_INTEGRATION="${CONTINUOUS_INTEGRATION:-false}" CIRRUS_REPO_NAME=${CIRRUS_REPO_NAME:-libpod} CIRRUS_BASE_SHA=${CIRRUS_BASE_SHA:-unknown$(date +%s)} # difficult to reliably discover @@ -77,6 +78,9 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. # Unsafe env. vars for display SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(^GC[EP]..+)|(SSH)' +# Names of systemd units which should never be running +EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean" + SPECIALMODE="${SPECIALMODE:-none}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -323,8 +327,15 @@ install_test_configs(){ /etc/containers/registries.conf } +# Remove all files (except conmon, for now) provided by the distro version of podman. +# Except conmon, for now as it's expected to eventually be packaged separately. +# All VM cache-images used for testing include the distro podman because (1) it's +# required for podman-in-podman testing and (2) it somewhat simplifies the task +# of pulling in necessary prerequisites packages as the set can change over time. +# For general CI testing however, calling this function makes sure the system +# can only run the compiled source version. remove_packaged_podman_files(){ - show_and_store_warning "Removing packaged podman files to prevent conflicts with source build and testing." + echo "Removing packaged podman files to prevent conflicts with source build and testing." req_env_var OS_RELEASE_ID if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] then @@ -342,6 +353,20 @@ remove_packaged_podman_files(){ done } +systemd_banish(){ + echo "Disabling periodic services that could destabilize testing:" + set +e # Not all of these exist on every platform + for unit in $EVIL_UNITS + do + ooe.sh sudo systemctl stop $unit + ooe.sh sudo systemctl disable $unit + ooe.sh sudo systemctl disable $unit.timer + ooe.sh sudo systemctl mask $unit + ooe.sh sudo systemctl mask $unit.timer + done + set -e +} + _finalize(){ set +e # Don't fail at the very end set +e # make errors non-fatal diff --git a/contrib/cirrus/notice_master_failure.sh b/contrib/cirrus/notice_branch_failure.sh index 1fc15cdf9..f030c12e5 100755 --- a/contrib/cirrus/notice_master_failure.sh +++ b/contrib/cirrus/notice_branch_failure.sh @@ -9,10 +9,10 @@ ETX="$(echo -n -e '\x03')" RED="${ETX}4" NOR="$(echo -n -e '\x0f')" -if [[ "$CIRRUS_BRANCH" =~ "master" ]] +if [[ "$CIRRUS_BRANCH" = "$DEST_BRANCH" ]] then BURL="https://cirrus-ci.com/build/$CIRRUS_BUILD_ID" - ircmsg "${RED}[Action Recommended]: ${NOR}Post-merge testing ${RED}$CIRRUS_BRANCH failed${NOR} in $CIRRUS_TASK_NAME on $(OS_RELEASE_ID)-$(OS_RELEASE_VER): $BURL. Please investigate, and re-run if appropriate." + ircmsg "${RED}[Action Recommended]: ${NOR}Post-merge testing on ${RED}$CIRRUS_BRANCH failed${NOR} in $CIRRUS_TASK_NAME on ${OS_RELEASE_ID}-${OS_RELEASE_VER}: $BURL. Please investigate, and re-run if appropriate." fi # This script assumed to be executed on failure diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh index a425b2b57..788a54c34 100644 --- a/contrib/cirrus/packer/fedora_base-setup.sh +++ b/contrib/cirrus/packer/fedora_base-setup.sh @@ -27,6 +27,9 @@ ooe.sh systemctl enable rngd echo "Setting cloud-init service to start after google-network-daemon.service" cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/ +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + rh_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index eb95db907..1e25a1a3c 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -76,6 +76,9 @@ ooe.sh sudo dnf install -y \ xz \ zip +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + sudo /tmp/libpod/hack/install_catatonit.sh rh_finalize diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 6209f2f89..dba191ad2 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -100,6 +100,9 @@ ooe.sh sudo update-grub sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + ubuntu_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index f312e593a..e49bb98fe 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -52,7 +52,9 @@ install_test_configs make install.tools case "$SPECIALMODE" in - none) ;; # Do the normal thing + none) + remove_packaged_podman_files # we're building from source + ;; rootless) # Only do this once, even if ROOTLESS_USER (somehow) changes if ! grep -q 'ROOTLESS_USER' /etc/environment @@ -65,9 +67,9 @@ case "$SPECIALMODE" in tee -a /etc/environment) && eval "$X" && echo "$X" setup_rootless fi + remove_packaged_podman_files ;; in_podman) # Assumed to be Fedora - dnf install -y podman $SCRIPT_BASE/setup_container_environment.sh ;; windows) ;& # for podman-remote building only |