summaryrefslogtreecommitdiff
path: root/contrib/cirrus
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/cirrus')
-rw-r--r--contrib/cirrus/README.md35
-rwxr-xr-xcontrib/cirrus/integration_test.sh14
-rw-r--r--contrib/cirrus/lib.sh24
-rw-r--r--contrib/cirrus/packer/Makefile11
-rw-r--r--contrib/cirrus/packer/fedora_setup.sh176
-rw-r--r--contrib/cirrus/packer/image-builder-image_base-setup.sh6
-rw-r--r--contrib/cirrus/packer/libpod_base_images.yml12
-rw-r--r--contrib/cirrus/packer/libpod_images.yml9
-rw-r--r--contrib/cirrus/packer/ubuntu_setup.sh4
-rwxr-xr-xcontrib/cirrus/setup_environment.sh16
10 files changed, 150 insertions, 157 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md
index 49f713a8f..3789965d6 100644
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@@ -216,10 +216,10 @@ the ``cache_images`` Task) some input parameters are required:
to limit the base-images produced. For example,
``PACKER_BUILDS=fedora,image-builder-image``.
-If there is an existing 'image-builder-image' within GCE, it may be utilized
-to produce base-images (in addition to cache-images). However it must be
-created with support for nested-virtualization, and with elevated cloud
-privileges (to access GCE, from within the GCE VM). For example:
+If there is no existing 'image-builder-image' within GCE, a new
+one may be bootstrapped by creating a CentOS 7 VM with support for
+nested-virtualization, and with elevated cloud privileges (to access
+GCE, from within the GCE VM). For example:
```
$ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID
@@ -229,34 +229,33 @@ $ URL=https://www.googleapis.com/auth
$ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control
# The --min-cpu-platform is critical for nested-virt.
-$ pgcloud compute instances create $USER-making-images \
- --image-family image-builder-image \
+$ pgcloud compute instances create $USER-image-builder \
+ --image-family centos-7 \
--boot-disk-size "200GB" \
--min-cpu-platform "Intel Haswell" \
--machine-type n1-standard-2 \
--scopes $SCOPES
```
-Alternatively, if there is no image-builder-image available yet, a bare-metal
-CentOS 7 machine with network access to GCE is required. Software dependencies
-can be obtained from the ``packer/image-builder-image_base_setup.sh`` script.
+Then from that VM, execute the
+``contrib/cirrus/packer/image-builder-image_base_setup.sh`` script.
+Shutdown the VM, and convert it into a new image-builder-image.
-In both cases, the following can be used to setup and build base-images.
+Building new base images is done by first creating a VM from an
+image-builder-image and copying the credentials json file to it.
```
-$ IP_ADDRESS=1.2.3.4 # EXTERNAL_IP from command output above
-$ rsync -av $PWD centos@$IP_ADDRESS:.
-$ scp $GOOGLE_APPLICATION_CREDENTIALS centos@$IP_ADDRESS:.
-$ ssh centos@$IP_ADDRESS
-...
+$ hack/get_ci_vm.sh image-builder-image-1541772081
+...in another terminal...
+$ pgcloud compute scp /path/to/gac.json $USER-image-builder-image-1541772081:.
```
-When ready, change to the ``packer`` sub-directory, and build the images:
+Then, on the VM, change to the ``packer`` sub-directory, and build the images:
```
$ cd libpod/contrib/cirrus/packer
$ make libpod_base_images GCP_PROJECT_ID=<VALUE> \
- GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \
+ GOOGLE_APPLICATION_CREDENTIALS=/path/to/gac.json \
PACKER_BUILDS=<OPTIONAL>
```
@@ -283,7 +282,5 @@ values follows:
* `rootless`: Causes a random, ordinary user account to be created
and utilized for testing.
* `in_podman`: Causes testing to occur within a container executed by
- Podman on the host.
-* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
* `windows`: See **darwin**
* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.
diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh
index 9fd79ab18..20e067c93 100755
--- a/contrib/cirrus/integration_test.sh
+++ b/contrib/cirrus/integration_test.sh
@@ -36,16 +36,6 @@ case "$SPECIALMODE" in
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
-o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
;;
- cgroupv2)
- setenforce 0
- dnf install -y crun
- export OCI_RUNTIME=/usr/bin/crun
- make
- make install PREFIX=/usr ETCDIR=/etc
- make install.config PREFIX=/usr
- make test-binaries
- make local${TESTSUITE}
- ;;
endpoint)
make
make install PREFIX=/usr ETCDIR=/etc
@@ -53,9 +43,9 @@ case "$SPECIALMODE" in
make endpoint
;;
bindings)
- make
+ make
make install PREFIX=/usr ETCDIR=/etc
- cd pkg/bindings/test && ginkgo -r
+ cd pkg/bindings/test && ginkgo -r
;;
none)
make
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 1e237085f..71ad67c74 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -7,10 +7,10 @@
source /etc/environment # not always loaded under all circumstances
# Under some contexts these values are not set, make sure they are.
-USER="$(whoami)"
-HOME="$(getent passwd $USER | cut -d : -f 6)"
-[[ -n "$UID" ]] || UID=$(getent passwd $USER | cut -d : -f 3)
-GID=$(getent passwd $USER | cut -d : -f 4)
+export USER="$(whoami)"
+export HOME="$(getent passwd $USER | cut -d : -f 6)"
+[[ -n "$UID" ]] || export UID=$(getent passwd $USER | cut -d : -f 3)
+export GID=$(getent passwd $USER | cut -d : -f 4)
# Essential default paths, many are overridden when executing under Cirrus-CI
export GOPATH="${GOPATH:-/var/tmp/go}"
@@ -59,13 +59,13 @@ PACKER_VER="1.4.2"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
# Base-images rarely change, define them here so they're out of the way.
-export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}"
-# Google-maintained base-image names
+export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}"
+# Manually produced base-image names (see $SCRIPT_BASE/README.md)
export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
-export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245"
+export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410"
+export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
# IN_PODMAN container image
IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@@ -79,8 +79,8 @@ SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes"
# Regex that finds enabled periodic apt configuration items
PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;'
# Short-cuts for retrying/timeout calls
-LILTO="timeout_attempt_delay_command 24s 5 30s"
-BIGTO="timeout_attempt_delay_command 300s 5 30s"
+LILTO="timeout_attempt_delay_command 120s 5 30s"
+BIGTO="timeout_attempt_delay_command 300s 5 60s"
# Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately)
ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)'
@@ -178,8 +178,7 @@ die() {
}
warn() {
- echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr
- echo ${1:-1} > /dev/stdout
+ echo ">>>>> ${1:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr
}
bad_os_id_ver() {
@@ -456,7 +455,6 @@ _finalize() {
echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS"
fi
echo "Re-initializing so next boot does 'first-boot' setup again."
- sudo history -c
cd /
sudo rm -rf /var/lib/cloud/instanc*
sudo rm -rf /root/.ssh/*
diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile
index fa87d7019..a911cafdb 100644
--- a/contrib/cirrus/packer/Makefile
+++ b/contrib/cirrus/packer/Makefile
@@ -1,9 +1,4 @@
-
-# N/B: PACKER_BUILDS variable is required. Should contain CSV of
-# builder name(s) from applicable YAML file,
-# e.g for names see libpod_images.yml
-
-PACKER_VER ?= 1.4.2
+PACKER_VER ?= 1.4.3
GOARCH=$(shell go env GOARCH)
ARCH=$(uname -m)
PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip
@@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer
.PHONY: libpod_images
libpod_images: guard-PACKER_BUILDS libpod_images.json packer
- ./packer build -only=${PACKER_BUILDS} \
+ ./packer build \
-force \
+ $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \
@@ -82,6 +78,7 @@ cidata.iso: user-data meta-data
.PHONY: libpod_base_images
libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer
PACKER_CACHE_DIR=/tmp ./packer build \
+ $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-force \
-var TIMESTAMP=$(TIMESTAMP) \
-var TTYDEV=$(TTYDEV) \
diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh
index 6cfaa05ce..591a59a05 100644
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@@ -15,100 +15,106 @@ install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
-ooe.sh sudo dnf update -y
+$BIGTO ooe.sh sudo dnf update -y
echo "Enabling updates-testing repository"
-ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
-ooe.sh sudo dnf config-manager --set-enabled updates-testing
+$LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
+$LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing
-echo "Installing general build/test dependencies"
-ooe.sh sudo dnf install -y \
- atomic-registries \
- autoconf \
- automake \
- bash-completion \
- bats \
- bridge-utils \
- btrfs-progs-devel \
- bzip2 \
- conmon \
- container-selinux \
- containernetworking-plugins \
- containers-common \
- criu \
- device-mapper-devel \
- emacs-nox \
- file \
- findutils \
- fuse3 \
- fuse3-devel \
- gcc \
- git \
- glib2-devel \
- glibc-static \
- gnupg \
- go-md2man \
- golang \
- golang-github-cpuguy83-go-md2man \
- gpgme-devel \
- iproute \
- iptables \
- jq \
- libassuan-devel \
- libcap-devel \
- libmsi1 \
- libnet \
- libnet-devel \
- libnl3-devel \
- libseccomp \
- libseccomp-devel \
- libselinux-devel \
- libtool \
- libvarlink-util \
- lsof \
- make \
- msitools \
- nmap-ncat \
- pandoc \
- podman \
- procps-ng \
- protobuf \
- protobuf-c \
- protobuf-c-devel \
- protobuf-compiler \
- protobuf-devel \
- protobuf-python \
- python \
- python2-future \
- python3-dateutil \
- python3-psutil \
- python3-pytoml \
- runc \
- selinux-policy-devel \
- slirp4netns \
- unzip \
- vim \
- which \
- xz \
+echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
+REMOVE_PACKAGES=()
+INSTALL_PACKAGES=(\
+ autoconf
+ automake
+ bash-completion
+ bats
+ bridge-utils
+ btrfs-progs-devel
+ bzip2
+ conmon
+ container-selinux
+ containernetworking-plugins
+ containers-common
+ criu
+ device-mapper-devel
+ dnsmasq
+ emacs-nox
+ file
+ findutils
+ fuse3
+ fuse3-devel
+ gcc
+ git
+ glib2-devel
+ glibc-static
+ gnupg
+ go-md2man
+ golang
+ gpgme-devel
+ iproute
+ iptables
+ jq
+ libassuan-devel
+ libcap-devel
+ libmsi1
+ libnet
+ libnet-devel
+ libnl3-devel
+ libseccomp
+ libseccomp-devel
+ libselinux-devel
+ libtool
+ libvarlink-util
+ lsof
+ make
+ msitools
+ nmap-ncat
+ pandoc
+ podman
+ procps-ng
+ protobuf
+ protobuf-c
+ protobuf-c-devel
+ protobuf-devel
+ protobuf-python
+ python
+ python3-dateutil
+ python3-psutil
+ python3-pytoml
+ selinux-policy-devel
+ skopeo
+ slirp4netns
+ unzip
+ vim
+ which
+ xz
zip
+)
+case "$OS_RELEASE_VER" in
+ 30)
+ INSTALL_PACKAGES+=(\
+ atomic-registries
+ golang-github-cpuguy83-go-md2man
+ python2-future
+ runc
+ )
+ ;;
+ 31)
+ INSTALL_PACKAGES+=(crun)
+ REMOVE_PACKAGES+=(runc)
+ ;;
+ *)
+ bad_os_id_ver ;;
+esac
+$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]}
+[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \
+ $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]}
# Ensure there are no disruptive periodic services enabled by default in image
systemd_banish
-sudo /tmp/libpod/hack/install_catatonit.sh
-
-# Same script is used for several related contexts
-case "$PACKER_BUILDER_NAME" in
- xfedora*)
- echo "Configuring CGroups v2 enabled on next boot"
- sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
- sudo dnf install -y crun
- ;& # continue to next matching item
- *)
- echo "Finalizing $PACKER_BUILDER_NAME VM image"
- ;;
-esac
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
rh_finalize
diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh
index 43cfa7180..78772da09 100644
--- a/contrib/cirrus/packer/image-builder-image_base-setup.sh
+++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh
@@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \
libvirt-client \
libvirt-daemon \
make \
- python34 \
- python34 \
- python34-PyYAML \
- python34-PyYAML \
+ python36 \
+ python36-PyYAML \
qemu-img \
qemu-kvm \
qemu-kvm-tools \
diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml
index bcca440ae..21f3795f1 100644
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@@ -17,14 +17,14 @@ variables:
PRIOR_UBUNTU_BASE_IMAGE:
# Latest Fedora release
- FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
- FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
- FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
+ FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2"
+ FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM"
+ FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9'
# Prior Fedora release
- PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2"
- PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM"
- PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2' # Name to use in GCE
+ PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
+ PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
+ PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
# The name of the image in GCE used for packer build libpod_images.yml
IBI_BASE_NAME: 'image-builder-image'
diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml
index 01a65d867..074a813af 100644
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@@ -51,17 +51,12 @@ builders:
source_image_family: 'prior-ubuntu-base'
- <<: *gce_hosted_image
- name: 'fedora-30'
- source_image: '{{user `FEDORA_BASE_IMAGE`}}'
- source_image_family: 'fedora-base'
-
- - <<: *gce_hosted_image
- name: 'xfedora-30'
+ name: 'fedora-31'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
source_image_family: 'fedora-base'
- <<: *gce_hosted_image
- name: 'fedora-29'
+ name: 'fedora-30'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
source_image_family: 'prior-fedora-base'
diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh
index 118ee062a..7c39a76f8 100644
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@@ -59,6 +59,8 @@ $BIGTO $SUDOAPTGET install \
cri-o-runc \
criu \
curl \
+ conmon \
+ dnsmasq \
e2fslibs-dev \
emacs-nox \
file \
@@ -129,7 +131,7 @@ then
ooe.sh sudo update-grub
fi
-sudo /tmp/libpod/hack/install_catatonit.sh
+ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
ubuntu_finalize
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index edd793bb9..4d4189aa6 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -47,6 +47,19 @@ case "${OS_RELEASE_ID}" in
setsebool container_manage_cgroup true
if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then
bash "$SCRIPT_BASE/add_second_partition.sh"; fi
+
+ if [[ "$OS_RELEASE_VER" == "31" ]]; then
+ warn "Testing with crun instead of runc"
+ X=$(echo "export export OCI_RUNTIME=/usr/bin/crun" | \
+ tee -a /etc/environment) && eval "$X" && echo "$X"
+ warn "Upgrading to the latest crun"
+ # Normally not something to do for stable testing
+ # but crun is new, and late-breaking fixes may be required
+ # on short notice
+ dnf update -y crun
+ warn "Setting SELinux into Permissive mode"
+ setenforce 0
+ fi
;;
centos) # Current VM is an image-builder-image no local podman/testing
echo "No further setup required for VM image building"
@@ -62,9 +75,6 @@ source "$SCRIPT_BASE/lib.sh"
make install.tools
case "$SPECIALMODE" in
- cgroupv2)
- remove_packaged_podman_files # we're building from source
- ;;
none)
[[ -n "$CROSS_PLATFORM" ]] || \
remove_packaged_podman_files