From 1abb2174934a461d90885afc0a8655e9d326f21e Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 10 Jul 2019 12:15:43 -0400 Subject: Cirrus: Disable most periodic services/timers For CI testing, it's important to remove as much variability from the overall system as possible. This permits focusing just on problems closely related to code-changes. To this end, and because VMs are very short-lived (2 hours at most), disable all systemd services and timers which perform periodic activities. Signed-off-by: Chris Evich --- contrib/cirrus/lib.sh | 14 ++++++++++++++ contrib/cirrus/packer/fedora_base-setup.sh | 3 +++ contrib/cirrus/packer/fedora_setup.sh | 3 +++ contrib/cirrus/packer/ubuntu_setup.sh | 3 +++ 4 files changed, 23 insertions(+) (limited to 'contrib/cirrus') diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 4acdb460a..ab3c5642d 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -350,6 +350,20 @@ remove_packaged_podman_files(){ done } +systemd_banish(){ + echo "Disabling periodic services that could destabalize testing:" + set +e # Not all of these exist on every platform + for unit in cron atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean + do + ooe.sh sudo systemctl stop $unit + ooe.sh sudo systemctl disable $unit + ooe.sh sudo systemctl disable $unit.timer + ooe.sh sudo systemctl mask $unit + ooe.sh sudo systemctl mask $unit.timer + done + set -e +} + _finalize(){ set +e # Don't fail at the very end set +e # make errors non-fatal diff --git a/contrib/cirrus/packer/fedora_base-setup.sh b/contrib/cirrus/packer/fedora_base-setup.sh index a425b2b57..788a54c34 100644 --- a/contrib/cirrus/packer/fedora_base-setup.sh +++ b/contrib/cirrus/packer/fedora_base-setup.sh @@ -27,6 +27,9 @@ ooe.sh systemctl enable rngd echo "Setting cloud-init service to start after google-network-daemon.service" cp -v $GOSRC/$PACKER_BASE/cloud-init/fedora/cloud-init.service /etc/systemd/system/ +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + rh_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index eb95db907..1e25a1a3c 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -76,6 +76,9 @@ ooe.sh sudo dnf install -y \ xz \ zip +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + sudo /tmp/libpod/hack/install_catatonit.sh rh_finalize diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index 6209f2f89..dba191ad2 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -100,6 +100,9 @@ ooe.sh sudo update-grub sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + ubuntu_finalize echo "SUCCESS!" -- cgit v1.2.3-54-g00ecf From f58b754c8d3a45b8d9123c624bf299b87285c3bf Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 12 Jul 2019 10:32:12 -0400 Subject: Cirrus: Add image-test for locked dpkg Signed-off-by: Chris Evich --- contrib/cirrus/check_image.sh | 6 ++++++ contrib/cirrus/lib.sh | 7 +++++-- 2 files changed, 11 insertions(+), 2 deletions(-) (limited to 'contrib/cirrus') diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh index 67e807d61..690a38119 100755 --- a/contrib/cirrus/check_image.sh +++ b/contrib/cirrus/check_image.sh @@ -36,4 +36,10 @@ do "$(systemctl list-unit-files --no-legend $REQ_UNIT)" = "$REQ_UNIT enabled" || let "RET+=1" done +# Exits zero if any unit matching pattern is running +UNIT_STATUS=$(systemctl is-active $EVIL_UNITS; echo $?) +item_test "No interfering background units are active:" \ + "$UNIT_STATUS" -ne "0" || let "RET+=1" + +echo "Total failed tests: $RET" exit $RET diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index ab3c5642d..a9da3f4ce 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -78,6 +78,9 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. # Unsafe env. vars for display SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(^GC[EP]..+)|(SSH)' +# Names of systemd units which should never be running +EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean" + SPECIALMODE="${SPECIALMODE:-none}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -351,9 +354,9 @@ remove_packaged_podman_files(){ } systemd_banish(){ - echo "Disabling periodic services that could destabalize testing:" + echo "Disabling periodic services that could destabilize testing:" set +e # Not all of these exist on every platform - for unit in cron atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean + for unit in $EVIL_UNITS do ooe.sh sudo systemctl stop $unit ooe.sh sudo systemctl disable $unit -- cgit v1.2.3-54-g00ecf