diff options
Diffstat (limited to 'contrib')
| -rw-r--r-- | contrib/cirrus/README.md | 36 | ||||
| -rwxr-xr-x | contrib/cirrus/build_vm_images.sh | 13 | ||||
| -rwxr-xr-x | contrib/cirrus/cache_release_archive.sh | 140 | ||||
| -rwxr-xr-x | contrib/cirrus/integration_test.sh | 73 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 187 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 24 | ||||
| -rw-r--r-- | contrib/cirrus/packer/libpod_images.yml | 18 | ||||
| -rw-r--r-- | contrib/cirrus/packer/ubuntu_setup.sh | 47 | ||||
| -rwxr-xr-x | contrib/cirrus/rootless_test.sh | 2 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 22 | ||||
| l--------- | contrib/cirrus/uncache_release_archives.sh | 1 | ||||
| -rwxr-xr-x | contrib/cirrus/unit_test.sh | 17 |
12 files changed, 346 insertions, 234 deletions
diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 5ff4f290f..18ef3e7f7 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -13,7 +13,6 @@ which alter this behavior. Within each task, each script executes in sequence, so long as any previous script exited successfully. The overall state of each task (pass or fail) is set based on the exit status of the last script to execute. - ### ``gating`` Task ***N/B: Steps below are performed by automation*** @@ -64,6 +63,12 @@ task (pass or fail) is set based on the exit status of the last script to execut but this script normally completes in less than an hour. +### ``special_testing_cross`` Task + +Confirm that cross-compile of podman-remote functions for both `windows` +and `darwin` targets. + + ### ``test_build_cache_images_task`` Task Modifying the contents of cache-images is tested by making changes to @@ -142,8 +147,22 @@ the magic ``***CIRRUS: TEST IMAGES***`` string. Keeping it and `--force` pushing would needlessly cause Cirrus-CI to build and test images again. +### `release` Task + +Gathers up zip files uploaded by other tasks, from the local Cirrus-CI caching service. +Depending on the execution context (a PR or a branch), this task uploads the files +found to storage buckets at: + +* [https://storage.cloud.google.com/libpod-pr-releases](https://storage.cloud.google.com/libpod-pr-releases) +* [https://storage.cloud.google.com/libpod-master-releases](https://storage.cloud.google.com/libpod-master-releases) -### Base-images +***Note:*** Repeated builds from the same PR or branch, will clobber previous archives + *by design*. This is intended so that the "latest" archive is always + available at a consistent URL. The precise details regarding a particular + build is encoded within the zip-archive comment. + + +## Base-images Base-images are VM disk-images specially prepared for executing as GCE VMs. In particular, they run services on startup similar in purpose/function @@ -236,3 +255,16 @@ console output. Simply set the ``TTYDEV`` parameter, for example: $ make libpod_base_images ... TTYDEV=$(tty) ... ``` + +## `$SPECIALMODE` + +Some tasks alter their behavior based on this value. A summary of supported +values follows: + +* `none`: Operate as normal, this is the default value if unspecified. +* `rootless`: Causes a random, ordinary user account to be created + and utilized for testing. +* `in_podman`: Causes testing to occur within a container executed by + podman on the host. +* `windows`: See **darwin** +* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client. diff --git a/contrib/cirrus/build_vm_images.sh b/contrib/cirrus/build_vm_images.sh index 805aba428..f5d53a92e 100755 --- a/contrib/cirrus/build_vm_images.sh +++ b/contrib/cirrus/build_vm_images.sh @@ -3,13 +3,11 @@ set -e source $(dirname $0)/lib.sh -ENV_VARS='CNI_COMMIT CONMON_COMMIT PACKER_BUILDS BUILT_IMAGE_SUFFIX UBUNTU_BASE_IMAGE FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE' +ENV_VARS='PACKER_BUILDS BUILT_IMAGE_SUFFIX UBUNTU_BASE_IMAGE FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE' req_env_var $ENV_VARS # Must also be made available through make, into packer process export $ENV_VARS -show_env_vars - # Everything here is running on the 'image-builder-image' GCE image # Assume basic dependencies are all met, but there could be a newer version # of the packer binary @@ -27,21 +25,12 @@ fi cd "$GOSRC/$PACKER_BASE" -# Separate PR-produced images from those produced on master. -if [[ "${CIRRUS_BRANCH:-}" == "master" ]] -then - POST_MERGE_BUCKET_SUFFIX="-master" -else - POST_MERGE_BUCKET_SUFFIX="" -fi - make libpod_images \ PACKER_BUILDS=$PACKER_BUILDS \ PACKER_VER=$PACKER_VER \ GOSRC=$GOSRC \ SCRIPT_BASE=$SCRIPT_BASE \ PACKER_BASE=$PACKER_BASE \ - POST_MERGE_BUCKET_SUFFIX=$POST_MERGE_BUCKET_SUFFIX \ BUILT_IMAGE_SUFFIX=$BUILT_IMAGE_SUFFIX # When successful, upload manifest of produced images using a filename unique diff --git a/contrib/cirrus/cache_release_archive.sh b/contrib/cirrus/cache_release_archive.sh new file mode 100755 index 000000000..639bc9801 --- /dev/null +++ b/contrib/cirrus/cache_release_archive.sh @@ -0,0 +1,140 @@ +#!/bin/bash + +set -eo pipefail + +source $(dirname $0)/lib.sh + +req_env_var GOSRC + +RELEASE_ARCHIVE_NAMES="" + +handle_archive() { # Assumed to be called with set +e + TASK_NUMBER=$1 + PR_OR_BRANCH=$2 + CACHE_URL=$3 + ARCHIVE_NAME="$(basename $CACHE_URL)" + req_env_var TASK_NUMBER PR_OR_BRANCH CACHE_URL ARCHIVE_NAME + + cd /tmp + curl -sO "$CACHE_URL" || return $(warn 0 "Couldn't download file, skipping.") + [[ -r "/tmp/$ARCHIVE_NAME" ]] || return $(warn 0 "Unreadable archive '/tmp/$ARCHIVE_NAME', skipping.") + + ZIPCOMMENT=$(unzip -qqz "$ARCHIVE_NAME" 2>/dev/null) # noisy bugger + if [[ "$?" -ne "0" ]] || [[ -z "$ZIPCOMMENT" ]] + then + return $(warn 0 "Could not unzip metadata from downloaded '/tmp/$ARCHIVE_NAME', skipping.") + fi + + RELEASE_INFO=$(echo "$ZIPCOMMENT" | grep -m 1 'X-RELEASE-INFO:' | sed -r -e 's/X-RELEASE-INFO:\s*(.+)/\1/') + if [[ "$?" -ne "0" ]] || [[ -z "$RELEASE_INFO" ]] + then + return $(warn 0 "Metadata empty or invalid: '$ZIPCOMMENT', skipping.") + fi + + # e.g. libpod v1.3.1-166-g60df124e fedora 29 amd64 + # or libpod v1.3.1-166-g60df124e amd64 + FIELDS="RELEASE_BASENAME RELEASE_VERSION RELEASE_DIST RELEASE_DIST_VER RELEASE_ARCH" + read $FIELDS <<< $RELEASE_INFO + for f in $FIELDS + do + [[ -n "${!f}" ]] || return $(warn 0 "Expecting $f to be non-empty in metadata: '$RELEASE_INFO', skipping.") + done + + echo -n "Preparing $RELEASE_BASENAME archive: " + # Drop version number to enable "latest" representation + # (version available w/in zip-file comment) + RELEASE_ARCHIVE_NAME="${RELEASE_BASENAME}-${PR_OR_BRANCH}-${RELEASE_DIST}-${RELEASE_DIST_VER}-${RELEASE_ARCH}.zip" + # Allow uploading all gathered files in parallel, later with gsutil. + mv -v "$ARCHIVE_NAME" "/$RELEASE_ARCHIVE_NAME" + RELEASE_ARCHIVE_NAMES="$RELEASE_ARCHIVE_NAMES $RELEASE_ARCHIVE_NAME" +} + +make_release() { + ARCHIVE_NAME="$1" + req_env_var ARCHIVE_NAME + + # There's no actual testing of windows/darwin targets yet + # but we still want to cross-compile and publish binaries + if [[ "$SPECIALMODE" == "windows" ]] || [[ "$SPECIALMODE" == "darwin" ]] + then + RELFILE="podman-remote-${SPECIALMODE}.zip" + elif [[ "$SPECIALMODE" == "none" ]] + then + RELFILE="podman.zip" + else + die 55 "$(basename $0) unable to handle \$SPECIALMODE=$SPECIALMODE for $ARCHIVE_NAME" + fi + echo "Calling make $RELFILE" + cd $GOSRC + make "$RELFILE" + echo "Renaming archive so it can be identified/downloaded for publishing" + mv -v "$RELFILE" "$ARCHIVE_NAME" + echo "Success!" +} + +[[ "$CI" == "true" ]] || \ + die 56 "$0 requires a Cirrus-CI cross-task cache to function" + +cd $GOSRC +# Same script re-used for both uploading and downloading to avoid duplication +if [[ "$(basename $0)" == "cache_release_archive.sh" ]] +then + # ref: https://cirrus-ci.org/guide/writing-tasks/#environment-variables + req_env_var CI_NODE_INDEX CIRRUS_BUILD_ID + # Use unique names for uncache_release_archives.sh to find/download them all + ARCHIVE_NAME="build-${CIRRUS_BUILD_ID}-task-${CI_NODE_INDEX}.zip" + make_release "$ARCHIVE_NAME" + + # ref: https://cirrus-ci.org/guide/writing-tasks/#http-cache + URL="http://$CIRRUS_HTTP_CACHE_HOST/${ARCHIVE_NAME}" + echo "Uploading $ARCHIVE_NAME to Cirrus-CI cache at $URL" + curl -s -X POST --data-binary "@$ARCHIVE_NAME" "$URL" +elif [[ "$(basename $0)" == "uncache_release_archives.sh" ]] +then + req_env_var CIRRUS_BUILD_ID CI_NODE_TOTAL GCPJSON GCPNAME GCPROJECT + [[ "${CI_NODE_INDEX}" -eq "$[CI_NODE_TOTAL-1]" ]] || \ + die 8 "The release task must be executed last to guarantee archive cache is complete" + + if [[ -n "$CIRRUS_PR" ]] + then + PR_OR_BRANCH="pr$CIRRUS_PR" + BUCKET="libpod-pr-releases" + elif [[ -n "$CIRRUS_BRANCH" ]] + then + PR_OR_BRANCH="$CIRRUS_BRANCH" + BUCKET="libpod-$CIRRUS_BRANCH-releases" + else + die 10 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty." + fi + + echo "Blindly downloading Cirrus-CI cache files for task (some will fail)." + set +e # Don't stop looping until all task's cache is attempted + for (( task_number = 0 ; task_number < $CI_NODE_TOTAL ; task_number++ )) + do + ARCHIVE_NAME="build-${CIRRUS_BUILD_ID}-task-${task_number}.zip" + URL="http://$CIRRUS_HTTP_CACHE_HOST/${ARCHIVE_NAME}" + echo "Attempting to download cached archive from $URL" + handle_archive "$task_number" "$PR_OR_BRANCH" "$URL" + echo "----------------------------------------" + done + set -e + + [[ -n "$RELEASE_ARCHIVE_NAMES" ]] || \ + die 67 "Error: No release archives found in CI cache, expecting at least one." + + echo "Preparing to upload release archives." + gcloud config set project "$GCPROJECT" + echo "$GCPJSON" > /tmp/gcp.json + gcloud auth activate-service-account --key-file=/tmp/gcp.json + rm /tmp/gcp.json + # handle_archive() placed all uploadable files under / + gsutil -m cp /*.zip "gs://$BUCKET" # Upload in parallel + echo "Successfully uploaded archives:" + for ARCHIVE_NAME in $RELEASE_ARCHIVE_NAMES + do + echo " https://storage.cloud.google.com/$BUCKET/$ARCHIVE_NAME" + done + echo "These will remain available until automatic pruning by bucket policy." +else + die 9 "I don't know what to do when called $0" +fi diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index b163834d5..cfaf33b85 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -1,6 +1,7 @@ #!/bin/bash set -e + source $(dirname $0)/lib.sh req_env_var GOSRC SCRIPT_BASE OS_RELEASE_ID OS_RELEASE_VER CONTAINER_RUNTIME @@ -15,39 +16,41 @@ fi cd "$GOSRC" -if [[ "$SPECIALMODE" == "in_podman" ]] -then - ${CONTAINER_RUNTIME} run --rm --privileged --net=host \ - -v $GOSRC:$GOSRC:Z \ - --workdir $GOSRC \ - -e "CGROUP_MANAGER=cgroupfs" \ - -e "STORAGE_OPTIONS=--storage-driver=vfs" \ - -e "CRIO_ROOT=$GOSRC" \ - -e "PODMAN_BINARY=/usr/bin/podman" \ - -e "CONMON_BINARY=/usr/libexec/podman/conmon" \ - -e "DIST=$OS_RELEASE_ID" \ - -e "CONTAINER_RUNTIME=$CONTAINER_RUNTIME" \ - $IN_PODMAN_IMAGE bash $GOSRC/$SCRIPT_BASE/container_test.sh -b -i -t -elif [[ "$SPECIALMODE" == "rootless" ]] -then - req_env_var ROOTLESS_USER - - if [[ "$USER" == "$ROOTLESS_USER" ]] - then - $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} - else +case "$SPECIALMODE" in + in_podman) + ${CONTAINER_RUNTIME} run --rm --privileged --net=host \ + -v $GOSRC:$GOSRC:Z \ + --workdir $GOSRC \ + -e "CGROUP_MANAGER=cgroupfs" \ + -e "STORAGE_OPTIONS=--storage-driver=vfs" \ + -e "CRIO_ROOT=$GOSRC" \ + -e "PODMAN_BINARY=/usr/bin/podman" \ + -e "CONMON_BINARY=/usr/libexec/podman/conmon" \ + -e "DIST=$OS_RELEASE_ID" \ + -e "CONTAINER_RUNTIME=$CONTAINER_RUNTIME" \ + $IN_PODMAN_IMAGE bash $GOSRC/$SCRIPT_BASE/container_test.sh -b -i -t + ;; + rootless) + req_env_var ROOTLESS_USER ssh $ROOTLESS_USER@localhost \ - -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no \ - $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} - fi -else - make - make install PREFIX=/usr ETCDIR=/etc - make test-binaries - if [[ "$TEST_REMOTE_CLIENT" == "true" ]] - then - make remote${TESTSUITE} - else - make local${TESTSUITE} - fi -fi + -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ + -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} + ;; + none) + make + make install PREFIX=/usr ETCDIR=/etc + make test-binaries + if [[ "$TEST_REMOTE_CLIENT" == "true" ]] + then + make remote${TESTSUITE} + else + make local${TESTSUITE} + fi + ;; + windows) ;& # for podman-remote building only + darwin) + warn '' "No $SPECIALMODE remote client integration tests configured" + ;; + *) + die 110 "Unsupported \$SPECIAL_MODE: $SPECIALMODE" +esac diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 36751fbd7..ea0f9e326 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -18,9 +18,8 @@ if type -P go &> /dev/null then # required for go 1.12+ export GOCACHE="${GOCACHE:-$HOME/.cache/go-build}" - eval "$(go env)" - # required by make and other tools - export $(go env | cut -d '=' -f 1) + # called processes like `make` and other tools need these vars. + eval "export $(go env)" # Ensure compiled tooling is reachable export PATH="$PATH:$GOPATH/bin" @@ -55,16 +54,24 @@ PACKER_VER="1.3.5" # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # Base-images rarely change, define them here so they're out of the way. -PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}" +export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}" # Google-maintained base-image names -UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a" +export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849" -PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849" -BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" +export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849" +export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849" +export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest" +# Avoid getting stuck waiting for user input +export DEBIAN_FRONTEND="noninteractive" +SUDOAPTGET="ooe.sh sudo -E apt-get -qq --yes" +SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes" +# Short-cuts for retrying/timeout calls +LILTO="timeout_attempt_delay_command 24s 5 30s" +BIGTO="timeout_attempt_delay_command 300s 5 30s" + # Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separetly) ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)' # Unsafe env. vars for display @@ -148,9 +155,6 @@ show_env_vars() { # Supports older BASH versions printf " ${_env_var_name}=%q\n" "$(printenv $_env_var_name)" done - echo "" - echo "##### $(go version) #####" - echo "" } die() { @@ -160,6 +164,11 @@ die() { exit ${1:-1} } +warn() { + echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr + echo ${1:-1} > /dev/stdout +} + bad_os_id_ver() { echo "Unknown/Unsupported distro. $OS_RELEASE_ID and/or version $OS_RELEASE_VER for $(basename $0)" exit 42 @@ -169,6 +178,35 @@ stub() { echo "STUB: Pretending to do $1" } +timeout_attempt_delay_command() { + TIMEOUT=$1 + ATTEMPTS=$2 + DELAY=$3 + shift 3 + STDOUTERR=$(mktemp -p '' $(basename $0)_XXXXX) + req_env_var ATTEMPTS DELAY + echo "Retrying $ATTEMPTS times with a $DELAY delay, and $TIMEOUT timeout for command: $@" + for (( COUNT=1 ; COUNT <= $ATTEMPTS ; COUNT++ )) + do + echo "##### (attempt #$COUNT)" &>> "$STDOUTERR" + if timeout --foreground $TIMEOUT "$@" &>> "$STDOUTERR" + then + echo "##### (success after #$COUNT attempts)" &>> "$STDOUTERR" + break + else + echo "##### (failed with exit: $?)" &>> "$STDOUTERR" + sleep $DELAY + fi + done + cat "$STDOUTERR" + rm -f "$STDOUTERR" + if (( COUNT > $ATTEMPTS )) + then + echo "##### (exceeded $ATTEMPTS attempts)" + exit 125 + fi +} + ircmsg() { req_env_var CIRRUS_TASK_ID IRCID [[ -n "$*" ]] || die 9 "ircmsg() invoked without message text argument" @@ -183,7 +221,7 @@ ircmsg() { } setup_rootless() { - req_env_var ROOTLESS_USER GOSRC + req_env_var ROOTLESS_USER GOSRC SECRET_ENV_RE ROOTLESS_ENV_RE # Only do this once if passwd --status $ROOTLESS_USER @@ -257,7 +295,7 @@ setup_rootless() { install_ooe() { req_env_var SCRIPT_BASE echo "Installing script to mask stdout/stderr unless non-zero exit." - sudo install -D -m 755 "/tmp/libpod/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh + sudo install -D -m 755 "$GOSRC/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh } # Grab a newer version of git from software collections @@ -274,110 +312,34 @@ EOF sudo chmod 755 /usr/bin/git } -install_cni_plugins() { - echo "Installing CNI Plugins from commit $CNI_COMMIT" - req_env_var GOPATH CNI_COMMIT - DEST="$GOPATH/src/github.com/containernetworking/plugins" - rm -rf "$DEST" - ooe.sh git clone "https://github.com/containernetworking/plugins.git" "$DEST" - cd "$DEST" - ooe.sh git checkout -q "$CNI_COMMIT" - ooe.sh ./build.sh - sudo mkdir -p /usr/libexec/cni - sudo cp bin/* /usr/libexec/cni +install_test_configs(){ + echo "Installing cni config, policy and registry config" + req_env_var GOSRC + sudo install -D -m 755 $GOSRC/cni/87-podman-bridge.conflist \ + /etc/cni/net.d/87-podman-bridge.conflist + sudo install -D -m 755 $GOSRC/test/policy.json \ + /etc/containers/policy.json + sudo install -D -m 755 $GOSRC/test/registries.conf \ + /etc/containers/registries.conf } -install_runc_from_git(){ - req_env_var GOPATH OS_RELEASE_ID RUNC_COMMIT - wd=$(pwd) - DEST="$GOPATH/src/github.com/opencontainers/runc" - rm -rf "$DEST" - ooe.sh git clone https://github.com/opencontainers/runc.git "$DEST" - cd "$DEST" - ooe.sh git fetch origin --tags - ooe.sh git checkout -q "$RUNC_COMMIT" - if [[ "${OS_RELEASE_ID}" == "ubuntu" ]] +remove_packaged_podman_files(){ + show_and_store_warning "Removing packaged podman files to prevent conflicts with source build and testing." + req_env_var OS_RELEASE_ID + if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]] then - ooe.sh make static BUILDTAGS="seccomp apparmor" + LISTING_CMD="sudo -E dpkg-query -L podman" else - ooe.sh make BUILDTAGS="seccomp selinux" + LISTING_CMD='sudo rpm -ql podman' fi - sudo install -m 755 runc /usr/bin/runc - cd $wd -} -install_runc(){ - echo "Installing RunC from commit $RUNC_COMMIT" - echo "Platform is $OS_RELEASE_ID" - req_env_var GOPATH RUNC_COMMIT OS_RELEASE_ID - if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]; then - echo "Running make install.libseccomp.sudo for ubuntu" - if ! [[ -d "/tmp/libpod" ]] - then - echo "Expecting a copy of libpod repository in /tmp/libpod" - exit 5 - fi - mkdir -p "$GOPATH/src/github.com/containers/" - # Symlinks don't work with Go - cp -a /tmp/libpod "$GOPATH/src/github.com/containers/" - cd "$GOPATH/src/github.com/containers/libpod" - ooe.sh sudo make install.libseccomp.sudo - fi - install_runc_from_git -} - -install_buildah() { - echo "Installing buildah from latest upstream master" - req_env_var GOPATH - DEST="$GOPATH/src/github.com/containers/buildah" - rm -rf "$DEST" - ooe.sh git clone https://github.com/containers/buildah "$DEST" - cd "$DEST" - ooe.sh make - ooe.sh sudo make install -} - -# Requires $GOPATH and $CONMON_COMMIT to be set -install_conmon(){ - echo "Installing conmon from commit $CONMON_COMMIT" - req_env_var GOPATH CONMON_COMMIT - DEST="$GOPATH/src/github.com/containers/conmon.git" - rm -rf "$DEST" - ooe.sh git clone https://github.com/containers/conmon.git "$DEST" - cd "$DEST" - ooe.sh git fetch origin --tags - ooe.sh git checkout -q "$CONMON_COMMIT" - ooe.sh make - sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon -} - -install_criu(){ - echo "Installing CRIU" - echo "Installing CRIU from commit $CRIU_COMMIT" - echo "Platform is $OS_RELEASE_ID" - req_env_var CRIU_COMMIT - - if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]; then - ooe.sh sudo -E add-apt-repository -y ppa:criu/ppa - ooe.sh sudo -E apt-get -qq -y update - ooe.sh sudo -E apt-get -qq -y install criu - elif [[ "$OS_RELEASE_ID" =~ "fedora" ]]; then - echo "Using CRIU from distribution" - else - DEST="/tmp/criu" - rm -rf "$DEST" - ooe.sh git clone https://github.com/checkpoint-restore/criu.git "$DEST" - cd $DEST - ooe.sh git fetch origin --tags - ooe.sh git checkout -q "$CRIU_COMMIT" - ooe.sh make - sudo install -D -m 755 criu/criu /usr/sbin/ - fi -} - -install_varlink() { - echo "Installing varlink from the cheese-factory" - ooe.sh sudo -H pip3 install varlink + # yum/dnf/dpkg may list system directories, only remove files + $LISTING_CMD | while read fullpath + do + # TODO: This can go away when conmon gets it's own package + if [[ -d "$fullpath" ]] || [[ $(basename "$fullpath") == "conmon" ]] ; then continue; fi + ooe.sh sudo rm -vf "$fullpath" + done } _finalize(){ @@ -390,7 +352,7 @@ _finalize(){ sudo rm -rf /home/* sudo rm -rf /tmp/* sudo rm -rf /tmp/.??* - sync + sudo sync sudo fstrim -av } @@ -413,6 +375,7 @@ rh_finalize(){ ubuntu_finalize(){ set +e # Don't fail at the very end echo "Resetting to fresh-state for usage as cloud-image." + $LILTO $SUDOAPTGET autoremove sudo rm -rf /var/cache/apt _finalize } diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 4388dc992..eb95db907 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -8,7 +8,7 @@ set -e # Load in library (copied by packer, before this script was run) source /tmp/libpod/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE FEDORA_CNI_COMMIT CNI_COMMIT CONMON_COMMIT CRIU_COMMIT +req_env_var SCRIPT_BASE install_ooe @@ -17,11 +17,16 @@ trap "sudo rm -rf $GOPATH" EXIT ooe.sh sudo dnf update -y +echo "Installing general build/test dependencies" ooe.sh sudo dnf install -y \ atomic-registries \ bats \ + bridge-utils \ btrfs-progs-devel \ bzip2 \ + container-selinux \ + containernetworking-plugins \ + containers-common \ criu \ device-mapper-devel \ emacs-nox \ @@ -32,22 +37,24 @@ ooe.sh sudo dnf install -y \ gnupg \ golang \ golang-github-cpuguy83-go-md2man \ - golang-github-cpuguy83-go-md2man \ gpgme-devel \ - iptables \ iproute \ + iptables \ jq \ libassuan-devel \ libcap-devel \ libnet \ libnet-devel \ libnl3-devel \ + libseccomp \ libseccomp-devel \ libselinux-devel \ lsof \ make \ nmap-ncat \ + ostree \ ostree-devel \ + podman \ procps-ng \ protobuf \ protobuf-c \ @@ -61,7 +68,7 @@ ooe.sh sudo dnf install -y \ python3-psutil \ python3-pytoml \ runc \ - skopeo-containers \ + selinux-policy-devel \ slirp4netns \ unzip \ vim \ @@ -69,15 +76,8 @@ ooe.sh sudo dnf install -y \ xz \ zip -install_varlink - -install_conmon - -CNI_COMMIT=$FEDORA_CNI_COMMIT -install_cni_plugins - sudo /tmp/libpod/hack/install_catatonit.sh -rh_finalize # N/B: Halts system! +rh_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index c25da25ac..91ed3b474 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -7,13 +7,6 @@ variables: FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}' PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}' - # libpod dependencies to build and install into images - FEDORA_CNI_COMMIT: "{{env `FEDORA_CNI_COMMIT`}}" - CNI_COMMIT: "{{env `CNI_COMMIT`}}" - CONMON_COMMIT: "{{env `CONMON_COMMIT`}}" - CRIU_COMMIT: "{{env `CRIU_COMMIT`}}" - RUNC_COMMIT: "{{env `RUNC_COMMIT`}}" - BUILT_IMAGE_SUFFIX: '{{env `BUILT_IMAGE_SUFFIX`}}' GOSRC: '{{env `GOSRC`}}' PACKER_BASE: '{{env `PACKER_BASE`}}' @@ -25,10 +18,6 @@ variables: SERVICE_ACCOUNT: '{{env `SERVICE_ACCOUNT`}}' GOOGLE_APPLICATION_CREDENTIALS: '{{env `GOOGLE_APPLICATION_CREDENTIALS`}}' - # Used to separate images produced during PR testing from those - # produced from post-merge testing. Must be empty for PR testing. - POST_MERGE_BUCKET_SUFFIX: '' - # Don't leak sensitive values in error messages / output sensitive-variables: - 'GCE_SSH_USERNAME' @@ -72,12 +61,7 @@ provisioners: script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh' environment_vars: - 'GOSRC=/tmp/libpod' - - 'CNI_COMMIT={{user `CNI_COMMIT`}}' - - 'FEDORA_CNI_COMMIT={{user `FEDORA_CNI_COMMIT`}}' - - 'CONMON_COMMIT={{user `CONMON_COMMIT`}}' - - 'CRIU_COMMIT={{user `CRIU_COMMIT`}}' - - 'RUNC_COMMIT={{user `RUNC_COMMIT`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' post-processors: - - - type: 'manifest' # writes packer-manifest.json + - type: 'manifest' # writes packer-manifest.json diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index f183932c1..6209f2f89 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -6,31 +6,28 @@ set -e # Load in library (copied by packer, before this script was run) -source /tmp/libpod/$SCRIPT_BASE/lib.sh +source $GOSRC/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE CNI_COMMIT CONMON_COMMIT CRIU_COMMIT +req_env_var SCRIPT_BASE install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT -# Avoid getting stuck waiting for user input -export DEBIAN_FRONTEND=noninteractive +echo "Updating/configuring package repositories." +$LILTO $SUDOAPTGET update +$LILTO $SUDOAPTGET install software-properties-common +$LILTO $SUDOAPTADD ppa:longsleep/golang-backports +$LILTO $SUDOAPTADD ppa:projectatomic/ppa +$LILTO $SUDOAPTADD ppa:criu/ppa -# Try twice as workaround for minor networking problems -echo "Updating system and installing package dependencies" -ooe.sh sudo -E apt-get -qq update || sudo -E apt-get -qq update -ooe.sh sudo -E apt-get -qq upgrade || sudo -E apt-get -qq upgrade -ooe.sh sudo -E apt-get -qq install software-properties-common +echo "Upgrading all packages" +$LILTO $SUDOAPTGET update +$BIGTO $SUDOAPTGET upgrade -# Required to have Go 1.11 on Ubuntu 18.0.4 -ooe.sh sudo -E add-apt-repository --yes ppa:longsleep/golang-backports -ooe.sh sudo -E add-apt-repository --yes ppa:projectatomic/ppa -ooe.sh sudo -E add-apt-repository --yes ppa:criu/ppa -ooe.sh sudo -E apt-get -qq update || sudo -E apt-get -qq update - -ooe.sh sudo -E apt-get -qq install \ +echo "Installing general testing and system dependencies" +$BIGTO $SUDOAPTGET install \ apparmor \ autoconf \ automake \ @@ -38,6 +35,8 @@ ooe.sh sudo -E apt-get -qq install \ bison \ btrfs-tools \ build-essential \ + containernetworking-plugins \ + containers-common \ cri-o-runc \ criu \ curl \ @@ -73,6 +72,7 @@ ooe.sh sudo -E apt-get -qq install \ lsof \ netcat \ pkg-config \ + podman \ protobuf-c-compiler \ protobuf-compiler \ python-future \ @@ -83,29 +83,22 @@ ooe.sh sudo -E apt-get -qq install \ python3-psutil \ python3-pytoml \ python3-setuptools \ + slirp4netns \ + skopeo \ socat \ unzip \ vim \ xz-utils \ zip -echo "Fixing Ubuntu kernel not enabling swap accounting by default" +echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting." SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g' ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/* ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub ooe.sh sudo update-grub -install_conmon - -install_cni_plugins - sudo /tmp/libpod/hack/install_catatonit.sh - -install_varlink - -sudo mkdir -p /etc/containers -sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora\ - -o /etc/containers/registries.conf +ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo ubuntu_finalize diff --git a/contrib/cirrus/rootless_test.sh b/contrib/cirrus/rootless_test.sh index b5744671b..3f45aac84 100755 --- a/contrib/cirrus/rootless_test.sh +++ b/contrib/cirrus/rootless_test.sh @@ -5,7 +5,7 @@ set -e remote=0 # The TEST_REMOTE_CLIENT environment variable decides whether -# to test varlinke +# to test varlink if [[ "$TEST_REMOTE_CLIENT" == "true" ]]; then remote=1 fi diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 8fdcf5897..f312e593a 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -6,14 +6,15 @@ source $(dirname $0)/lib.sh req_env_var USER HOME GOSRC SCRIPT_BASE SETUP_MARKER_FILEPATH +show_env_vars + # Ensure this script only executes successfully once and always logs ending timestamp [[ ! -e "$SETUP_MARKER_FILEPATH" ]] || exit 0 exithandler() { RET=$? - set +e - show_env_vars + echo "." echo "$(basename $0) exit status: $RET" - [[ "$RET" -eq "0" ]] && date +%s >> "SETUP_MARKER_FILEPATH" + [[ "$RET" -eq "0" ]] && date +%s >> "$SETUP_MARKER_FILEPATH" } trap exithandler EXIT @@ -31,6 +32,7 @@ done # Anything externally dependent, should be made fixed-in-time by adding to # contrib/cirrus/packer/*_setup.sh to be incorporated into VM cache-images # (see docs). +cd "${GOSRC}/" case "${OS_REL_VER}" in ubuntu-18) ;; fedora-30) ;; @@ -42,20 +44,10 @@ case "${OS_REL_VER}" in *) bad_os_id_ver ;; esac -cd "${GOSRC}/" # Reload to incorporate any changes from above source "$SCRIPT_BASE/lib.sh" -echo "Installing cni config, policy and registry config" -req_env_var GOSRC -sudo install -D -m 755 $GOSRC/cni/87-podman-bridge.conflist \ - /etc/cni/net.d/87-podman-bridge.conflist -sudo install -D -m 755 $GOSRC/test/policy.json \ - /etc/containers/policy.json -sudo install -D -m 755 $GOSRC/test/registries.conf \ - /etc/containers/registries.conf -# cri-o if installed will mess with testing in non-obvious ways -rm -f /etc/cni/net.d/*cri* +install_test_configs make install.tools @@ -78,6 +70,8 @@ case "$SPECIALMODE" in dnf install -y podman $SCRIPT_BASE/setup_container_environment.sh ;; + windows) ;& # for podman-remote building only + darwin) ;; *) die 111 "Unsupported \$SPECIAL_MODE: $SPECIALMODE" esac diff --git a/contrib/cirrus/uncache_release_archives.sh b/contrib/cirrus/uncache_release_archives.sh new file mode 120000 index 000000000..e9fc6edff --- /dev/null +++ b/contrib/cirrus/uncache_release_archives.sh @@ -0,0 +1 @@ +cache_release_archive.sh
\ No newline at end of file diff --git a/contrib/cirrus/unit_test.sh b/contrib/cirrus/unit_test.sh index 202663fb7..004839f17 100755 --- a/contrib/cirrus/unit_test.sh +++ b/contrib/cirrus/unit_test.sh @@ -1,12 +1,25 @@ #!/bin/bash set -e + source $(dirname $0)/lib.sh req_env_var GOSRC -set -x cd "$GOSRC" make install.tools make localunit -make + +case "$SPECIALMODE" in + in_podman) ;& + rootless) ;& + none) + make + ;; + windows) ;& + darwin) + make podman-remote-$SPECIALMODE + ;; + *) + die 109 "Unsupported \$SPECIAL_MODE: $SPECIALMODE" +esac |