diff options
Diffstat (limited to 'contrib')
33 files changed, 964 insertions, 406 deletions
diff --git a/contrib/build_rpm.sh b/contrib/build_rpm.sh index b162a9c88..de6941199 100755 --- a/contrib/build_rpm.sh +++ b/contrib/build_rpm.sh @@ -46,10 +46,15 @@ if [[ $pkg_manager == *dnf ]]; then ) fi -# btrfs-progs-devel is not available in CentOS/RHEL-8 -if ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ); then +# Package name on fedora 30 is golang-github-cpuguy83-go-md2man +if (grep -i 'Fedora' /etc/redhat-release | grep " 30" ) ; then PKGS+=(golang-github-cpuguy83-go-md2man \ btrfs-progs-devel \ + ) +# btrfs-progs-devel is not available in CentOS/RHEL-8 +elif ! (grep -i 'Red Hat\|CentOS' /etc/redhat-release | grep " 8" ) ; then + PKGS+=(golang-github-cpuguy83-md2man \ + btrfs-progs-devel \ ) fi diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 49f713a8f..3789965d6 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -216,10 +216,10 @@ the ``cache_images`` Task) some input parameters are required: to limit the base-images produced. For example, ``PACKER_BUILDS=fedora,image-builder-image``. -If there is an existing 'image-builder-image' within GCE, it may be utilized -to produce base-images (in addition to cache-images). However it must be -created with support for nested-virtualization, and with elevated cloud -privileges (to access GCE, from within the GCE VM). For example: +If there is no existing 'image-builder-image' within GCE, a new +one may be bootstrapped by creating a CentOS 7 VM with support for +nested-virtualization, and with elevated cloud privileges (to access +GCE, from within the GCE VM). For example: ``` $ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID @@ -229,34 +229,33 @@ $ URL=https://www.googleapis.com/auth $ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control # The --min-cpu-platform is critical for nested-virt. -$ pgcloud compute instances create $USER-making-images \ - --image-family image-builder-image \ +$ pgcloud compute instances create $USER-image-builder \ + --image-family centos-7 \ --boot-disk-size "200GB" \ --min-cpu-platform "Intel Haswell" \ --machine-type n1-standard-2 \ --scopes $SCOPES ``` -Alternatively, if there is no image-builder-image available yet, a bare-metal -CentOS 7 machine with network access to GCE is required. Software dependencies -can be obtained from the ``packer/image-builder-image_base_setup.sh`` script. +Then from that VM, execute the +``contrib/cirrus/packer/image-builder-image_base_setup.sh`` script. +Shutdown the VM, and convert it into a new image-builder-image. -In both cases, the following can be used to setup and build base-images. +Building new base images is done by first creating a VM from an +image-builder-image and copying the credentials json file to it. ``` -$ IP_ADDRESS=1.2.3.4 # EXTERNAL_IP from command output above -$ rsync -av $PWD centos@$IP_ADDRESS:. -$ scp $GOOGLE_APPLICATION_CREDENTIALS centos@$IP_ADDRESS:. -$ ssh centos@$IP_ADDRESS -... +$ hack/get_ci_vm.sh image-builder-image-1541772081 +...in another terminal... +$ pgcloud compute scp /path/to/gac.json $USER-image-builder-image-1541772081:. ``` -When ready, change to the ``packer`` sub-directory, and build the images: +Then, on the VM, change to the ``packer`` sub-directory, and build the images: ``` $ cd libpod/contrib/cirrus/packer $ make libpod_base_images GCP_PROJECT_ID=<VALUE> \ - GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \ + GOOGLE_APPLICATION_CREDENTIALS=/path/to/gac.json \ PACKER_BUILDS=<OPTIONAL> ``` @@ -283,7 +282,5 @@ values follows: * `rootless`: Causes a random, ordinary user account to be created and utilized for testing. * `in_podman`: Causes testing to occur within a container executed by - Podman on the host. -* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups * `windows`: See **darwin** * `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client. diff --git a/contrib/cirrus/apiv2_test.sh b/contrib/cirrus/apiv2_test.sh new file mode 120000 index 000000000..cbc481d6b --- /dev/null +++ b/contrib/cirrus/apiv2_test.sh @@ -0,0 +1 @@ +integration_test.sh
\ No newline at end of file diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index e8f6c50d9..6341bcb4a 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -36,22 +36,17 @@ case "$SPECIALMODE" in -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} ;; - cgroupv2) - setenforce 0 - dnf install -y crun - export OCI_RUNTIME=/usr/bin/crun - make - make install PREFIX=/usr ETCDIR=/etc - make install.config PREFIX=/usr - make test-binaries - make local${TESTSUITE} - ;; endpoint) make make install PREFIX=/usr ETCDIR=/etc make test-binaries make endpoint ;; + bindings) + make + make install PREFIX=/usr ETCDIR=/etc + cd pkg/bindings/test && ginkgo -trace -noColor -debug -r + ;; none) make make install PREFIX=/usr ETCDIR=/etc diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 1e237085f..2031432b9 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -7,10 +7,10 @@ source /etc/environment # not always loaded under all circumstances # Under some contexts these values are not set, make sure they are. -USER="$(whoami)" -HOME="$(getent passwd $USER | cut -d : -f 6)" -[[ -n "$UID" ]] || UID=$(getent passwd $USER | cut -d : -f 3) -GID=$(getent passwd $USER | cut -d : -f 4) +export USER="$(whoami)" +export HOME="$(getent passwd $USER | cut -d : -f 6)" +[[ -n "$UID" ]] || export UID=$(getent passwd $USER | cut -d : -f 3) +export GID=$(getent passwd $USER | cut -d : -f 4) # Essential default paths, many are overridden when executing under Cirrus-CI export GOPATH="${GOPATH:-/var/tmp/go}" @@ -34,6 +34,7 @@ PACKER_BASE=${PACKER_BASE:-./contrib/cirrus/packer} # Important filepaths SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_complete}" AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv" +BUILDAH_PACKAGES_FILEPATH="./contrib/cirrus/packages.sh" # in buildah repo. # Log remote-client system test varlink output here export VARLINK_LOG=/var/tmp/varlink.log @@ -59,18 +60,18 @@ PACKER_VER="1.4.2" # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # Base-images rarely change, define them here so they're out of the way. -export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}" -# Google-maintained base-image names -export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724" -export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a" +export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}" # Manually produced base-image names (see $SCRIPT_BASE/README.md) -export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" -export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245" +export UBUNTU_BASE_IMAGE="ubuntu-1910-eoan-v20200211" +export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20200218" +# Manually produced base-image names (see $SCRIPT_BASE/README.md) +export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410" +export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image -IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest" +IN_PODMAN_IMAGE="quay.io/libpod/in_podman:$DEST_BRANCH" # Image for uploading releases -UPLDREL_IMAGE="quay.io/libpod/upldrel:latest" +UPLDREL_IMAGE="quay.io/libpod/upldrel:master" # Avoid getting stuck waiting for user input export DEBIAN_FRONTEND="noninteractive" @@ -79,8 +80,8 @@ SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes" # Regex that finds enabled periodic apt configuration items PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;' # Short-cuts for retrying/timeout calls -LILTO="timeout_attempt_delay_command 24s 5 30s" -BIGTO="timeout_attempt_delay_command 300s 5 30s" +LILTO="timeout_attempt_delay_command 120s 5 30s" +BIGTO="timeout_attempt_delay_command 300s 5 60s" # Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately) ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)' @@ -88,6 +89,7 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)' SPECIALMODE="${SPECIALMODE:-none}" +MOD_LIBPOD_CONF="${MOD_LIBPOD_CONF:false}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -105,6 +107,8 @@ OS_RELEASE_ID="$(source /etc/os-release; echo $ID)" OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | cut -d '.' -f 1)" # Combined to ease soe usage OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" +# Type of filesystem used for cgroups +CG_FS_TYPE="$(stat -f -c %T /sys/fs/cgroup)" # Installed into cache-images, supports overrides # by user-data in case of breakage or for debugging. @@ -178,8 +182,7 @@ die() { } warn() { - echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr - echo ${1:-1} > /dev/stdout + echo ">>>>> ${1:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr } bad_os_id_ver() { @@ -446,6 +449,26 @@ systemd_banish() { $GOSRC/$PACKER_BASE/systemd_banish.sh } +install_buildah_packages() { + git clone https://github.com/containers/buildah.git /tmp/buildah + if [[ -r "$BUILDAH_PACKAGES_FILEPATH" ]]; then + source "$BUILDAH_PACKAGES_FILEPATH" + req_env_var UBUNTU_BUILDAH_PACKAGES FEDORA_BUILDAH_PACKAGES OS_RELEASE_ID + case "$OS_RELEASE_ID" in + fedora) + $BIGTO ooe.sh sudo dnf install -y ${FEDORA_BUILDAH_PACKAGES[@]} + ;; + ubuntu) + $LILTO $SUDOAPTGET update + $BIGTO $SUDOAPTGET install ${UBUNTU_BUILDAH_PACKAGES[@]} + ;; + *) bad_os_id_ver ;; + esac + else + warn "Could not find $BUILDAH_PACKAGES_FILEPATH in buildah repository root." + fi +} + _finalize() { set +e # Don't fail at the very end if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]] @@ -456,7 +479,6 @@ _finalize() { echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS" fi echo "Re-initializing so next boot does 'first-boot' setup again." - sudo history -c cd / sudo rm -rf /var/lib/cloud/instanc* sudo rm -rf /root/.ssh/* diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 17f5eb099..0b179591a 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -32,6 +32,7 @@ case $1 in df) showrun df -lhTx tmpfs ;; ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;; journal) showrun journalctl -b ;; + podman) showrun ./bin/podman system info ;; varlink) if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then @@ -55,21 +56,27 @@ case $1 in ) case $OS_RELEASE_ID in fedora*) + cat /etc/fedora-release PKG_LST_CMD='rpm -q --qf=%{N}-%{V}-%{R}-%{ARCH}\n' PKG_NAMES+=(\ container-selinux \ crun \ + libseccomp \ runc \ ) ;; ubuntu*) + cat /etc/issue PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n' PKG_NAMES+=(\ cri-o-runc \ + libseccomp2 \ ) ;; *) bad_os_id_ver ;; esac + echo "Kernel: " $(uname -r) + echo "Cgroups: " $(stat -f -c %T /sys/fs/cgroup) # Any not-present packages will be listed as such $PKG_LST_CMD ${PKG_NAMES[@]} | sort -u ;; diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter new file mode 100755 index 000000000..6a86f6a49 --- /dev/null +++ b/contrib/cirrus/logformatter @@ -0,0 +1,441 @@ +#!/usr/bin/perl +# +# logformatter - highlight a Cirrus test log (ginkgo or bats) +# +# Adapted from https://raw.githubusercontent.com/edsantiago/greasemonkey/podman-ginkgo-highlight +# +package LibPod::CI::LogFormatter; + +use v5.14; +use utf8; + +# Grumble. CI system doesn't have 'open' +binmode STDIN, ':utf8'; +binmode STDOUT, ':utf8'; + +use strict; +use warnings; + +(our $ME = $0) =~ s|.*/||; + +our $VERSION = '0.1'; + +# For debugging, show data structures using DumpTree($var) +#use Data::TreeDumper; $Data::TreeDumper::Displayaddress = 0; + +############################################################################### +# BEGIN user-customizable section + +# Stylesheet for highlighting or de-highlighting parts of lines +our $CSS = <<'END_CSS'; +/* wrap long lines - don't require user to scroll right */ +pre { line-break: normal; overflow-wrap: normal; white-space: pre-wrap; } + +.boring { color: #999; } +.timestamp { color: #999; } +.log-debug { color: #999; } +.log-info { color: #333; } +.log-warn { color: #f60; } +.log-error { color: #900; font-weight: bold; } +.subtest { background: #eee; } +.subsubtest { color: #F39; font-weight: bold; } +.string { color: #00c; } +.command { font-weight: bold; color: #000; } +.changed { color: #000; font-weight: bold; } + +/* links to source files: not as prominent as links to errors */ +a.codelink:link { color: #000; } +a.codelink:visited { color: #666; } +a.codelink:hover { background: #000; color: #999; } + +/* The timing tests at bottom: remove underline, it's too cluttery. */ +a.timing { text-decoration: none; } + +/* BATS styles */ +.bats-ok { color: #393; } +.bats-notok { color: #F00; font-weight: bold; } +.bats-skip { color: #F90; } +.bats-log { color: #900; } +.bats-log-esm { color: #b00; font-weight: bold; } + +/* error titles: display next to timestamp, not on separate line */ +h2 { display: inline; } +END_CSS + +# END user-customizable section +############################################################################### + +############################################################################### +# BEGIN boilerplate args checking, usage messages + +sub usage { + print <<"END_USAGE"; +Usage: $ME [OPTIONS] TEST_NAME + +$ME is a filter; it HTMLifies an input stream (presumably +Ginkgo or BATS log results), writing HTML results to an output file +but passing stdin unmodified to stdout. It is intended to run in +the Cirrus CI environment. + +Parameters: + + TEST_NAME descriptive name; output file will be TEST_NAME.log.html + +OPTIONS: + + --help display this message + --man display program man page + --version display program name and version +END_USAGE + + exit; +} + +# Command-line options. Note that this operates directly on @ARGV ! +our $debug = 0; +our $force = 0; +our $verbose = 0; +our $NOT = ''; # print "blahing the blah$NOT\n" if $debug +sub handle_opts { + use Getopt::Long; + GetOptions( + 'debug!' => \$debug, + 'dry-run|n!' => sub { $NOT = ' [NOT]' }, + 'force' => \$force, + 'verbose|v' => \$verbose, + + help => \&usage, + version => sub { print "$ME version $VERSION\n"; exit 0 }, + ) or die "Try `$ME --help' for help\n"; +} + +# END boilerplate args checking, usage messages +############################################################################### + +############################## CODE BEGINS HERE ############################### + +# The term is "modulino". +__PACKAGE__->main() unless caller(); + +# Main code. +sub main { + # Note that we operate directly on @ARGV, not on function parameters. + # This is deliberate: it's because Getopt::Long only operates on @ARGV + # and there's no clean way to make it use @_. + handle_opts(); # will set package globals + + # In case someone is tempted to run us on the command line + die "$ME: this is a filter, not an interactive script\n" if -t *STDIN; + + # Fetch command-line arguments. Barf if too many. + my $test_name = shift(@ARGV) + or die "$ME: missing TEST_NAME argument; try $ME --help\n"; + warn "$ME: Too many arguments; ignoring extras. try $ME --help\n" if @ARGV; + + format_log($test_name); +} + + +sub format_log { + my $test_name = shift; # in: e.g. 'integration_test' + + my $outfile = "$test_name.log.html"; + my $out_tmp = "$outfile.tmp.$$"; + open my $out_fh, '>:utf8', $out_tmp + or warn "$ME: Cannot create $out_tmp: $!\n"; + + # Boilerplate: HTML headers for output file + print { $out_fh } <<"END_HTML" if $out_fh; +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE html + PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>$test_name</title> +<style type="text/css"> +$CSS +</style> + +<!-- on page load, go to bottom: that's where the error summary is --> +<script language="javascript"> +function scrollToBottom() { + if (window.scrollY < 10) { + window.scrollTo(0, document.body.scrollHeight); + } +} +window.addEventListener("load", scrollToBottom, false); +</script> +</head> +<body> +<pre> +END_HTML + + # State variables + my $previous_timestamp = ''; # timestamp of previous line + my $cirrus_task; # Cirrus task number, used for linking + my $git_commit; # git SHA, used for linking to source files + my $in_failure; # binary flag: are we in an error dump? + my $in_timing; # binary flag: are we in the timing section? + my $after_divider = 0; # Count of lines after seeing '-----' + my $current_output; # for removing duplication + my $looks_like_bats; # binary flag: for detecting BATS results + + # Main loop: read input, one line at a time, and write out reformatted + LINE: + while (my $line = <STDIN>) { + print $line; # Immediately dump back to stdout + + # Remain robust in face of errors: always write stdout even if no HTML + next LINE if ! $out_fh; + + chomp $line; + $line =~ s/\0//g; # Some log files have NULs???? + $line = escapeHTML($line); + + # Temporarily strip off leading timestamp + $line =~ s/^(\[\+\d+s\]\s)//; + my $timestamp = $1 || ''; + if ($previous_timestamp && $timestamp eq $previous_timestamp) { + $timestamp = ' ' x length($timestamp); + } + elsif ($timestamp) { + $previous_timestamp = $timestamp; + } + + # Try to identify the git commit we're working with... + if ($line =~ m!libpod/define.gitCommit=([0-9a-f]+)!) { + $git_commit = $1; + } + # ...so we can link to specific lines in source files + if ($git_commit) { + # 1 12 3 34 4 5 526 6 + $line =~ s{^(.*)(\/(containers\/libpod)(\/\S+):(\d+))(.*)$} + {$1<a class="codelink" href='https://github.com/$3/blob/$git_commit$4#L$5'>$2</a>$6}; + } + + # Try to identify the cirrus task + if ($line =~ /cirrus-task-(\d+)/) { + $cirrus_task = $1; + } + + # BATS handling + if ($line =~ /^1\.\.\d+$/) { + $looks_like_bats = 1; + } + if ($looks_like_bats) { + my $css; + + if ($line =~ /^ok\s.*\s# skip/) { $css = 'skip' } + elsif ($line =~ /^ok\s/) { $css = 'ok' } + elsif ($line =~ /^not\s+ok\s/) { $css = 'notok' } + elsif ($line =~ /^#\s#\|\s/) { $css = 'log-esm' } + elsif ($line =~ /^#\s/) { $css = 'log' } + + if ($css) { + $line = "<span class='bats-$css'>$line</span>"; + } + + print { $out_fh } "<span class=\"timestamp\">$timestamp</span>" + if $timestamp; + print { $out_fh } $line, "\n"; + next LINE; + } + + # Timing section at the bottom of the page + if ($line =~ / timing results\s*$/) { + $in_timing = 1; + } + elsif ($in_timing) { + if ($line =~ /^(\S.*\S)\s+(\d+\.\d+)\s*$/) { + my ($name, $time) = ($1, $2); + my $id = make_id($1, 'timing'); + + # Try to column-align the timing numbers. Some test names + # will be longer than our max - oh well. + my $spaces = 80 - length(unescapeHTML($name)); + $spaces = 1 if $spaces < 1; + $spaces++ if $time < 10; + my $spacing = ' ' x $spaces; + $line = qq{<a class="timing" href="#t--$id">$name</a>$spacing$time}; + } + else { + $in_timing = 0; + } + } + + # + # Ginkgo error reformatting + # + if ($line =~ /^.{1,4} (Failure|Panic)( in .*)? \[/) { + # Begins a block of multiple lines including a stack trace + print { $out_fh } "<div class='log-error'>\n"; + $in_failure = 1; + } + elsif ($line =~ /^-----------/) { + if ($in_failure) { + # Ends a stack trace block + $in_failure = 0; + print { $out_fh } "</div>\n"; + } + $after_divider = 1; + + print { $out_fh } "</pre>\n<hr />\n<pre>\n"; + # Always show timestamp at start of each new test + $previous_timestamp = ''; + next LINE; + } + # (bindings test sometimes emits 'Running' with leading bullet char) + elsif ($line =~ /^•?Running:/) { + # Highlight the important (non-boilerplate) podman command. + # Strip out the global podman options, but show them on hover + $line =~ s{(\S+\/podman)((\s+--(root|runroot|runtime|tmpdir|storage-opt|conmon|cgroup-manager|cni-config-dir|storage-driver|events-backend) \S+)*)(.*)}{ + my ($full_path, $options, $args) = ($1, $2, $5); + + $options =~ s/^\s+//; + # Separate each '--foo bar' with newlines for readability + $options =~ s/ --/\n--/g; + qq{<span title="$full_path"><b>podman</b></span> <span class=\"boring\" title=\"$options\">[options]</span><b>$args</b>}; + }e; + $current_output = ''; + } + # Grrr. 'output:' usually just tells us what we already know. + elsif ($line =~ /^output:/) { + $current_output =~ s!^\s+|\s+$!!g; # Trim leading/trailing blanks + $current_output =~ s/\s+/ /g; # Collapse multiple spaces + if ($line eq "output: $current_output" || $line eq 'output: ') { + next LINE; + } + } + elsif ($line =~ /^Error:/ || $line =~ / level=(warning|error) /) { + $line = "<span class='log-warn'>" . $line . "</span>"; + } + elsif ($line =~ /^panic:/) { + $line = "<span class='log-error'>" . $line . "</span>"; + } + else { + $current_output .= ' ' . $line; + } + + + # Two lines after each divider, there's a test name. Make it + # an anchor so we can link to it later. + if ($after_divider++ == 2) { + # Sigh. There is no actual marker. Assume that anything with + ## two leading spaces then alpha (not slashes) is a test name. + if ($line =~ /^ [a-zA-Z]/) { + my $id = make_id($line, 'anchor'); + + $line = "<a name='t--$id'><h2>$line</h2></a>"; + } + } + + # Failure name corresponds to a previously-seen block. + ## FIXME: sometimes there are three failures with the same name. + ## ...I have no idea why or how to link to the right ones. + # 1 2 2 3 3 14 4 + if ($line =~ /^(\[(Fail|Panic!)\] .* \[(It|BeforeEach)\] )([A-Za-z].*)/) { + my ($lhs, $type, $ginkgo_fluff, $testname) = ($1, $2, $3, $4); + my $id = make_id($testname, 'link'); + + $line = "<b>$lhs<a href='#t--$id'>$testname</a></b>"; + } + + print { $out_fh } "<span class=\"timestamp\">$timestamp</span>" + if $timestamp; + print { $out_fh } $line, "\n"; + } + + my $have_formatted_log; # Set on success + + if ($out_fh) { + print { $out_fh } "</pre>\n"; + + # Did we find a cirrus task? Link back. + if ($cirrus_task) { + print { $out_fh } <<"END_HTML"; +<hr /> +<h3>Cirrus <a href="https://cirrus-ci.com/task/$cirrus_task">task $cirrus_task</a></h3> +END_HTML + } + + # FIXME: need a safe way to get TZ + printf { $out_fh } <<"END_HTML", scalar(CORE::localtime); +<hr /> +<small>Processed %s by $ME v$VERSION</small> +</body> +</html> +END_HTML + + if (close $out_fh) { + if (rename $out_tmp => $outfile) { + $have_formatted_log = 1; + } + else { + warn "$ME: Could not rename $out_tmp: $!\n"; + } + } + else { + warn "$ME: Error writing $out_tmp: $!\n"; + } + } + + # FIXME: if Cirrus magic envariables are available, write a link to results + if ($have_formatted_log && $ENV{CIRRUS_TASK_ID}) { + my $URL_BASE = "https://storage.googleapis.com"; + my $STATIC_MAGIC_BLOB = "cirrus-ci-5385732420009984-fcae48"; + my $ARTIFACT_NAME = "html"; + + my $URL = "${URL_BASE}/${STATIC_MAGIC_BLOB}/artifacts/$ENV{CIRRUS_REPO_FULL_NAME}/$ENV{CIRRUS_TASK_ID}/${ARTIFACT_NAME}/${outfile}"; + + print "\n\nAnnotated results:\n $URL\n"; + } +} + + +############# +# make_id # Given a test name, generate an anchor link name +############# +sub make_id { + my $name = shift; # in: test title + my $type = shift; # in: differentiator (anchor, link) + + state %counter; + + $name =~ s/^\s+|\s+$//g; # strip leading/trailing whitespace + $name =~ s/[^a-zA-Z0-9_-]/-/g; # Convert non-alphanumeric to dash + + # Keep a running tally of how many times we've seen this identifier + # for this given type! This lets us cross-match, in the bottom of + # the page, the first/second/third failure of a given test. + $name .= "--" . ++$counter{$type}{$name}; + + $name; +} + + + +sub escapeHTML { + my $s = shift; + + state %chars; + %chars = ('&' => '&', '<' => '<', '>' => '>', '"' => '"', "'" => ''') + if keys(%chars) == 0; + my $class = join('', sort keys %chars); + $s =~ s/([$class])/$chars{$1}/ge; + + return $s; +} + +sub unescapeHTML { + my $s = shift; + + # We don't actually care about the character, only its length + $s =~ s/\&\#?[a-z0-9]+;/./g; + + return $s; +} + + +1; diff --git a/contrib/cirrus/packer/Makefile b/contrib/cirrus/packer/Makefile index fa87d7019..a911cafdb 100644 --- a/contrib/cirrus/packer/Makefile +++ b/contrib/cirrus/packer/Makefile @@ -1,9 +1,4 @@ - -# N/B: PACKER_BUILDS variable is required. Should contain CSV of -# builder name(s) from applicable YAML file, -# e.g for names see libpod_images.yml - -PACKER_VER ?= 1.4.2 +PACKER_VER ?= 1.4.3 GOARCH=$(shell go env GOARCH) ARCH=$(uname -m) PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip @@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer .PHONY: libpod_images libpod_images: guard-PACKER_BUILDS libpod_images.json packer - ./packer build -only=${PACKER_BUILDS} \ + ./packer build \ -force \ + $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \ -var GOSRC=$(GOSRC) \ -var PACKER_BASE=$(PACKER_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \ @@ -82,6 +78,7 @@ cidata.iso: user-data meta-data .PHONY: libpod_base_images libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer PACKER_CACHE_DIR=/tmp ./packer build \ + $(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \ -force \ -var TIMESTAMP=$(TIMESTAMP) \ -var TTYDEV=$(TTYDEV) \ diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 6cfaa05ce..81a46b13f 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -8,107 +8,130 @@ set -e # Load in library (copied by packer, before this script was run) source /tmp/libpod/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC +req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT -ooe.sh sudo dnf update -y - -echo "Enabling updates-testing repository" -ooe.sh sudo dnf install -y 'dnf-command(config-manager)' -ooe.sh sudo dnf config-manager --set-enabled updates-testing - -echo "Installing general build/test dependencies" -ooe.sh sudo dnf install -y \ - atomic-registries \ - autoconf \ - automake \ - bash-completion \ - bats \ - bridge-utils \ - btrfs-progs-devel \ - bzip2 \ - conmon \ - container-selinux \ - containernetworking-plugins \ - containers-common \ - criu \ - device-mapper-devel \ - emacs-nox \ - file \ - findutils \ - fuse3 \ - fuse3-devel \ - gcc \ - git \ - glib2-devel \ - glibc-static \ - gnupg \ - go-md2man \ - golang \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - iproute \ - iptables \ - jq \ - libassuan-devel \ - libcap-devel \ - libmsi1 \ - libnet \ - libnet-devel \ - libnl3-devel \ - libseccomp \ - libseccomp-devel \ - libselinux-devel \ - libtool \ - libvarlink-util \ - lsof \ - make \ - msitools \ - nmap-ncat \ - pandoc \ - podman \ - procps-ng \ - protobuf \ - protobuf-c \ - protobuf-c-devel \ - protobuf-compiler \ - protobuf-devel \ - protobuf-python \ - python \ - python2-future \ - python3-dateutil \ - python3-psutil \ - python3-pytoml \ - runc \ - selinux-policy-devel \ - slirp4netns \ - unzip \ - vim \ - which \ - xz \ +$BIGTO ooe.sh sudo dnf update -y + +# Do not enable update-stesting on the previous Fedora release +if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then + warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" + $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' + $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing +else + warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" +fi + +REMOVE_PACKAGES=() +INSTALL_PACKAGES=(\ + autoconf + automake + bash-completion + bats + bridge-utils + btrfs-progs-devel + bzip2 + conmon + container-selinux + containernetworking-plugins + containers-common + criu + device-mapper-devel + dnsmasq + emacs-nox + file + findutils + fuse3 + fuse3-devel + gcc + git + glib2-devel + glibc-static + gnupg + go-md2man + golang + gpgme-devel + iproute + iptables + jq + libassuan-devel + libcap-devel + libmsi1 + libnet + libnet-devel + libnl3-devel + libseccomp + libseccomp-devel + libselinux-devel + libtool + libvarlink-util + lsof + make + msitools + nmap-ncat + ostree-devel + pandoc + podman + procps-ng + protobuf + protobuf-c + protobuf-c-devel + protobuf-devel + protobuf-python + python + python3-dateutil + python3-psutil + python3-pytoml + rsync + runc + selinux-policy-devel + skopeo + skopeo-containers + slirp4netns + unzip + vim + wget + which + xz zip +) +case "$OS_RELEASE_VER" in + 30) + INSTALL_PACKAGES+=(\ + atomic-registries + golang-github-cpuguy83-go-md2man + python2-future + runc + ) + REMOVE_PACKAGES+=(crun) + ;; + 31) + INSTALL_PACKAGES+=(crun) + REMOVE_PACKAGES+=(runc) + ;; + *) + bad_os_id_ver ;; +esac +echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" +$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]} -# Ensure there are no disruptive periodic services enabled by default in image -systemd_banish +install_buildah_packages -sudo /tmp/libpod/hack/install_catatonit.sh +[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \ + $LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]} -# Same script is used for several related contexts -case "$PACKER_BUILDER_NAME" in - xfedora*) - echo "Configuring CGroups v2 enabled on next boot" - sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1" - sudo dnf install -y crun - ;& # continue to next matching item - *) - echo "Finalizing $PACKER_BUILDER_NAME VM image" - ;; -esac +echo "Enabling cgroup management from containers" +ooe.sh sudo setsebool container_manage_cgroup true + +ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh + +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish rh_finalize diff --git a/contrib/cirrus/packer/image-builder-image_base-setup.sh b/contrib/cirrus/packer/image-builder-image_base-setup.sh index 43cfa7180..78772da09 100644 --- a/contrib/cirrus/packer/image-builder-image_base-setup.sh +++ b/contrib/cirrus/packer/image-builder-image_base-setup.sh @@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \ libvirt-client \ libvirt-daemon \ make \ - python34 \ - python34 \ - python34-PyYAML \ - python34-PyYAML \ + python36 \ + python36-PyYAML \ qemu-img \ qemu-kvm \ qemu-kvm-tools \ diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index bcca440ae..255723d57 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -12,19 +12,19 @@ variables: # Required for output from qemu builders TTYDEV: - # Ubuntu releases are mearly copied to this project for control purposes + # Ubuntu releases are merely copied to this project for control purposes UBUNTU_BASE_IMAGE: PRIOR_UBUNTU_BASE_IMAGE: # Latest Fedora release - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2" - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM" - FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2' + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM" + FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9' # Prior Fedora release - PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2" - PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM" - PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2' # Name to use in GCE + PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2" + PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2' # The name of the image in GCE used for packer build libpod_images.yml IBI_BASE_NAME: 'image-builder-image' diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index 01a65d867..074a813af 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -51,17 +51,12 @@ builders: source_image_family: 'prior-ubuntu-base' - <<: *gce_hosted_image - name: 'fedora-30' - source_image: '{{user `FEDORA_BASE_IMAGE`}}' - source_image_family: 'fedora-base' - - - <<: *gce_hosted_image - name: 'xfedora-30' + name: 'fedora-31' source_image: '{{user `FEDORA_BASE_IMAGE`}}' source_image_family: 'fedora-base' - <<: *gce_hosted_image - name: 'fedora-29' + name: 'fedora-30' source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}' source_image_family: 'prior-fedora-base' diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 118ee062a..46e7a620f 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -15,9 +15,6 @@ install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT -# Ensure there are no disruptive periodic services enabled by default in image -systemd_banish - # Stop disruption upon boot ASAP after booting echo "Disabling all packaging activity on boot" # Don't let sed process sed's temporary files @@ -32,96 +29,123 @@ $BIGTO $SUDOAPTGET update echo "Upgrading all packages" $BIGTO $SUDOAPTGET upgrade -echo "Adding PPAs" +echo "Adding third-party repositories and PPAs" $LILTO $SUDOAPTGET install software-properties-common -$LILTO $SUDOAPTADD ppa:projectatomic/ppa $LILTO $SUDOAPTADD ppa:criu/ppa if [[ "$OS_RELEASE_VER" -eq "18" ]] then $LILTO $SUDOAPTADD ppa:longsleep/golang-backports fi -$LILTO $SUDOAPTGET update - -echo "Installing general testing and system dependencies" -$BIGTO $SUDOAPTGET install \ - apparmor \ - aufs-tools \ - autoconf \ - automake \ - bash-completion \ - bats \ - bison \ - btrfs-tools \ - build-essential \ - containernetworking-plugins \ - containers-common \ - cri-o-runc \ - criu \ - curl \ - e2fslibs-dev \ - emacs-nox \ - file \ - gawk \ - gcc \ - gettext \ - go-md2man \ - golang \ - iproute2 \ - iptables \ - jq \ - libaio-dev \ - libapparmor-dev \ - libcap-dev \ - libdevmapper-dev \ - libdevmapper1.02.1 \ - libfuse-dev \ - libfuse2 \ - libglib2.0-dev \ - libgpgme11-dev \ - liblzma-dev \ - libnet1 \ - libnet1-dev \ - libnl-3-dev \ - libvarlink \ - libprotobuf-c-dev \ - libprotobuf-dev \ - libseccomp-dev \ - libseccomp2 \ - libsystemd-dev \ - libtool \ - libudev-dev \ - lsof \ - make \ - netcat \ - pkg-config \ - podman \ - protobuf-c-compiler \ - protobuf-compiler \ - python-future \ - python-minimal \ - python-protobuf \ - python3-dateutil \ - python3-pip \ - python3-psutil \ - python3-pytoml \ - python3-setuptools \ - skopeo \ - slirp4netns \ - socat \ - unzip \ - vim \ - xz-utils \ +echo "Configuring/Instaling deps from Open build server" +VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) +echo "deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_$VERSION_ID/ /" \ + | ooe.sh sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list +ooe.sh curl -L -o /tmp/Release.key "https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key" +ooe.sh sudo apt-key add - < /tmp/Release.key + +INSTALL_PACKAGES=(\ + apparmor + aufs-tools + autoconf + automake + bash-completion + bison + build-essential + bzip2 + conmon + containernetworking-plugins + containers-common + coreutils + cri-o-runc + criu + curl + dnsmasq + e2fslibs-dev + emacs-nox + file + gawk + gcc + gettext + git + go-md2man + golang + iproute2 + iptables + jq + libaio-dev + libapparmor-dev + libcap-dev + libdevmapper-dev + libdevmapper1.02.1 + libfuse-dev + libfuse2 + libglib2.0-dev + libgpgme11-dev + liblzma-dev + libnet1 + libnet1-dev + libnl-3-dev + libprotobuf-c-dev + libprotobuf-dev + libseccomp-dev + libseccomp2 + libselinux-dev + libsystemd-dev + libtool + libudev-dev + libvarlink + lsof + make + netcat + openssl + pkg-config + podman + protobuf-c-compiler + protobuf-compiler + python-future + python-minimal + python-protobuf + python3-dateutil + python3-pip + python3-psutil + python3-pytoml + python3-setuptools + rsync + runc + scons + skopeo + slirp4netns + socat + unzip + vim + wget + xz-utils + yum-utils zip + zlib1g-dev +) if [[ "$OS_RELEASE_VER" -ge "19" ]] then - echo "Installing Ubuntu > 18 packages" - $LILTO $SUDOAPTGET install fuse3 libfuse3-dev libbtrfs-dev -fi + INSTALL_PACKAGES+=(\ + bats + btrfs-progs + fuse3 + libbtrfs-dev + libfuse3-dev + ) +else + echo "Downloading version of bats with fix for a \$IFS related bug in 'run' command" + cd /tmp + BATS_URL='http://launchpadlibrarian.net/438140887/bats_1.1.0+git104-g1c83a1b-1_all.deb' + curl -L -O "$BATS_URL" + cd - + INSTALL_PACKAGES+=(\ + /tmp/$(basename $BATS_URL) + btrfs-tools + ) -if [[ "$OS_RELEASE_VER" -eq "18" ]] -then echo "Forced Ubuntu 18 kernel to enable cgroup swap accounting." SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g' ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/* @@ -129,9 +153,27 @@ then ooe.sh sudo update-grub fi -sudo /tmp/libpod/hack/install_catatonit.sh +echo "Installing general testing and system dependencies" +# Necessary to update cache of newly added repos +$LILTO $SUDOAPTGET update +$BIGTO $SUDOAPTGET install ${INSTALL_PACKAGES[@]} + +install_buildah_packages + +echo "Installing cataonit and libseccomp.sudo" +ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + +CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" +if sudo dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" +then + echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." + sudo ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" +fi + ubuntu_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index df510deef..eceb80b00 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -6,15 +6,19 @@ source $(dirname $0)/lib.sh req_env_var USER HOME GOSRC SCRIPT_BASE SETUP_MARKER_FILEPATH -show_env_vars - # Ensure this script only executes successfully once and always logs ending timestamp -[[ ! -e "$SETUP_MARKER_FILEPATH" ]] || exit 0 +if [[ -e "$SETUP_MARKER_FILEPATH" ]]; then + show_env_vars + exit 0 +fi + exithandler() { RET=$? echo "." echo "$(basename $0) exit status: $RET" [[ "$RET" -eq "0" ]] && date +%s >> "$SETUP_MARKER_FILEPATH" + show_env_vars + [[ "$RET" -eq "0" ]] || warn "Non-zero exit caused by error ABOVE env. var. display." } trap exithandler EXIT @@ -35,18 +39,26 @@ done cd "${GOSRC}/" case "${OS_RELEASE_ID}" in ubuntu) - CRIO_RUNC_PATH="/usr/lib/cri-o-runc/sbin/runc" - if dpkg -L cri-o-runc | grep -m 1 -q "$CRIO_RUNC_PATH" - then - echo "Linking $CRIO_RUNC_PATH to /usr/bin/runc for ease of testing." - ln -f "$CRIO_RUNC_PATH" "/usr/bin/runc" - fi ;; fedora) # All SELinux distros need this for systemd-in-a-container setsebool container_manage_cgroup true if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then - bash "$SCRIPT_BASE/add_second_partition.sh"; fi + bash "$SCRIPT_BASE/add_second_partition.sh" + fi + + warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" > /sys/block/sda/queue/scheduler + cat /sys/block/sda/queue/scheduler + + if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then + bash "$SCRIPT_BASE/add_second_partition.sh" + fi + + warn "Forcing systemd cgroup manager" + X=$(echo "export CGROUP_MANAGER=systemd" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" ;; centos) # Current VM is an image-builder-image no local podman/testing echo "No further setup required for VM image building" @@ -58,13 +70,41 @@ esac # Reload to incorporate any changes from above source "$SCRIPT_BASE/lib.sh" +case "$CG_FS_TYPE" in + tmpfs) + warn "Forcing testing with runc instead of crun" + X=$(echo "export OCI_RUNTIME=/usr/bin/runc" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + ;; + cgroup2fs) + # This is necessary since we've built/installed from source, which uses runc as the default. + warn "Forcing testing with crun instead of runc" + X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + + if [[ "$MOD_LIBPOD_CONF" == "true" ]]; then + warn "Updating runtime setting in repo. copy of libpod.conf" + sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' $GOSRC/libpod.conf + git diff $GOSRC/libpod.conf + fi + + if [[ "$OS_RELEASE_ID" == "fedora" ]]; then + warn "Upgrading to the latest crun" + # Normally not something to do for stable testing + # but crun is new, and late-breaking fixes may be required + # on short notice + dnf update -y crun + fi + ;; + *) + die 110 "Unsure how to handle cgroup filesystem type '$CG_FS_TYPE'" + ;; +esac + # Must execute before possible setup_rootless() make install.tools case "$SPECIALMODE" in - cgroupv2) - remove_packaged_podman_files # we're building from source - ;; none) [[ -n "$CROSS_PLATFORM" ]] || \ remove_packaged_podman_files @@ -72,6 +112,9 @@ case "$SPECIALMODE" in endpoint) remove_packaged_podman_files ;; + bindings) + remove_packaged_podman_files + ;; rootless) # Only do this once, even if ROOTLESS_USER (somehow) changes if ! grep -q 'ROOTLESS_USER' /etc/environment diff --git a/contrib/cirrus/unit_test.sh b/contrib/cirrus/unit_test.sh index c6c77d17e..2852c31ae 100755 --- a/contrib/cirrus/unit_test.sh +++ b/contrib/cirrus/unit_test.sh @@ -12,6 +12,7 @@ make localunit case "$SPECIALMODE" in in_podman) ;& + bindings) ;& rootless) ;& none) make diff --git a/contrib/cirrus/upload_release_archive.sh b/contrib/cirrus/upload_release_archive.sh index a94a5cc82..e1b8937b7 100755 --- a/contrib/cirrus/upload_release_archive.sh +++ b/contrib/cirrus/upload_release_archive.sh @@ -19,36 +19,19 @@ then BUCKET="libpod-pr-releases" elif [[ -n "$CIRRUS_BRANCH" ]] then - # Only release binaries for tagged commit ranges, unless working on docs - if is_release || [[ $CIRRUS_TASK_NAME =~ "docs" ]] + # Only release binaries for docs + if [[ $CIRRUS_TASK_NAME =~ "docs" ]] then PR_OR_BRANCH="$CIRRUS_BRANCH" BUCKET="libpod-$CIRRUS_BRANCH-releases" else - warn "" "Skipping release processing: Commit range|CIRRUS_TAG is development tagged." + warn "" "Skipping release processing for non-docs task." exit 0 fi else die 1 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty." fi -echo "Parsing actual_release.txt contents: $(< actual_release.txt)" -cd $GOSRC -RELEASETXT=$(<actual_release.txt) # see build_release.sh -[[ -n "$RELEASETXT" ]] || \ - die 3 "Could not obtain metadata from actual_release.txt" -RELEASE_INFO=$(echo "$RELEASETXT" | grep -m 1 'X-RELEASE-INFO:' | sed -r -e 's/X-RELEASE-INFO:\s*(.+)/\1/') -if [[ "$?" -ne "0" ]] || [[ -z "$RELEASE_INFO" ]] -then - die 4 "Metadata is empty or invalid: '$RELEASETXT'" -fi -# Format specified in Makefile -# e.g. libpod v1.3.1-166-g60df124e fedora 29 amd64 -# or libpod-remote v1.3.1-166-g60df124e windows - amd64 -FIELDS="RELEASE_BASENAME RELEASE_VERSION RELEASE_DIST RELEASE_DIST_VER RELEASE_ARCH" -read $FIELDS <<< $RELEASE_INFO -req_env_var $FIELDS - # Functional local podman required for uploading echo "Verifying a local, functional podman, building one if necessary." [[ -n "$(type -P podman)" ]] || \ @@ -64,7 +47,7 @@ echo "$RELEASE_GCPJSON" > "$TMPF" unset RELEASE_GCPJSON cd $GOSRC -for filename in $(ls -1 *.tar.gz *.zip *.msi $SWAGGER_FILEPATH) +for filename in $(ls -1 $SWAGGER_FILEPATH) do unset EXT EXT=$(echo "$filename" | sed -r -e 's/.+\.(.+$)/\1/g') @@ -85,19 +68,7 @@ do # For doc. ref. this must always be a static filename, e.g. swagger-latest-master.yaml ALSO_FILENAME="swagger-latest-${PR_OR_BRANCH}.yaml" else - # Form the generic "latest" file for this branch or pr - TO_PREFIX="${RELEASE_BASENAME}-latest-${PR_OR_BRANCH}-${RELEASE_DIST}" - # Form the fully-versioned filename for historical sake - ALSO_PREFIX="${RELEASE_BASENAME}-${RELEASE_VERSION}-${PR_OR_BRANCH}-${RELEASE_DIST}" - TO_SUFFIX="${RELEASE_ARCH}.${EXT}" - if [[ "$RELEASE_DIST" == "windows" ]] || [[ "$RELEASE_DIST" == "darwin" ]] - then - TO_FILENAME="${TO_PREFIX}-${TO_SUFFIX}" - ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}" - else - TO_FILENAME="${TO_PREFIX}-${RELEASE_DIST_VER}-${TO_SUFFIX}" - ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}" - fi + die "Uploading non-docs files has been disabled" fi [[ "$OS_RELEASE_ID" == "ubuntu" ]] || \ diff --git a/contrib/fedora-minimal/Dockerfile b/contrib/fedora-minimal/Dockerfile new file mode 100644 index 000000000..a051b3204 --- /dev/null +++ b/contrib/fedora-minimal/Dockerfile @@ -0,0 +1 @@ +FROM registry.fedoraproject.org/fedora-minimal:latest diff --git a/contrib/fedora-minimal/README.md b/contrib/fedora-minimal/README.md new file mode 100644 index 000000000..52bf94b53 --- /dev/null +++ b/contrib/fedora-minimal/README.md @@ -0,0 +1,4 @@ +This dockerfile exists so that the container image can be "mirrored" +onto quay.io automatically, so automated testing can be more resilient. + +https://quay.io/repository/libpod/fedora-minimal?tab=builds diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile index 2a904a202..54bd2cbde 100644 --- a/contrib/gate/Dockerfile +++ b/contrib/gate/Dockerfile @@ -33,31 +33,36 @@ RUN dnf -y install \ zip \ && dnf clean all -ENV GOPATH="/go" \ - PATH="/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \ +ENV GOPATH="/var/tmp/go" \ + GOBIN="/var/tmp/go/bin" \ + PATH="/var/tmp/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \ SRCPATH="/usr/src/libpod" \ - GOSRC="/go/src/github.com/containers/libpod" + GOSRC="/var/tmp/go/src/github.com/containers/libpod" -# Only needed for installing build-time dependencies +# Only needed for installing build-time dependencies, then will be removed COPY / $GOSRC -WORKDIR $GOSRC - # Install dependencies RUN set -x && \ + mkdir -p "$GOBIN" && \ + mkdir -p /etc/cni/net.d && \ + mkdir -p /etc/containers && \ install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \ - python3 -m pip install pre-commit && \ - rm -rf "$GOSRC" + python3 -m pip install pre-commit # Install cni config -#RUN make install.cni -RUN mkdir -p /etc/cni/net.d/ COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist - # Make sure we have some policy for pulling images -RUN mkdir -p /etc/containers COPY test/policy.json /etc/containers/policy.json COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml +WORKDIR "$GOSRC" +RUN make install.tools && \ + cd / && \ + rm -rf "$GOSRC" && \ + mkdir -p "$GOSRC" VOLUME ["/usr/src/libpod"] +# This entrypoint will synchronize the above volume ($SRCPATH) to $GOSRC before +# executing make. This ensures the original source remains prestine and is never +# modified by any lint/validation checks. ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/contrib/gate/README.md b/contrib/gate/README.md index 709e6035f..fe1205dc5 100644 --- a/contrib/gate/README.md +++ b/contrib/gate/README.md @@ -1,4 +1,6 @@  -A standard container image for `gofmt` and lint-checking the libpod -repository. The [contributors guide contains the documentation for usage.](https://github.com/containers/libpod/blob/master/CONTRIBUTING.md#go-format-and-lint) +A standard container image for lint-checking and validating changes to the libpod +repository. The +[contributors guide contains the documentation for usage.](https://github.com/containers/libpod/blob/master/CONTRIBUTING.md#go-format-and-lint). Note that this container image is also utilized +in automation, see the file [.cirrus.yml](.cirrus.yml) diff --git a/contrib/gate/entrypoint.sh b/contrib/gate/entrypoint.sh index 0189cf7c5..ab6528e00 100755 --- a/contrib/gate/entrypoint.sh +++ b/contrib/gate/entrypoint.sh @@ -1,15 +1,23 @@ #!/bin/bash -[[ -n "$SRCPATH" ]] || \ - ( echo "ERROR: \$SRCPATH must be non-empty" && exit 1 ) -[[ -n "$GOSRC" ]] || \ - ( echo "ERROR: \$GOSRC must be non-empty" && exit 2 ) +set -e + +die() { + echo "${2:-FATAL ERROR (but no message given!)} (gate container entrypoint)" + exit ${1:-1} +} + +[[ -n "$SRCPATH" ]] || die 1 "ERROR: \$SRCPATH must be non-empty" +[[ -n "$GOPATH" ]] || die 2 "ERROR: \$GOPATH must be non-empty" +[[ -n "$GOSRC" ]] || die 3 "ERROR: \$GOSRC must be non-empty" [[ -r "${SRCPATH}/contrib/gate/Dockerfile" ]] || \ - ( echo "ERROR: Expecting libpod repository root at $SRCPATH" && exit 3 ) + die 4 "ERROR: Expecting libpod repository root at $SRCPATH" # Working from a copy avoids needing to perturb the actual source files -mkdir -p "$GOSRC" +# if/when developers use gate container for local testing +echo "Copying $SRCPATH to $GOSRC" +mkdir -vp "$GOSRC" /usr/bin/rsync --recursive --links --quiet --safe-links \ --perms --times --delete "${SRCPATH}/" "${GOSRC}/" cd "$GOSRC" -make "$@" +exec make "$@" diff --git a/contrib/msi/podman.wxs b/contrib/msi/podman.wxs index ec62a93c5..c2c2cea4f 100644 --- a/contrib/msi/podman.wxs +++ b/contrib/msi/podman.wxs @@ -33,7 +33,7 @@ </Directory> <Property Id="setx" Value="setx.exe"/> - <CustomAction Id="ChangePath" ExeCommand='PATH "%PATH%;[INSTALLDIR]"' Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> + <CustomAction Id="ChangePath" ExeCommand="PATH "%PATH%;[INSTALLDIR] "" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> <Feature Id="Complete" Level="1"> <ComponentRef Id="INSTALLDIR_Component"/> diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md index ab55f3189..9d841cdba 100644 --- a/contrib/podmanimage/README.md +++ b/contrib/podmanimage/README.md @@ -10,10 +10,10 @@ the images live are public and can be pulled without credentials. These contain resulting containers can run safely with privileges within the container. The container images are built using the latest Fedora and then Podman is installed into them: - * quay.io/podman/stable - This image is built using the latest stable version of Podman in a Fedora based container. Built with podman/stable/Dockerfile. - * quay.io/podman/upstream - This image is built using the latest code found in this GitHub repository. When someone creates a commit and pushes it, the image is created. Due to that the image changes frequently and is not guaranteed to be stable. Built with podmanimage/upstream/Dockerfile. - * quay.io/podman/testing - This image is built using the latest version of Podman that is or was in updates testing for Fedora. At times this may be the same as the stable image. This container image will primarily be used by the development teams for verification testing when a new package is created. Built with podmanimage/testing/Dockerfile. - + * quay.io/podman/stable - This image is built using the latest stable version of Podman in a Fedora based container. Built with [podmanimage/stable/Dockerfile](stable/Dockerfile). + * quay.io/podman/upstream - This image is built using the latest code found in this GitHub repository. When someone creates a commit and pushes it, the image is created. Due to that the image changes frequently and is not guaranteed to be stable. Built with [podmanimage/upstream/Dockerfile](upstream/Dockerfile). + * quay.io/podman/testing - This image is built using the latest version of Podman that is or was in updates testing for Fedora. At times this may be the same as the stable image. This container image will primarily be used by the development teams for verification testing when a new package is created. Built with [podmanimage/testing/Dockerfile](testing/Dockerfile). + * quay.io/podman/stable:version - This image is built manually using a Fedora based container. An RPM is first pulled from the [Fedora Updates System](https://bodhi.fedoraproject.org/) and the image is built from there. For more details, see the Containerfile used to build it, [podmanimage/stable/manual/Containerfile](stable/manual/Containerfile). ## Sample Usage diff --git a/contrib/podmanimage/stable/manual/Containerfile b/contrib/podmanimage/stable/manual/Containerfile new file mode 100644 index 000000000..d76d6d9b4 --- /dev/null +++ b/contrib/podmanimage/stable/manual/Containerfile @@ -0,0 +1,39 @@ +# stable/manual/Containerfile +# +# Build a Podman container image from the latest +# stable version of Podman on the Fedora Updates System. +# https://bodhi.fedoraproject.org/updates/?search=podman +# This image can be used to create a secured container +# that runs safely with privileges within the container. +# This Containerfile builds version 1.7.0, the version and +# the RPM name would need to be adjusted before a run as +# appropriate. +# +# To use, first copy an rpm file from bohdi to `/root/tmp` +# and then run: +# 'podman build -f ./Containerfile -t quay.io/podman/stable:v1.7.0 .' +# +# Once complete run: +# `podman push quay.io/stable:v1.7.0 docker://quay.io/podman/stable:v1.7.0` +# +# Start Build Process using the latest Fedora +FROM fedora:latest + +# Don't include container-selinux and remove +# directories used by dnf that are just taking +# up space. +# +COPY /tmp/podman-1.7.0-3.fc30.x86_64.rpm /tmp +RUN yum -y install /tmp/podman-1.7.0-3.fc30.x86_64.rpm fuse-overlayfs --exclude container-selinux; rm -rf /var/cache /var/log/dnf* /var/log/yum.* /tmp/podman*.rpm + +# Adjust storage.conf to enable Fuse storage. +RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + +# Adjust libpod.conf to write logging to a file +RUN sed -i 's/events_logger = "journald"/events_logger = "file"/g' /usr/share/containers/libpod.conf; mkdir -p /run/systemd/journal + +# Set up environment variables to note that this is +# not starting with usernamespace and default to +# isolate the filesystem with chroot. +ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile index 7c9434fa6..847097920 100644 --- a/contrib/podmanimage/upstream/Dockerfile +++ b/contrib/podmanimage/upstream/Dockerfile @@ -19,16 +19,16 @@ ENV GOPATH=/root/podman # that are needed for building but not running Podman RUN useradd build; yum -y update; yum -y reinstall shadow-utils; yum -y install --exclude container-selinux \ --enablerepo=updates-testing \ - atomic-registries \ btrfs-progs-devel \ containernetworking-cni \ + conmon \ device-mapper-devel \ git \ glib2-devel \ glibc-devel \ glibc-static \ go \ - golang-github-cpuguy83-go-md2man \ + golang-github-cpuguy83-md2man \ gpgme-devel \ iptables \ libassuan-devel \ diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 25c70c392..817be31b7 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -43,7 +43,12 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.7.1 +%if 0%{?fedora} +Epoch: 99 +%else +Epoch: 0 +%endif +Version: 1.8.3 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 @@ -385,6 +390,7 @@ mkdir -p src/%{provider}.%{provider_tld}/%{project} ln -s ../../../../ src/%{import_path} popd ln -s vendor src +export GO111MODULE=off export GOPATH=$(pwd)/_build:$(pwd):$(pwd):%{gopath} export BUILDTAGS="varlink selinux seccomp $(%{hackdir}/hack/btrfs_installed_tag.sh) $(%{hackdir}/hack/btrfs_tag.sh) $(%{hackdir}/hack/libdm_tag.sh) exclude_graphdriver_devicemapper" @@ -507,7 +513,7 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %files %license LICENSE -%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md +%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md CODE-OF-CONDUCT.md transfer.md %{_bindir}/%{name} %{_datadir}/bash-completion/completions/* %{_datadir}/zsh/site-functions/* @@ -518,24 +524,28 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_unitdir}/io.podman.socket %{_usr}/lib/systemd/user/io.podman.service %{_usr}/lib/systemd/user/io.podman.socket +%{_unitdir}/podman.service +%{_unitdir}/podman.socket +%{_usr}/lib/systemd/user/podman.service +%{_usr}/lib/systemd/user/podman.socket %{_usr}/lib/tmpfiles.d/%{name}.conf %if 0%{?with_devel} %files -n libpod-devel -f devel.file-list %license LICENSE -%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md +%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md CODE-OF-CONDUCT.md transfer.md %dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} %endif %if 0%{?with_unit_test} && 0%{?with_devel} %files unit-test-devel -f unit-test-devel.file-list %license LICENSE -%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md +%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md CODE-OF-CONDUCT.md transfer.md %endif %files -n podman-remote %license LICENSE -%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md code-of-conduct.md transfer.md +%doc README.md CONTRIBUTING.md pkg/hooks/README-hooks.md install.md CODE-OF-CONDUCT.md transfer.md %{_bindir}/%{name}-remote %if %{with doc} diff --git a/contrib/spec/python-podman.spec.in b/contrib/spec/python-podman.spec.in index 6296586dd..b921f2645 100644 --- a/contrib/spec/python-podman.spec.in +++ b/contrib/spec/python-podman.spec.in @@ -92,7 +92,7 @@ popd %files %license LICENSE -%doc README.md CONTRIBUTING.md install.md code-of-conduct.md transfer.md +%doc README.md CONTRIBUTING.md install.md CODE-OF-CONDUCT.md transfer.md %{_bindir}/pypodman %{_mandir}/man1/pypodman.1* %dir %{python3_sitelib}/podman diff --git a/contrib/systemd/README.md b/contrib/systemd/README.md index 20f11467a..9f1d37792 100644 --- a/contrib/systemd/README.md +++ b/contrib/systemd/README.md @@ -2,101 +2,31 @@ ## system-wide (podman service run as root) -The following unit file examples assume: - 1. copied the `service` executable into `/usr/local/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/service` - -then: 1. copy the `podman.service` and `podman.socket` files into `/etc/systemd/system` 1. `systemctl daemon-reload` 1. `systemctl enable podman.socket` 1. `systemctl start podman.socket` 1. `systemctl status podman.socket podman.service` - -Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` -### podman.service -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service -TimeoutStopSec=30 -KillMode=process +Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` +### podman.service +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.service) for a sample podman.service file. ### podman.socket +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.socket) for a sample podman.socket file. -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` ## user (podman service run as given user aka "rootless") -The following unit file examples assume: - 1. you have a created a directory `~/bin` - 1. copied the `service` executable into `~/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 ~/bin/service` - -then: 1. `mkdir -p ~/.config/systemd/user` 1. copy the `podman.service` and `podman.socket` files into `~/.config/systemd/user` 1. `systemctl --user enable podman.socket` 1. `systemctl --user start podman.socket` 1. `systemctl --user status podman.socket podman.service` - -Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` -### podman.service +Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service -TimeoutStopSec=30 -KillMode=process +### podman.service +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.service) for a rootless podman.service file. -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` ### podman.socket - -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.socket) for a rootless podman.socket file. diff --git a/contrib/systemd/auto-update/podman-auto-update.service b/contrib/systemd/auto-update/podman-auto-update.service new file mode 100644 index 000000000..b63f24230 --- /dev/null +++ b/contrib/systemd/auto-update/podman-auto-update.service @@ -0,0 +1,11 @@ +[Unit] +Description=Podman auto-update service +Documentation=man:podman-auto-update(1) +Wants=network.target +After=network-online.target + +[Service] +ExecStart=/usr/bin/podman auto-update + +[Install] +WantedBy=multi-user.target default.target diff --git a/contrib/systemd/auto-update/podman-auto-update.timer b/contrib/systemd/auto-update/podman-auto-update.timer new file mode 100644 index 000000000..3e50ffa9b --- /dev/null +++ b/contrib/systemd/auto-update/podman-auto-update.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Podman auto-update timer + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/contrib/systemd/system/podman-docker.conf b/contrib/systemd/system/podman-docker.conf new file mode 100644 index 000000000..e12f19bce --- /dev/null +++ b/contrib/systemd/system/podman-docker.conf @@ -0,0 +1 @@ +L+ /run/docker.sock - - - - /run/podman/podman.sock diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service index 13d858627..eaa2ec437 100644 --- a/contrib/systemd/system/podman.service +++ b/contrib/systemd/system/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process diff --git a/contrib/systemd/user/podman.service b/contrib/systemd/user/podman.service index 81fa55cf8..eaa2ec437 100644 --- a/contrib/systemd/user/podman.service +++ b/contrib/systemd/user/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process |