From c53163b75a698af3d3bd5305efb2610f4bb7880b Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Mon, 9 Jul 2018 12:30:20 -0400 Subject: Add configuration for Cirrus-CI Testing podman requires exercising on a full-blown VM. The current containerized-approach is complicated, and mostly a band-aid over shortcomings in the other CI systems. Namely, we want: * To pre-build environments with dependencies to reduce the setup time needed for testing. * The ability to verify the pre-built environments are working before utilizing them for further testing. * A simple, single set of flexible automation instructions to reduce maintenance burden. * Ease of environment reproduction across clouds or locally, for debugging failures. This change leverages Cirrus-CI + Packer + collection of shell scripts to realize all of the above. Signed-off-by: Chris Evich --- .cirrus.yml | 117 ++++++++++++++ contrib/cirrus/build_vm_images.sh | 59 +++++++ contrib/cirrus/integration_test.sh | 28 ++++ contrib/cirrus/lib.sh | 258 +++++++++++++++++++++++++++++++ contrib/cirrus/ooe.sh | 39 +++++ contrib/cirrus/packer/README.md | 2 + contrib/cirrus/packer/centos_setup.sh | 69 +++++++++ contrib/cirrus/packer/fedora_setup.sh | 72 +++++++++ contrib/cirrus/packer/libpod_images.json | 124 +++++++++++++++ contrib/cirrus/packer/rhel_setup.sh | 111 +++++++++++++ contrib/cirrus/packer/ubuntu_setup.sh | 93 +++++++++++ contrib/cirrus/setup_environment.sh | 77 +++++++++ contrib/cirrus/unit_test.sh | 30 ++++ 13 files changed, 1079 insertions(+) create mode 100755 contrib/cirrus/build_vm_images.sh create mode 100755 contrib/cirrus/integration_test.sh create mode 100644 contrib/cirrus/lib.sh create mode 100755 contrib/cirrus/ooe.sh create mode 100644 contrib/cirrus/packer/README.md create mode 100644 contrib/cirrus/packer/centos_setup.sh create mode 100644 contrib/cirrus/packer/fedora_setup.sh create mode 100644 contrib/cirrus/packer/libpod_images.json create mode 100644 contrib/cirrus/packer/rhel_setup.sh create mode 100644 contrib/cirrus/packer/ubuntu_setup.sh create mode 100755 contrib/cirrus/setup_environment.sh create mode 100755 contrib/cirrus/unit_test.sh diff --git a/.cirrus.yml b/.cirrus.yml index e69de29bb..a06d17493 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -0,0 +1,117 @@ +--- + +# Only github users with write-access can define or use encrypted variables +# This credential represents a service account with access to manage both VMs +# and storage. +gcp_credentials: ENCRYPTED[885c6e4297dd8d6f67593c42b810353af0c505a7a670e2c6fd830c56e86bbb2debcc3c18f942d0d46ab36b63521061d4] + +# Default VM to use for testing, unless values overriden by specific tasks (below) +gce_instance: + image_project: "libpod-218412" + zone: "us-central1-a" # Required by Cirrus for the time being + cpu: 4 + memory: "8Gb" + disk: 40 + +# Main collection of env. varss to set for all scripts. All others +# are cooked in by $SCRIPT_BASE/setup_environment.sh +env: + CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9" + CRIO_COMMIT: "662dbb31b5d4f5ed54511a47cde7190c61c28677" + RUNC_COMMIT: "ad0f5255060d36872be04de22f8731f38ef2d7b1" + # File to update in home-dir with task-specific env. var values + ENVLIB: ".bash_profile" + # Overrides default location (/tmp/cirrus) for repo clone + CIRRUS_WORKING_DIR: "/go/src/github.com/containers/libpod" + # Required so $ENVLIB gets loaded + CIRRUS_SHELL: "/bin/bash" + # Save a little typing (path relative to $CIRRUS_WORKING_DIR) + SCRIPT_BASE: "./contrib/cirrus" + PACKER_BASE: "./contrib/cirrus/packer" + +# Every *_task runs in parallel in separate VMs. The name prefix only for reference +# in WebUI, and will be followed by matrix details. This task does all the +# per-pr unit/integration testing. +full_vm_testing_task: + + gce_instance: + # Generate multiple 'test' tasks, covering all possible + # 'matrix' combinations. All run in parallel. + matrix: + # Images are generated separetly, from build_images_task (below) + image_name: "ubuntu-1804-bionic-v20180911-libpod-5763563410948096" + # TODO: Make these work (also build_images_task below) + #image_name: "rhel-server-ec2-7-5-165-1-libpod-5358668723781632" + #image_name: "centos-7-v20180911-libpod-5358668723781632" + #image_name: "fedora-cloud-base-28-1-1-7-libpod-5358668723781632" + + timeout_in: 120m + + # Every *_script runs in sequence, for each task. The name prefix is for + # WebUI reference. The values may be strings... + setup_environment_script: $SCRIPT_BASE/setup_environment.sh + + # ...or lists of strings + unit_test_script: + - whoami # root! + - $SCRIPT_BASE/unit_test.sh + + integration_test_script: $SCRIPT_BASE/integration_test.sh + + +# This task build new images for future PR testing, but only after a PR merge. +# These images save needing to install/setup the same environment to test every +# PR. The 'active' image for testing is selected by the 'image_name' items in +# task above. Currently this requires manually updating them, but this could +# be automated (see comment at end). + +build_vm_images_task: + # Only produce new images after a PR merge + only_if: $CIRRUS_BRANCH == 'master' + + # Require tests to pass first. + depends_on: + - test # i.e. 'test_task' + + env: + # CSV of packer builder names to enable (see $PACKER_BASE/libpod_images.json) + PACKER_BUILDS: "ubuntu-18" + # TODO: Make these work (also full_vm_testing_task above) + # PACKER_BUILDS: "rhel-7,centos-7,fedora-28,ubuntu-18" + # Command to register a RHEL VM + RHSM_COMMAND: ENCRYPTED[fec01433222af1ed0b8e40e89e7d18f6ee2fa9f49a1e721dc72f7eed3c740661215d1bd05cb54ac66a1a62116b92bdce] + # Additional environment variables needed to build GCE images, within a GCE VM + SERVICE_ACCOUNT: ENCRYPTED[02e03838b1156eb9516c7cc1e888e287910759842275f3c7bc2b4d56075cc6740e29ffa0ab71ebdbbd079673361dd8c9] + GCE_SSH_USERNAME: ENCRYPTED[a19a4ec62423e3e0fe4e7d1a5c9f11eda8fde321b9047ab5ed5590c2b1d7a2d12091c2be1531f949eae927059c2ae531] + GCP_PROJECT_ID: ENCRYPTED[77cb2d392bbc8d17412547d7d91f8d190089bf6e6b96eab9927994bbff6ab2c691ba0329ac7a650ba6182fbbab9fb68d] + # Existing base values to use, output images get epoc stamped names + PACKER_VER: "1.3.1" + # low-level base VM image name inputs to packer + CENTOS_BASE_IMAGE: "centos-7-v20180911" + RHEL_BASE_IMAGE: "rhel-server-ec2-7-5-165-1" + FEDORA_BASE_IMAGE: "fedora-cloud-base-28-1-1-7" + UBUNTU_BASE_IMAGE: "ubuntu-1804-bionic-v20180911" + + gce_instance: + image_name: "image-builder-image" # Simply CentOS 7 + packer dependencies + # Additional permissions for building GCE images, within a GCE VM + scopes: + - compute + - devstorage.full_control + # Doesn't need many local resources to run + cpu: 2 + memory: "2Gb" + disk: 20 + environment_script: $SCRIPT_BASE/setup_environment.sh + build_vm_images_script: $SCRIPT_BASE/build_vm_images.sh + + # TODO,Continuous Delivery: Automaticly open a libpod PR after using 'sed' to replace + # the image_names with the new (just build) images. That will + # cause a new round of testing to happen (via the PR) using + # the new images. When all is good, the PR may be manually + # merged so all PR testing uses the new images. The script + # names (below) describe their purpose in this workflow. + # deploy_images_script: + # - clone_podman_release_branch.sh + # - modify_cirrus_yaml_image_names.sh + # - commit_and_create_upstream_pr.sh diff --git a/contrib/cirrus/build_vm_images.sh b/contrib/cirrus/build_vm_images.sh new file mode 100755 index 000000000..8538ee910 --- /dev/null +++ b/contrib/cirrus/build_vm_images.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +set -e +source $(dirname $0)/lib.sh + +req_env_var " +CNI_COMMIT $CNI_COMMIT +CRIO_COMMIT $CRIO_COMMIT +RUNC_COMMIT $RUNC_COMMIT +PACKER_BUILDS $PACKER_BUILDS +CENTOS_BASE_IMAGE $CENTOS_BASE_IMAGE +UBUNTU_BASE_IMAGE $UBUNTU_BASE_IMAGE +FEDORA_BASE_IMAGE $FEDORA_BASE_IMAGE +RHEL_BASE_IMAGE $RHEL_BASE_IMAGE +RHSM_COMMAND $RHSM_COMMAND +CIRRUS_BUILD_ID $CIRRUS_BUILD_ID +SERVICE_ACCOUNT $SERVICE_ACCOUNT +GCE_SSH_USERNAME $GCE_SSH_USERNAME +GCP_PROJECT_ID $GCP_PROJECT_ID +PACKER_VER $PACKER_VER +SCRIPT_BASE $SCRIPT_BASE +PACKER_BASE $PACKER_BASE +" + +# TODO: Skip building images if $CIRRUS_BRANCH =~ "master" and +# commit message of $CIRRUS_CHANGE_IN_REPO contains a magic word +# produced by 'commit_and_create_upstream_pr.sh' script (see .cirrus.yml) + +show_env_vars + +# Everything here is running on the 'image-builder-image' GCE image +# Assume basic dependencies are all met, but there could be a newer version +# of the packer binary +PACKER_FILENAME="packer_${PACKER_VER}_linux_amd64.zip" +mkdir -p "$HOME/packer" +cd "$HOME/packer" +# image_builder_image has packer pre-installed, check if same version requested +if ! [[ -r "$PACKER_FILENAME" ]] +then + curl -L -O https://releases.hashicorp.com/packer/$PACKER_VER/$PACKER_FILENAME + curl -L https://releases.hashicorp.com/packer/${PACKER_VER}/packer_${PACKER_VER}_SHA256SUMS | \ + grep 'linux_amd64' > ./sha256sums + sha256sum --check ./sha256sums + unzip -o $PACKER_FILENAME + ./packer --help &> /dev/null # verify exit(0) +fi + +set -x + +cd "$GOSRC" +# N/B: /usr/sbin/packer is a DIFFERENT tool, and will exit 0 given the args below :( +TEMPLATE="./$PACKER_BASE/libpod_images.json" + +$HOME/packer/packer inspect "$TEMPLATE" + +#$HOME/packer/packer build -machine-readable "-only=$PACKER_BUILDS" "$TEMPLATE" | tee /tmp/packer_log.csv +$HOME/packer/packer build "-only=$PACKER_BUILDS" "$TEMPLATE" + +# TODO: Report back to PR names of built images diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh new file mode 100755 index 000000000..226053724 --- /dev/null +++ b/contrib/cirrus/integration_test.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -e +source $(dirname $0)/lib.sh + +req_env_var " +GOSRC $GOSRC +OS_RELEASE_ID $OS_RELEASE_ID +OS_RELEASE_VER $OS_RELEASE_VER +" + +show_env_vars + +set -x +cd "$GOSRC" +case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in + ubuntu-18) + make install PREFIX=/usr ETCDIR=/etc "BUILDTAGS=$BUILDTAGS" + make test-binaries "BUILDTAGS=$BUILDTAGS" + SKIP_USERNS=1 make localintegration "BUILDTAGS=$BUILDTAGS" + ;; + fedora-28) ;& # Continue to the next item + centos-7) ;& + rhel-7) + stub 'integration testing not working on $OS_RELEASE_ID' + ;; + *) bad_os_id_ver ;; +esac diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh new file mode 100644 index 000000000..e69f1e040 --- /dev/null +++ b/contrib/cirrus/lib.sh @@ -0,0 +1,258 @@ + + +# Library of common, shared utility functions. This file is intended +# to be sourced by other scripts, not called directly. + +# Under some contexts these values are not set, make sure they are. +USER="$(whoami)" +HOME="$(getent passwd $USER | cut -d : -f 6)" +if ! [[ "$PATH" =~ "/usr/local/bin" ]] +then + export PATH="$PATH:/usr/local/bin" +fi + +# In ci/testing environment, ensure variables are always loaded +if [[ -r "$HOME/$ENVLIB" ]] && [[ -n "$CI" ]] +then + # Make sure this is always loaded + source "$HOME/$ENVLIB" +fi + +# Pass in a line delimited list of, space delimited name/value pairs +# exit non-zero with helpful error message if any value is empty +req_env_var() { + echo "$1" | while read NAME VALUE + do + if [[ -n "$NAME" ]] && [[ -z "$VALUE" ]] + then + echo "Required env. var. \$$NAME is not set" + exit 9 + fi + done +} + +# Some env. vars may contain secrets. Display values for known "safe" +# and useful variables. +# ref: https://cirrus-ci.org/guide/writing-tasks/#environment-variables +show_env_vars() { + echo " +BUILDTAGS $BUILDTAGS +CI $CI +CIRRUS_CI $CIRRUS_CI +CI_NODE_INDEX $CI_NODE_INDEX +CI_NODE_TOTAL $CI_NODE_TOTAL +CONTINUOUS_INTEGRATION $CONTINUOUS_INTEGRATION +CIRRUS_BASE_BRANCH $CIRRUS_BASE_BRANCH +CIRRUS_BASE_SHA $CIRRUS_BASE_SHA +CIRRUS_BRANCH $CIRRUS_BRANCH +CIRRUS_BUILD_ID $CIRRUS_BUILD_ID +CIRRUS_CHANGE_IN_REPO $CIRRUS_CHANGE_IN_REPO +CIRRUS_CHANGE_MESSAGE $CIRRUS_CHANGE_MESSAGE +CIRRUS_CLONE_DEPTH $CIRRUS_CLONE_DEPTH +CIRRUS_DEFAULT_BRANCH $CIRRUS_DEFAULT_BRANCH +CIRRUS_PR $CIRRUS_PR +CIRRUS_TAG $CIRRUS_TAG +CIRRUS_OS $CIRRUS_OS +OS $OS +CIRRUS_TASK_NAME $CIRRUS_TASK_NAME +CIRRUS_TASK_ID $CIRRUS_TASK_ID +CIRRUS_REPO_NAME $CIRRUS_REPO_NAME +CIRRUS_REPO_OWNER $CIRRUS_REPO_OWNER +CIRRUS_REPO_FULL_NAME $CIRRUS_REPO_FULL_NAME +CIRRUS_REPO_CLONE_URL $CIRRUS_REPO_CLONE_URL +CIRRUS_SHELL $CIRRUS_SHELL +CIRRUS_USER_COLLABORATOR $CIRRUS_USER_COLLABORATOR +CIRRUS_USER_PERMISSION $CIRRUS_USER_PERMISSION +CIRRUS_WORKING_DIR $CIRRUS_WORKING_DIR +CIRRUS_HTTP_CACHE_HOST $CIRRUS_HTTP_CACHE_HOST +$(go env) + " | while read NAME VALUE + do + [[ -z "$NAME" ]] || echo "export $NAME=\"$VALUE\"" + done +} + +# Return a GCE image-name compatible string representation of distribution name +os_release_id() { + eval "$(egrep -m 1 '^ID=' /etc/os-release | tr -d \' | tr -d \")" + echo "$ID" +} + +# Return a GCE image-name compatible string representation of distribution major version +os_release_ver() { + eval "$(egrep -m 1 '^VERSION_ID=' /etc/os-release | tr -d \' | tr -d \")" + echo "$VERSION_ID" | cut -d '.' -f 1 +} + +bad_os_id_ver() { + echo "Unknown/Unsupported distro. $OS_RELEASE_ID and/or version $OS_RELEASE_VER for $ARGS" + exit 42 +} + +stub() { + echo "STUB: Pretending to do $1" +} + +# Run sudo in directory with GOPATH set +cdsudo() { + DIR="$1" + shift + CMD="cd $DIR && $@" + sudo --preserve-env=GOPATH --non-interactive bash -c "$CMD" +} + + +# Helper/wrapper script to only show stderr/stdout on non-zero exit +install_ooe() { + req_env_var "SCRIPT_BASE $SCRIPT_BASE" + echo "Installing script to mask stdout/stderr unless non-zero exit." + sudo install -D -m 755 "/tmp/libpod/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh +} + +# Grab a newer version of git from software collections +# https://www.softwarecollections.org/en/ +# and use it with a wrapper +install_scl_git() { + echo "Installing SoftwareCollections updated 'git' version." + ooe.sh sudo yum -y install rh-git29 + cat << "EOF" | sudo tee /usr/bin/git +#!/bin/bash + +scl enable rh-git29 -- git $@ +EOF + sudo chmod 755 /usr/bin/git +} + +install_cni_plugins() { + echo "Installing CNI Plugins from commit $CNI_COMMIT" + req_env_var " + GOPATH $GOPATH + CNI_COMMIT $CNI_COMMIT + " + DEST="$GOPATH/src/github.com/containernetworking/plugins" + rm -rf "$DEST" + ooe.sh git clone "https://github.com/containernetworking/plugins.git" "$DEST" + cd "$DEST" + ooe.sh git checkout -q "$CNI_COMMIT" + ooe.sh ./build.sh + sudo mkdir -p /usr/libexec/cni + sudo cp bin/* /usr/libexec/cni +} + +install_runc(){ + OS_RELEASE_ID=$(os_release_id) + echo "Installing RunC from commit $RUNC_COMMIT" + echo "Platform is $OS_RELEASE_ID" + req_env_var " + GOPATH $GOPATH + RUNC_COMMIT $RUNC_COMMIT + OS_RELEASE_ID $OS_RELEASE_ID + " + if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]; then + echo "Running make install.libseccomp.sudo for ubuntu" + if ! [[ -d "/tmp/libpod" ]] + then + echo "Expecting a copy of libpod repository in /tmp/libpod" + exit 5 + fi + mkdir -p "$GOPATH/src/github.com/containers/" + # Symlinks don't work with Go + cp -a /tmp/libpod "$GOPATH/src/github.com/containers/" + cd "$GOPATH/src/github.com/containers/libpod" + ooe.sh sudo make install.libseccomp.sudo + fi + DEST="$GOPATH/src/github.com/opencontainers/runc" + rm -rf "$DEST" + ooe.sh git clone https://github.com/opencontainers/runc.git "$DEST" + cd "$DEST" + ooe.sh git fetch origin --tags + ooe.sh git checkout -q "$RUNC_COMMIT" + ooe.sh make static BUILDTAGS="seccomp selinux" + sudo install -m 755 runc /usr/bin/runc +} + +install_buildah() { + echo "Installing buildah from latest upstream master" + req_env_var "GOPATH $GOPATH" + DEST="$GOPATH/src/github.com/containers/buildah" + rm -rf "$DEST" + ooe.sh git clone https://github.com/containers/buildah "$DEST" + cd "$DEST" + ooe.sh make + ooe.sh sudo make install +} + +# Requires $GOPATH and $CRIO_COMMIT to be set +install_conmon(){ + echo "Installing conmon from commit $CRIO_COMMIT" + req_env_var " + GOPATH $GOPATH + CRIO_COMMIT $CRIO_COMMIT + " + DEST="$GOPATH/src/github.com/kubernetes-sigs/cri-o.git" + rm -rf "$DEST" + ooe.sh git clone https://github.com/kubernetes-sigs/cri-o.git "$DEST" + cd "$DEST" + ooe.sh git fetch origin --tags + ooe.sh git checkout -q "$CRIO_COMMIT" + ooe.sh make + sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon +} + +# Runs in testing VM, not image building +install_testing_dependencies() { + echo "Installing ginkgo, gomega, and easyjson into \$GOPATH=$GOPATH" + req_env_var " + GOPATH $GOPATH + GOSRC $GOSRC + " + cd "$GOSRC" + ooe.sh go get -u github.com/onsi/ginkgo/ginkgo + ooe.sh install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/ + ooe.sh go get github.com/onsi/gomega/... + ooe.sh go get -u github.com/mailru/easyjson/... + sudo install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ +} + +install_packer_copied_files(){ + # Install cni config, policy and registry config + sudo install -D -m 755 /tmp/libpod/cni/87-podman-bridge.conflist \ + /etc/cni/net.d/87-podman-bridge.conflist + sudo install -D -m 755 /tmp/libpod/test/policy.json \ + /etc/containers/policy.json + sudo install -D -m 755 /tmp/libpod/test/redhat_sigstore.yaml \ + /etc/containers/registries.d/registry.access.redhat.com.yaml +} + +install_varlink(){ + echo "Installing varlink from the cheese-factory" + ooe.sh sudo -H pip3 install varlink +} + +_finalize(){ + echo "Removing leftover giblets from cloud-init" + cd / + sudo rm -rf /var/lib/cloud + sudo rm -rf /root/.ssh/* + sudo rm -rf /home/* +} + +rh_finalize(){ + # Allow root ssh-logins + if [[ -r /etc/cloud/cloud.cfg ]] + then + sudo sed -re 's/^disable_root:.*/disable_root: 0/g' -i /etc/cloud/cloud.cfg + fi + echo "Resetting to fresh-state for usage as cloud-image." + sudo $(type -P dnf || type -P yum) clean all + sudo rm -rf /var/cache/{yum,dnf} + sudo rm -f /etc/udev/rules.d/*-persistent-*.rules + sudo touch /.unconfigured # force firstboot to run + _finalize +} + +ubuntu_finalize(){ + echo "Resetting to fresh-state for usage as cloud-image." + sudo rm -rf /var/cache/apt + _finalize +} diff --git a/contrib/cirrus/ooe.sh b/contrib/cirrus/ooe.sh new file mode 100755 index 000000000..d79e574b2 --- /dev/null +++ b/contrib/cirrus/ooe.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# This script executes a command while logging all output to a temporary +# file. If the command exits non-zero, then all output is sent to the console, +# before returning the exit code. If the script itself fails, the exit code 121 +# is returned. + +set -eo pipefail + +SCRIPT_PATH="$0" + +badusage() { + echo "Incorrect usage: $(basename $SCRIPT_PATH) [options]" > /dev/stderr + echo "ERROR: $1" + exit 121 +} + +COMMAND="$@" +[[ -n "$COMMAND" ]] || badusage "No command specified" + +OUTPUT_TMPFILE="$(mktemp -p '' $(basename $0)_output_XXXX)" +output_on_error() { + RET=$? + set +e + if [[ "$RET" -ne "0" ]] + then + echo "---------------------------" + cat "$OUTPUT_TMPFILE" + echo "[$(date --iso-8601=second)] $COMMAND" + fi + rm -f "$OUTPUT_TMPFILE" +} +trap "output_on_error" EXIT + +"$@" 2>&1 | while IFS='' read LINE # Preserve leading/trailing whitespace +do + # Every stdout and (copied) stderr line + echo "[$(date --iso-8601=second)] $LINE" +done >> "$OUTPUT_TMPFILE" diff --git a/contrib/cirrus/packer/README.md b/contrib/cirrus/packer/README.md new file mode 100644 index 000000000..8ff6947e9 --- /dev/null +++ b/contrib/cirrus/packer/README.md @@ -0,0 +1,2 @@ +These are definitions and scripts consumed by packer to produce the +various distribution images used for CI testing. diff --git a/contrib/cirrus/packer/centos_setup.sh b/contrib/cirrus/packer/centos_setup.sh new file mode 100644 index 000000000..2253d7b35 --- /dev/null +++ b/contrib/cirrus/packer/centos_setup.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# This script is called by packer on the subject CentOS VM, to setup the podman +# build/test environment. It's not intended to be used outside of this context. + +set -e + +# Load in library (copied by packer, before this script was run) +source /tmp/libpod/$SCRIPT_BASE/lib.sh + +req_env_var " +SCRIPT_BASE $SCRIPT_BASE +CNI_COMMIT $CNI_COMMIT +CRIO_COMMIT $CRIO_COMMIT +" + +install_ooe + +export GOPATH="$(mktemp -d)" +trap "sudo rm -rf $GOPATH" EXIT + +ooe.sh sudo yum -y update + +ooe.sh sudo yum -y install centos-release-scl epel-release + +ooe.sh sudo yum -y install \ + atomic-registries \ + btrfs-progs-devel \ + bzip2 \ + device-mapper-devel \ + findutils \ + glib2-devel \ + glibc-static \ + gnupg \ + golang \ + golang-github-cpuguy83-go-md2man \ + golang-github-cpuguy83-go-md2man \ + gpgme-devel \ + iptables \ + libassuan-devel \ + libseccomp-devel \ + libselinux-devel \ + lsof \ + make \ + nmap-ncat \ + ostree-devel \ + python \ + python3-dateutil \ + python3-psutil \ + python3-pytoml \ + runc \ + skopeo-containers \ + unzip \ + which \ + xz + +install_scl_git + +install_cni_plugins + +install_buildah + +install_conmon + +install_packer_copied_files + +rh_finalize + +echo "SUCCESS!" diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh new file mode 100644 index 000000000..53709fbdd --- /dev/null +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# This script is called by packer on the subject fedora VM, to setup the podman +# build/test environment. It's not intended to be used outside of this context. + +set -e + +# Load in library (copied by packer, before this script was run) +source /tmp/libpod/$SCRIPT_BASE/lib.sh + +req_env_var " +SCRIPT_BASE $SCRIPT_BASE +CNI_COMMIT $CNI_COMMIT +CRIO_COMMIT $CRIO_COMMIT +RUNC_COMMIT $RUNC_COMMIT +" + +install_ooe + +export GOPATH="$(mktemp -d)" +trap "sudo rm -rf $GOPATH" EXIT + +# breaks networking on f28/29 in GCE +# ooe.sh sudo dnf update -y + +ooe.sh sudo dnf install -y \ + atomic-registries \ + btrfs-progs-devel \ + bzip2 \ + conmon \ + device-mapper-devel \ + findutils \ + git \ + glib2-devel \ + glibc-static \ + gnupg \ + golang \ + golang-github-cpuguy83-go-md2man \ + golang-github-cpuguy83-go-md2man \ + gpgme-devel \ + iptables \ + libassuan-devel \ + libseccomp-devel \ + libselinux-devel \ + lsof \ + make \ + nmap-ncat \ + ostree-devel \ + procps-ng \ + python \ + python3-dateutil \ + python3-psutil \ + python3-pytoml \ + runc \ + skopeo-containers \ + slirp4netns \ + which\ + xz + +install_varlink + +install_cni_plugins + +install_buildah + +install_conmon + +install_packer_copied_files + +rh_finalize # N/B: Halts system! + +echo "SUCCESS!" diff --git a/contrib/cirrus/packer/libpod_images.json b/contrib/cirrus/packer/libpod_images.json new file mode 100644 index 000000000..82a41ca25 --- /dev/null +++ b/contrib/cirrus/packer/libpod_images.json @@ -0,0 +1,124 @@ +{ + "variables": { + "CNI_COMMIT": "{{env `CNI_COMMIT`}}", + "CRIO_COMMIT": "{{env `CRIO_COMMIT`}}", + "RUNC_COMMIT": "{{env `RUNC_COMMIT`}}", + + "CENTOS_BASE_IMAGE": "{{env `CENTOS_BASE_IMAGE`}}" , + "UBUNTU_BASE_IMAGE": "{{env `UBUNTU_BASE_IMAGE`}}", + "FEDORA_BASE_IMAGE": "{{env `FEDORA_BASE_IMAGE`}}", + "RHEL_BASE_IMAGE": "{{env `RHEL_BASE_IMAGE`}}", + + "GOSRC": "{{env `GOSRC`}}", + "PACKER_BASE": "{{env `PACKER_BASE`}}", + "SCRIPT_BASE": "{{env `SCRIPT_BASE`}}", + + "SERVICE_ACCOUNT": "{{env `SERVICE_ACCOUNT`}}", + "GCP_PROJECT_ID": "{{env `GCP_PROJECT_ID`}}", + "CIRRUS_BUILD_ID": "{{env `CIRRUS_BUILD_ID`}}", + "GCE_SSH_USERNAME": "{{env `GCE_SSH_USERNAME`}}", + "RHSM_COMMAND": "{{env `RHSM_COMMAND`}}" + }, + "sensitive-variables": [ + "GCP_PROJECT_ID", "SERVICE_ACCOUNT", "GCE_SSH_USERNAME", "RHSM_COMMAND" + ], + "builders": [ + { + "name": "rhel-7", + "type": "googlecompute", + "project_id": "{{user `GCP_PROJECT_ID`}}", + "zone": "us-central1-a", + "source_image": "{{user `RHEL_BASE_IMAGE`}}", + "image_name": "{{user `RHEL_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}", + "image_family": "{{user `RHEL_BASE_IMAGE`}}-libpod", + "service_account_email": "{{user `SERVICE_ACCOUNT`}}", + "communicator": "ssh", + "ssh_username": "ec2-user", + "ssh_pty": "true" + },{ + "name": "centos-7", + "type": "googlecompute", + "project_id": "{{user `GCP_PROJECT_ID`}}", + "zone": "us-central1-a", + "source_image": "{{user `CENTOS_BASE_IMAGE`}}", + "image_name": "{{user `CENTOS_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}", + "image_family": "{{user `CENTOS_BASE_IMAGE`}}-libpod", + "service_account_email": "{{user `SERVICE_ACCOUNT`}}", + "communicator": "ssh", + "ssh_username": "{{user `GCE_SSH_USERNAME`}}", + "ssh_pty": "true" + },{ + "name": "fedora-28", + "type": "googlecompute", + "project_id": "{{user `GCP_PROJECT_ID`}}", + "zone": "us-central1-a", + "source_image": "{{user `FEDORA_BASE_IMAGE`}}", + "image_name": "{{user `FEDORA_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}", + "image_family": "{{user `FEDORA_BASE_IMAGE`}}-libpod", + "service_account_email": "{{user `SERVICE_ACCOUNT`}}", + "communicator": "ssh", + "ssh_username": "fedora", + "ssh_pty": "true" + },{ + "name": "ubuntu-18", + "type": "googlecompute", + "project_id": "{{user `GCP_PROJECT_ID`}}", + "zone": "us-central1-a", + "source_image": "{{user `UBUNTU_BASE_IMAGE`}}", + "image_name": "{{user `UBUNTU_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}", + "image_family": "{{user `UBUNTU_BASE_IMAGE`}}-libpod", + "service_account_email": "{{user `SERVICE_ACCOUNT`}}", + "communicator": "ssh", + "ssh_username": "{{user `GCE_SSH_USERNAME`}}", + "ssh_pty": "true" + } + ], + "provisioners": [ + { + "type": "file", + "source": "{{user `GOSRC`}}", + "destination": "/tmp/libpod" + },{ + "type": "shell", + "only": ["rhel-7"], + "script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/rhel_setup.sh", + "environment_vars": [ + "SCRIPT_BASE={{user `SCRIPT_BASE`}}", + "CNI_COMMIT={{user `CNI_COMMIT`}}", + "CRIO_COMMIT={{user `CRIO_COMMIT`}}", + "RUNC_COMMIT={{user `RUNC_COMMIT`}}", + "RHSM_COMMAND={{user `RHSM_COMMAND`}}" + ] + },{ + "type": "shell", + "only": ["centos-7"], + "script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/centos_setup.sh", + "environment_vars": [ + "SCRIPT_BASE={{user `SCRIPT_BASE`}}", + "CNI_COMMIT={{user `CNI_COMMIT`}}", + "CRIO_COMMIT={{user `CRIO_COMMIT`}}", + "RUNC_COMMIT={{user `RUNC_COMMIT`}}" + ] + },{ + "type": "shell", + "only": ["fedora-28"], + "script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/fedora_setup.sh", + "environment_vars": [ + "SCRIPT_BASE={{user `SCRIPT_BASE`}}", + "CNI_COMMIT={{user `CNI_COMMIT`}}", + "CRIO_COMMIT={{user `CRIO_COMMIT`}}", + "RUNC_COMMIT={{user `RUNC_COMMIT`}}" + ] + },{ + "type": "shell", + "only": ["ubuntu-18"], + "script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/ubuntu_setup.sh", + "environment_vars": [ + "SCRIPT_BASE={{user `SCRIPT_BASE`}}", + "CNI_COMMIT={{user `CNI_COMMIT`}}", + "CRIO_COMMIT={{user `CRIO_COMMIT`}}", + "RUNC_COMMIT={{user `RUNC_COMMIT`}}" + ] + } + ] +} diff --git a/contrib/cirrus/packer/rhel_setup.sh b/contrib/cirrus/packer/rhel_setup.sh new file mode 100644 index 000000000..b776a0d97 --- /dev/null +++ b/contrib/cirrus/packer/rhel_setup.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +# This script is called by packer on the subject CentOS VM, to setup the podman +# build/test environment. It's not intended to be used outside of this context. + +set -e + +# Load in library (copied by packer, before this script was run) +source /tmp/libpod/$SCRIPT_BASE/lib.sh + +req_env_var " +SCRIPT_BASE $SCRIPT_BASE +CNI_COMMIT $CNI_COMMIT +CRIO_COMMIT $CRIO_COMMIT +RHSM_COMMAND $RHSM_COMMAND +" + +install_ooe + +export GOPATH="$(mktemp -d)" +export RHSMCMD="$(mktemp)" + +exit_handler() { + set +ex + cd / + sudo rm -rf "$RHSMCMD" + sudo rm -rf "$GOPATH" + sudo subscription-manager remove --all + sudo subscription-manager unregister + sudo subscription-manager clean +} +trap "exit_handler" EXIT + +# Avoid logging sensitive details +echo "$RHSM_COMMAND" > "$RHSMCMD" +ooe.sh sudo bash "$RHSMCMD" +sudo rm -rf "$RHSMCMD" + +ooe.sh sudo yum -y erase "rh-amazon-rhui-client*" +ooe.sh sudo subscription-manager repos "--disable=*" +ooe.sh sudo subscription-manager repos \ + --enable=rhel-7-server-rpms \ + --enable=rhel-7-server-optional-rpms \ + --enable=rhel-7-server-extras-rpms \ + --enable=rhel-server-rhscl-7-rpms + +ooe.sh sudo yum -y update + +# Frequently needed +ooe.sh sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm + +# Required for google to manage ssh keys +sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM +[google-cloud-compute] +name=google-cloud-compute +baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-compute-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=1 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg + https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOM + +ooe.sh sudo yum -y install \ + atomic-registries \ + btrfs-progs-devel \ + bzip2 \ + device-mapper-devel \ + findutils \ + glib2-devel \ + glibc-static \ + gnupg \ + golang \ + golang-github-cpuguy83-go-md2man \ + golang-github-cpuguy83-go-md2man \ + google-compute-engine \ + google-compute-engine-oslogin \ + gpgme-devel \ + iptables \ + libassuan-devel \ + libseccomp-devel \ + libselinux-devel \ + lsof \ + make \ + nmap-ncat \ + ostree-devel \ + python \ + python34-dateutil \ + python34-psutil \ + python34-pytoml \ + runc \ + skopeo-containers \ + unzip \ + which \ + xz + +install_scl_git + +install_cni_plugins + +install_buildah + +install_conmon + +install_packer_copied_files + +exit_handler # release subscription! + +rh_finalize + +echo "SUCCESS!" diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh new file mode 100644 index 000000000..96b3a573f --- /dev/null +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +# This script is called by packer on the subject Ubuntu VM, to setup the podman +# build/test environment. It's not intended to be used outside of this context. + +set -e + +# Load in library (copied by packer, before this script was run) +source /tmp/libpod/$SCRIPT_BASE/lib.sh + +req_env_var " +SCRIPT_BASE $SCRIPT_BASE +CNI_COMMIT $CNI_COMMIT +CRIO_COMMIT $CRIO_COMMIT +RUNC_COMMIT $RUNC_COMMIT +" + +install_ooe + +export GOPATH="$(mktemp -d)" +trap "sudo rm -rf $GOPATH" EXIT + +ooe.sh sudo apt-get -qq update +ooe.sh sudo apt-get -qq update # sometimes it needs to get it twice :S +ooe.sh sudo apt-get -qq upgrade +ooe.sh sudo apt-get -qq install --no-install-recommends \ + apparmor \ + autoconf \ + automake \ + bison \ + btrfs-tools \ + build-essential \ + curl \ + e2fslibs-dev \ + gawk \ + gettext \ + golang \ + go-md2man \ + iptables \ + libaio-dev \ + libapparmor-dev \ + libcap-dev \ + libdevmapper-dev \ + libdevmapper1.02.1 \ + libfuse-dev \ + libglib2.0-dev \ + libgpgme11-dev \ + liblzma-dev \ + libostree-dev \ + libprotobuf-c0-dev \ + libprotobuf-dev \ + libtool \ + libtool \ + libudev-dev \ + lsof \ + netcat \ + pkg-config \ + protobuf-c-compiler \ + protobuf-compiler \ + python-minimal \ + python3-dateutil \ + python3-pip \ + python3-psutil \ + python3-pytoml \ + python3-setuptools \ + socat \ + unzip \ + xz-utils + +echo "Fixing Ubuntu kernel not enabling swap accounting by default" +SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g' +ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/* +ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub +ooe.sh sudo update-grub + +install_runc + +install_conmon + +install_cni_plugins + +install_buildah + +install_packer_copied_files + +install_varlink + +sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora\ + -o /etc/containers/registries.conf + +ubuntu_finalize + +echo "SUCCESS!" diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh new file mode 100755 index 000000000..2302f0e15 --- /dev/null +++ b/contrib/cirrus/setup_environment.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +set -e +source $(dirname $0)/lib.sh + +req_env_var " +CI $CI +USER $USER +HOME $HOME +ENVLIB $ENVLIB +SCRIPT_BASE $SCRIPT_BASE +CIRRUS_BUILD_ID $CIRRUS_BUILD_ID" + +[[ "$SHELL" =~ "bash" ]] || chsh -s /bin/bash + +cd "$CIRRUS_WORKING_DIR" # for clarity of initial conditions + +# Verify basic dependencies +for depbin in go rsync unzip sha256sum curl make +do + if ! type -P "$depbin" &> /dev/null + then + echo "ERROR: $depbin binary not found in $PATH" + exit 2 + fi +done + +# Setup env. vars common to all tasks/scripts/platforms and +# ensure they return for every following script execution. +MARK="# Added by $0, manual changes will be lost." +touch "$HOME/$ENVLIB" +if ! grep -q "$MARK" "$HOME/$ENVLIB" +then + cp "$HOME/$ENVLIB" "$HOME/${ENVLIB}_original" + # N/B: Single-quote items evaluated every time, double-quotes only once (right now). + for envstr in \ + "$MARK" \ + "export HEAD=\"$CIRRUS_CHANGE_IN_REPO\"" \ + "export TRAVIS=\"1\"" \ + "export GOSRC=\"$CIRRUS_WORKING_DIR\"" \ + "export OS_RELEASE_ID=\"$(os_release_id)\"" \ + "export OS_RELEASE_VER=\"$(os_release_ver)\"" \ + "export OS_REL_VER=\"${OS_RELEASE_ID}-${OS_RELEASE_VER}\"" \ + "export GOPATH=\"/go\"" \ + 'export PATH="$HOME/bin:$GOPATH/bin:/usr/local/bin:$PATH"' \ + 'export LD_LIBRARY_PATH="/usr/local/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}"' + do + # Make permanent in later shells, and set in current shell + X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X" + done + + # Some setup needs to vary between distros + case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in + ubuntu-18) + envstr='export BUILDTAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) varlink exclude_graphdriver_devicemapper"' + ;; + fedora-28) ;& # Continue to the next item + centos-7) ;& + rhel-7) + envstr='unset BUILDTAGS' # Use default from Makefile + ;; + *) bad_os_id_ver ;; + esac + X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X" + + # Do the same for golang env. vars + go env | while read envline + do + X=$(echo "export $envline" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X" + done + + cd "${GOSRC}/" + source "$SCRIPT_BASE/lib.sh" + + # Only testing-VMs need deps installed + [[ -n "$PACKER_BUILDS" ]] || install_testing_dependencies # must exist in $GOPATH +fi diff --git a/contrib/cirrus/unit_test.sh b/contrib/cirrus/unit_test.sh new file mode 100755 index 000000000..cacc23045 --- /dev/null +++ b/contrib/cirrus/unit_test.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -e +source $(dirname $0)/lib.sh + +req_env_var " +GOSRC $GOSRC +OS_RELEASE_ID $OS_RELEASE_ID +OS_RELEASE_VER $OS_RELEASE_VER +" + +show_env_vars + +set -x +cd "$GOSRC" +case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in + ubuntu-18) + make localunit "BUILDTAGS=$BUILDTAGS" + make "BUILDTAGS=$BUILDTAGS" + ;; + fedora-28) + make localunit + make + ;; + centos-7) ;& # Continue to the next item + rhel-7) + stub 'unit testing not working on $OS_RELEASE_ID' + ;; + *) bad_os_id_ver ;; +esac -- cgit v1.2.3-54-g00ecf