Cirrus: Support testing of VM cache-image changes

Previously, it was quite difficult to affect changes to VM cache images without lots of manual work. This commit adds a new optional testing task which mirrors the official-image build task which only runs on master. In contrast, the new task may be run at any time in a PR, but including a magic phrase in the PR description. Update documentation to describe the new task and inform on it's usage. Signed-off-by: Chris Evich <cevich@redhat.com>
2025-06-24 11:28:24 +08:00 · 2019-03-06 11:47:24 -05:00
parent 84c6f7c55d
commit 191a08ae43
12 changed files with 228 additions and 158 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -36,12 +36,12 @@ env:
        ubuntu-18-libpod-548c1c05
        rhel-7-libpod-548c1c05
        image-builder-image-1541772081
-    FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-548c1c05"
+    FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5699523102900224"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-548c1c05"
+    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5699523102900224"
-    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-548c1c05"
+    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5699523102900224"
-    PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-548c1c05"
+    PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-5699523102900224"
-    # RHEL_CACHE_IMAGE_NAME: "rhel-8-notready"
+    RHEL_CACHE_IMAGE_NAME: "rhel-8-notready"
-    # CENTOS_CACHE_IMAGE_NAME: "centos-7-notready"
+    CENTOS_CACHE_IMAGE_NAME: "centos-7-notready"
    ####
    #### Variables for composing new cache-images (used in PR testing) from
@ -106,6 +106,17 @@ env:
        XDG_DATA_DIRS XDG_RUNTIME_DIR XDG_SESSION_ID ROOTLESS_USER
 # Default VM to use unless set or modified by task
 gce_instance:
    image_project: "libpod-218412"
    zone: "us-central1-a"  # Required by Cirrus for the time being
    cpu: 2
    memory: "4Gb"
    disk: 200
    # A matrix could be used here, for now just one VM
    image_name: "${FEDORA_CACHE_IMAGE_NAME}"
 # Every *_task runs in parallel in separate VMsd. The name prefix only for reference
 # in WebUI, and will be followed by matrix details.  This task gates all others with
 # quick format, lint, and unit tests on the standard platform.
@ -131,7 +142,6 @@ gating_task:
        - '/usr/local/bin/entrypoint.sh install.tools |& ${TIMESTAMP}'
        - '/usr/local/bin/entrypoint.sh validate |& ${TIMESTAMP}'
        - '/usr/local/bin/entrypoint.sh lint |& ${TIMESTAMP}'
        - '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/test/test_dot_cirrus_yaml.py |& ${TIMESTAMP}'
    # This task builds Podman with different buildtags to ensure the build does
    # not break.  It also verifies all sub-commands have man pages.
@ -157,6 +167,8 @@ gating_task:
 # in sync at all times.
 vendor_task:
    only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
    depends_on:
        - "gating"
@ -184,11 +196,15 @@ vendor_task:
 # whether the git tree is clean.
 varlink_api_task:
    only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
    depends_on:
        - "gating"
    env:
        CIRRUS_WORKING_DIR: "/usr/src/libpod"
        GOPATH: "/go"
        GOSRC: "/go/src/github.com/containers/libpod"
        # Used by tree_status.sh
        SUGGESTION: 'remove API.md, then "make varlink_api_generate" and commit changes.'
@ -200,9 +216,9 @@ varlink_api_task:
    timeout_in: 10m
-    vendor_script:
+    api_md_script:
-        - '/usr/local/bin/entrypoint.sh varlink_api_generate'
+        - '/usr/local/bin/entrypoint.sh varlink_api_generate |& ${TIMESTAMP}'
-        - 'cd /go/src/github.com/containers/libpod && ./hack/tree_status.sh'
+        - 'cd ${GOSRC} && ./hack/tree_status.sh |& ${TIMESTAMP}'
    on_failure:
        failed_master_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_master_failure.sh'
@ -216,7 +232,8 @@ build_each_commit_task:
        - "varlink_api"
    # $CIRRUS_BASE_BRANCH is only set when testing a PR
-    only_if: $CIRRUS_BRANCH != 'master'
+    only_if: $CIRRUS_BRANCH != 'master' &&
             $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
    gce_instance:
        image_project: "libpod-218412"
@ -250,7 +267,15 @@ meta_task:
    env:
        # Space-separated list of images used by this repository state
-        IMGNAMES: "${ACTIVE_CACHE_IMAGE_NAMES}"
+        IMGNAMES: >-
            ${FEDORA_CACHE_IMAGE_NAME}
            ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
            ${UBUNTU_CACHE_IMAGE_NAME}
            ${PRIOR_RHEL_CACHE_IMAGE_NAME}
            ${RHEL_CACHE_IMAGE_NAME}
            ${PRIOR_CENTOS_CACHE_IMAGE_NAME}
            ${CENTOS_CACHE_IMAGE_NAME}
            ${IMAGE_BUILDER_CACHE_IMAGE_NAME}
        BUILDID: "${CIRRUS_BUILD_ID}"
        REPOREF: "${CIRRUS_CHANGE_IN_REPO}"
        GCPJSON: ENCRYPTED[950d9c64ad78f7b1f0c7e499b42dc058d2b23aa67e38b315e68f557f2aba0bf83068d4734f7b1e1bdd22deabe99629df]
@ -258,6 +283,8 @@ meta_task:
        GCPPROJECT: ENCRYPTED[7c80e728e046b1c76147afd156a32c1c57d4a1ac1eab93b7e68e718c61ca8564fc61fef815952b8ae0a64e7034b8fe4f]
        CIRRUS_CLONE_DEPTH: 1  # source not used
    timeout_in: 10m
    script: '/usr/local/bin/entrypoint.sh |& ${TIMESTAMP}'
@ -270,19 +297,10 @@ testing_task:
        - "vendor"
        - "build_each_commit"
-    env:
+    # Only test build cache-images, if that's what's requested
-        matrix:
+    only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
            TEST_REMOTE_CLIENT: true
            TEST_REMOTE_CLIENT: false
    gce_instance:
        image_project: "libpod-218412"
        zone: "us-central1-a"  # Required by Cirrus for the time being
        cpu: 2
        memory: "4Gb"
        disk: 200  # see https://developers.google.com/compute/docs/disks#performance
        # Generate multiple parallel tasks, covering all possible
        # 'matrix' combinations.
        matrix:
            # Images are generated separately, from build_images_task (below)
            image_name: "${FEDORA_CACHE_IMAGE_NAME}"
@ -291,8 +309,11 @@ testing_task:
    timeout_in: 120m
-    # Every *_script runs in sequence, for each task. The name prefix is for
+    env:
-    # WebUI reference.  The values may be strings...
+        matrix:
            TEST_REMOTE_CLIENT: true
            TEST_REMOTE_CLIENT: false
    setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
    unit_test_script: '$SCRIPT_BASE/unit_test.sh |& ${TIMESTAMP}'
    integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
@ -317,21 +338,14 @@ special_testing_task:
        - "vendor"
        - "build_each_commit"
-    gce_instance:
+    only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
        image_project: "libpod-218412"
        zone: "us-central1-a"  # Required by Cirrus for the time being
        cpu: 2
        memory: "4Gb"
        disk: 200
        # A matrix could be used here, for now just one VM
        image_name: "${FEDORA_CACHE_IMAGE_NAME}"
    env:
        matrix:
            SPECIALMODE: 'rootless'  # See docs
            SPECIALMODE: 'in_podman'  # See docs
-    timeout_in: 120m
+    timeout_in: 60m
    setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
    integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
@ -354,16 +368,18 @@ optional_testing_task:
    # later from OS distribution's build systems.
    only_if: >-
        $CIRRUS_BRANCH != 'master' &&
        $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*' &&
        $CIRRUS_CHANGE_MESSAGE =~ '.*\*\*\*\s*CIRRUS:\s*SYSTEM\s*TEST\s*\*\*\*.*'
    gce_instance:
        image_project: "libpod-218412"
        matrix:
            image_name: "${FEDORA_CACHE_IMAGE_NAME}"
            image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
            image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
            image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}"
-            image_name: "${CENTOS_CACHE_IMAGE_NAME}"
+            # image_name: "${RHEL_CACHE_IMAGE_NAME}"
            image_name: "${PRIOR_CENTOS_CACHE_IMAGE_NAME}"
            # image_name: "${CENTOS_CACHE_IMAGE_NAME}"
    timeout_in: 60m
@ -371,13 +387,88 @@ optional_testing_task:
    system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}'
 # Test building of new cache-images for future PR testing, in this PR.
 test_build_cache_images_task:
    only_if: >-
        $CIRRUS_BRANCH != 'master' &&
        $CIRRUS_CHANGE_MESSAGE =~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*' &&
        $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*SYSTEM\s*TEST\s*\*\*\*.*'
    depends_on:
        - "gating"
    # VMs created by packer are not cleaned up by cirrus, must allow task to complete
    auto_cancellation: $CI != "true"
    env:
        # Unique to this specific run of _all_ tasks
        BUILT_IMAGE_SUFFIX: "-${CIRRUS_REPO_NAME}-${CIRRUS_BUILD_ID}"
    gce_instance:
        image_project: "libpod-218412"
        zone: "us-central1-a"
        cpu: 4
        memory: "4Gb"
        disk: 200
        image_name: "${IMAGE_BUILDER_CACHE_IMAGE_NAME}"
        scopes:  # required for image building
            - compute
            - devstorage.full_control
    environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
    build_vm_images_script: '$SCRIPT_BASE/build_vm_images.sh |& ${TIMESTAMP}'
 # Test building of new cache-images for future PR testing, in this PR.
 test_built_images_task:
    only_if: >-
        $CIRRUS_BRANCH != 'master' &&
        $CIRRUS_CHANGE_MESSAGE =~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*' &&
        $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*SYSTEM\s*TEST\s*\*\*\*.*'
    depends_on:
        - "gating"
        - "test_build_cache_images"
    # VMs created by packer are not cleaned up by cirrus, must allow task to complete
    auto_cancellation: $CI != "true"
    env:
        # Unique to this specific run of _all_ tasks
        BUILT_IMAGE_SUFFIX: "-${CIRRUS_REPO_NAME}-${CIRRUS_BUILD_ID}"
    gce_instance:
        matrix:
            # Images are generated separately, from build_images_task (below)
            image_name: "fedora-28${BUILT_IMAGE_SUFFIX}"
            image_name: "fedora-29${BUILT_IMAGE_SUFFIX}"
            image_name: "ubuntu-18${BUILT_IMAGE_SUFFIX}"
    env:
        matrix:
            TEST_REMOTE_CLIENT: true
            TEST_REMOTE_CLIENT: false
    environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
    unit_test_script: '$SCRIPT_BASE/unit_test.sh |& ${TIMESTAMP}'
    integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
    rootless_testing_script:
        - export ROOTLESS_USER=yarrpilferingpirate
        - export ROOTLESS_UID=234567
        - export ROOTLESS_GID=234567
        - cd $GOSRC && $SCRIPT_BASE/setup_and_run_rootless.sh |& ${TIMESTAMP}
 # Build new cache-images for future PR testing, but only after a PR merge.
 # The cache-images save install/setup time needed test every PR.  The 'active' images
 # are selected by the 'image_name' items tasks above.  Currently this requires
 # manually updating the names, but this could be automated (see comment below).
-cache_images_task:
+build_cache_images_task:
    # Only produce new cache-images after a PR merge, and if a magic string
-    # is present in the most recent commit-message.
+    # is present in the most recent ___commit-message___.
    only_if: >-
        $CIRRUS_BRANCH == 'master' &&
        $CIRRUS_CHANGE_MESSAGE =~ '.*\*\*\*\s*CIRRUS:\s*REBUILD\s*IMAGES\s*\*\*\*.*'
@ -426,12 +517,14 @@ success_task:
    depends_on:  # ignores any dependent task conditions
        - "gating"
-        - "varlink_api"
+        - "build_each_commit"
        - "vendor"
-        - "build_each_commit_task"
+        - "varlink_api"
        - "testing"
-        - "rootless_testing_task"
+        - "special_testing"
        - "optional_testing"
        - "test_build_cache_images"
        - "build_cache_images"
    env:
        CIRRUS_WORKING_DIR: "/usr/src/libpod"
--- a/contrib/cirrus/README.md
+++ b/contrib/cirrus/README.md
@ -99,43 +99,64 @@ contents of the ``$SPECIALMODE`` environment variable.
   then execute `make localsystem` from the repository root.
-### ``cache_images`` Task
+### ``test_build_cache_images_task`` Task
-Modifying the contents of cache-images is done by making changes to
+Modifying the contents of cache-images is tested by making changes to
-one or more of the ``./contrib/cirrus/packer/*_setup.sh`` files.  Testing
+one or more of the ``./contrib/cirrus/packer/*_setup.sh`` files.  Then
-those changes currently requires adding a temporary commit to a PR that
+in the PR description, add the magic string:  ``***CIRRUS: TEST IMAGES***``
 updates ``.cirrus.yml``:
 * Remove all task sections except ``cache_images_task``.
 * Remove the ``only_if`` condition and ``depends_on`` dependencies
 The new image names will be displayed at the end of output, assuming the build
 is successful, at that point the temporary commit may be removed.  Finally,
 the new names may be used as ``image_name`` values in ``.cirrus.yml``.
 ***N/B: Steps below are performed by automation***
-1. When a PR is merged (``$CIRRUS_BRANCH`` == ``master``), run another
+1. ``setup_environment.sh``: Same as for other tasks.
   round of the ``gating`` and ``testing`` tasks (above).
-2. Assuming tests pass, if the commit message contains the magic string
+2. ``build_vm_images.sh``: Utilize [the packer tool](http://packer.io/docs/)
   ``***CIRRUS: REBUILD IMAGES***``, then this task continues.  Otherwise
   simply mark the master branch as 'passed'.
 3. ``setup_environment.sh``: Same as for other tasks.
 4. ``build_vm_images.sh``: Utilize [the packer tool](http://packer.io/docs/)
   to produce new VM images.  Create a new VM from each base-image, connect
   to them with ``ssh``, and perform the steps as defined by the
-   ``$PACKER_BASE/libpod_images.json`` file:
+   ``$PACKER_BASE/libpod_images.yml`` file:
    1. On a base-image VM, as root, copy the current state of the repository
       into ``/tmp/libpod``.
    2. Execute distribution-specific scripts to prepare the image for
-       use by the ``integration_testing`` task (above).  For example,
+       use.  For example, ``fedora_setup.sh``.
-       ``fedora_setup.sh``.
+    3. If successful, shut down each VM and record the names, and dates
-    3. If successful, shut down each VM and create a new GCE Image
+       into a json manifest file.
-       named with the base image, and the commit sha of the merge.
+    4. Move the manifest file, into a google storage bucket object.
       This is a retained as a secondary method for tracking/auditing
       creation of VM images, should it ever be needed.
 ***Manual Steps:***  In order to utilize built images, their names must be upated
 in ``.cirrus.yml``.  For example, if the image ``blah-1234`` was produced above:
 ```yaml
 env:
    ####
    #### Cache-image names to test with
    ###
    BLAH_CACHE_IMAGE_NAME: "blah-1234"
 ```
 A new pull-request with that change, will run tasks utilizing that image.
 ### ``test_built_images`` Task
 Only runs following successful ``test_build_cache_images_task`` task.  Uses
 images following the standard naming format, with execution of
 the 'gate', 'testing' and 'rootless_testing' scripts.  Validating the images
 suitability for wide-spread use.
 ### ``cache_images`` Task
 Exactly the same as ``test_build_cache_images_task`` task, but only runs on
 the master branch.  Requires a magic string to be in the `HEAD`
 commit message: ``***CIRRUS: BUILD IMAGES***``
 When successful, the manifest file along with all VM disks, are moved
 into a dedicated google storage bucket, separate from the one used by
 `test_build_cache_images_task`.  These may be used to create new cache-images for
 PR testing by manually importing them as described above.
 ### Base-images
--- a/contrib/cirrus/build_vm_images.sh
+++ b/contrib/cirrus/build_vm_images.sh
@ -46,7 +46,4 @@ make libpod_images \
 URI="gs://packer-import${POST_MERGE_BUCKET_SUFFIX}/manifest${BUILT_IMAGE_SUFFIX}.json"
 gsutil cp packer-manifest.json "$URI"
-echo "Finished."
+echo "Finished. A JSON manifest of produced images is available at $URI"
 echo "Any tarball URI's referenced above at at $URI"
 echo "may be used to create VM images suitable for use in"
 echo ".cirrus.yml as values for the 'image_name' keys."
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@ -19,6 +19,9 @@ CIRRUS_BASE_SHA=${CIRRUS_BASE_SHA:-HEAD}
 CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-FETCH_HEAD}
 SPECIALMODE="${SPECIALMODE:-none}"
 export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman}
 ROOTLESS_USER="${ROOTLESS_USER:-}"
 ROOTLESS_UID="${ROOTLESS_UID:-}"
 ROOTLESS_GID="${ROOTLESS_GID:-}"
 if ! [[ "$PATH" =~ "/usr/local/bin" ]]
 then
@ -200,7 +203,7 @@ setup_rootless() {
    su --login --command 'go env' $ROOTLESS_USER | \
        while read envline
        do
-            X=$(echo "export $envline" | tee -a "/home/$ROOTLESS_USER/$ENVLIB") && echo "$X"
+            X=$(echo "export $envline" | tee -a "/home/$ROOTLESS_USER/.bash_profile") && echo "$X"
        done
 }
--- a/contrib/cirrus/packer/centos_setup.sh
+++ b/contrib/cirrus/packer/centos_setup.sh
@ -36,6 +36,7 @@ ooe.sh sudo yum -y install \
    golang-github-cpuguy83-go-md2man \
    gpgme-devel \
    iptables \
    jq \
    libassuan-devel \
    libcap-devel \
    libnet \
@ -77,6 +78,8 @@ install_criu
 install_packer_copied_files
 sudo /tmp/libpod/hack/install_catatonit.sh
 rh_finalize
 echo "SUCCESS!"
--- a/contrib/cirrus/packer/fedora_setup.sh
+++ b/contrib/cirrus/packer/fedora_setup.sh
@ -36,6 +36,7 @@ ooe.sh sudo dnf install -y \
    gpgme-devel \
    iptables \
    iproute \
    jq \
    libassuan-devel \
    libcap-devel \
    libnet \
@ -78,6 +79,8 @@ install_conmon
 install_packer_copied_files
 sudo /tmp/libpod/hack/install_catatonit.sh
 rh_finalize # N/B: Halts system!
 echo "SUCCESS!"
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@ -98,8 +98,4 @@ provisioners:
          - 'RHSM_COMMAND={{user `RHSM_COMMAND`}}'
 post-processors:
-    # Store VM disk in GCP storage, where it will expire based on a defined
+    - - type: 'manifest'  # writes packer-manifest.json
    # lifecycle. This prevents GCE from filling with disused images.
    - - type: 'googlecompute-export'
        paths: ['gs://packer-import{{user `POST_MERGE_BUCKET_SUFFIX`}}/{{build_name}}{{user `BUILT_IMAGE_SUFFIX`}}.tar.gz']
      - type: 'manifest'  # writes packer-manifest.json
--- a/contrib/cirrus/packer/rhel_setup.sh
+++ b/contrib/cirrus/packer/rhel_setup.sh
@ -41,6 +41,7 @@ ooe.sh sudo yum -y install \
    golang-github-cpuguy83-go-md2man \
    gpgme-devel \
    iptables \
    jq \
    libassuan-devel \
    libcap-devel \
    libnet \
@ -84,6 +85,8 @@ install_criu
 install_packer_copied_files
 sudo /tmp/libpod/hack/install_catatonit.sh
 rhel_exit_handler  # release subscription!
 rh_finalize
--- a/contrib/cirrus/packer/ubuntu_setup.sh
+++ b/contrib/cirrus/packer/ubuntu_setup.sh
@ -45,6 +45,7 @@ ooe.sh sudo -E apt-get -qq install \
    golang \
    iproute2 \
    iptables \
    jq \
    libaio-dev \
    libapparmor-dev \
    libcap-dev \
@ -101,6 +102,8 @@ install_buildah
 install_packer_copied_files
 sudo /tmp/libpod/hack/install_catatonit.sh
 install_varlink
 sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora\
--- a/contrib/cirrus/rootless_test.sh
+++ b/contrib/cirrus/rootless_test.sh
@ -1,10 +1,10 @@
 #!/bin/bash
-set -e
+set -ex
 source $HOME/.bash_profile
 source "$HOME/.bash_profile"
 source $GOSRC/$SCRIPT_BASE/lib.sh
 cd $GOSRC
 source $(dirname $0)/lib.sh
 req_env_var GOSRC OS_RELEASE_ID OS_RELEASE_VER
--- a/contrib/cirrus/setup_and_run_rootless.sh
+++ b/contrib/cirrus/setup_and_run_rootless.sh
@ -0,0 +1,26 @@
 #!/bin/bash
 set -ex
 source $(dirname $0)/lib.sh
 req_env_var "
 CIRRUS_WORKING_DIR $CIRRUS_WORKING_DIR
 GOSRC $GOSRC
 SCRIPT_BASE $SCRIPT_BASE
 ROOTLESS_USER $ROOTLESS_USER
 ROOTLESS_UID $ROOTLESS_UID
 ROOTLESS_GID $ROOTLESS_GID
 "
 if run_rootless
 then
    die 86 "Error: Expected rootless env. vars not set or empty"
 fi
 cd $GOSRC
 setup_rootless
 ssh $ROOTLESS_USER@localhost \
            -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no \
            $CIRRUS_WORKING_DIR/$SCRIPT_BASE/rootless_test.sh
--- a/contrib/cirrus/test/test_dot_cirrus_yaml.py
+++ b/contrib/cirrus/test/test_dot_cirrus_yaml.py
@ -1,78 +0,0 @@
 #!/bin/env python3
 import sys
 import os
 import os.path
 import unittest
 import warnings
 import yaml
 class TestCaseBase(unittest.TestCase):
    SCRIPT_PATH = os.path.realpath((os.path.dirname(sys.argv[0])))
    CIRRUS_WORKING_DIR = os.environ.get('CIRRUS_WORKING_DIR',
                                        '{0}/../../../'.format(SCRIPT_PATH))
    def setUp(self):
        os.chdir(self.CIRRUS_WORKING_DIR)
 class TestCirrusYAML(TestCaseBase):
    IMAGE_NAME_SUFFIX = '_CACHE_IMAGE_NAME'
    ACTIVE_IMAGES_NAME = 'ACTIVE_CACHE_IMAGE_NAMES'
    def setUp(self):
        TestCirrusYAML._cirrus = None
        super().setUp()
    @property
    def cirrus(self):
        if TestCirrusYAML._cirrus is None:
            with warnings.catch_warnings():
                warnings.filterwarnings("ignore",category=DeprecationWarning)
                with open('.cirrus.yml', "r") as dot_cirrus_dot_yaml:
                    TestCirrusYAML._cirrus = yaml.load(dot_cirrus_dot_yaml)
        return TestCirrusYAML._cirrus
    def _assert_get_cache_image_names(self, env):
        inames = set([key for key in env.keys()
                      if key.endswith(self.IMAGE_NAME_SUFFIX)])
        self.assertNotEqual(inames, set())
        ivalues = set([value for key, value in env.items()
                       if key in inames])
        self.assertNotEqual(ivalues, set())
        return ivalues
    def _assert_get_subdct(self, key, dct):
        self.assertIn(key, dct)
        return dct[key]
    def test_parse_yaml(self):
        self.assertIsInstance(self.cirrus, dict)
    def test_active_cache_image_names(self):
        env = self._assert_get_subdct('env', self.cirrus)
        acin = self._assert_get_subdct(self.ACTIVE_IMAGES_NAME, env)
        for ivalue in self._assert_get_cache_image_names(env):
            self.assertIn(ivalue, acin,
                          "The '{}' sub-key of 'env' should contain this among"
                          " its space-separated values."
                          "".format(self.ACTIVE_IMAGES_NAME))
    def test_cache_image_names_active(self):
        env = self._assert_get_subdct('env', self.cirrus)
        ivalues = self._assert_get_cache_image_names(env)
        for avalue in set(self._assert_get_subdct(self.ACTIVE_IMAGES_NAME, env).split()):
            self.assertIn(avalue, ivalues,
                          "All space-separated values in the '{}' sub-key"
                          " of 'env' must also be used in a key with a '{}' suffix."
                          "".format(self.ACTIVE_IMAGES_NAME, self.IMAGE_NAME_SUFFIX))
 if __name__ == '__main__':
    unittest.main(failfast=True, catchbreak=True, verbosity=0)