Merge pull request #22706 from edsantiago/debian-modernize

Debian: switch to crun and cgroups v2
2025-06-30 15:49:03 +08:00 · 2024-05-29 10:22:24 +00:00
parent afb9901336 1ae05473c1
commit 3c244a979c
9 changed files with 67 additions and 20 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -33,7 +33,7 @@ env:
    DEBIAN_NAME: "debian-13"

    # Image identifiers
-    IMAGE_SUFFIX: "c20240513t140131z-f40f39d13"
+    IMAGE_SUFFIX: "c20240528t194313z-f40f39d13"

    # EC2 images
    FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
@ -58,6 +58,7 @@ env:
    DISTRO_NV:               # any {PRIOR_,}{FEDORA,DEBIAN}_NAME value
    VM_IMAGE_NAME:           # One of the "Google-cloud VM Images" (above)
    CTR_FQIN:                # One of the "Container FQIN's" (above)
+    CI_DESIRED_RUNTIME: crun    # As of 2024-05-28 there are no other supported runtimes
    CI_DESIRED_DATABASE: sqlite # 'sqlite' or 'boltdb'
    CI_DESIRED_STORAGE: overlay # overlay or vfs

@ -103,12 +104,10 @@ build_task:
              VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
              # ID for re-use of build output
-              CI_DESIRED_RUNTIME: crun
        - env:
              DISTRO_NV: ${PRIOR_FEDORA_NAME}
              VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
-              CI_DESIRED_RUNTIME: crun
              CI_DESIRED_DATABASE: boltdb
              CI_DESIRED_STORAGE: vfs
        - env:
@ -119,7 +118,6 @@ build_task:
        - env:
              DISTRO_NV: ${DEBIAN_NAME}
              VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
-              CI_DESIRED_RUNTIME: runc
              CI_DESIRED_NETWORK: netavark
              # Ignore cgroups-v1 warnings on debian
              PODMAN_IGNORE_CGROUPSV1_WARNING: true
@ -222,7 +220,6 @@ build_aarch64_task:
        DISTRO_NV: ${FEDORA_AARCH64_NAME}
        VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI}
        CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-        CI_DESIRED_RUNTIME: crun
        TEST_FLAVOR: build
    clone_script: *full_clone
    prebuild_script: *prebuild
@ -684,12 +681,10 @@ container_integration_test_task:
              DISTRO_NV: ${FEDORA_NAME}
              VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-              CI_DESIRED_RUNTIME: crun
        - env:
              DISTRO_NV: ${PRIOR_FEDORA_NAME}
              VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
-              CI_DESIRED_RUNTIME: crun
              CI_DESIRED_DATABASE: boltdb
    gce_instance: *fastvm
    timeout_in: 50m
@ -903,7 +898,6 @@ rootless_remote_system_test_task:
              # Not used here, is used in other tasks
              VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-              CI_DESIRED_RUNTIME: crun
    <<: *local_system_test_task
    alias: rootless_remote_system_test
    gce_instance: *standardvm
--- a/test/buildah-bud/apply-podman-deltas
+++ b/test/buildah-bud/apply-podman-deltas
@ -293,6 +293,12 @@ skip "FIXME: 2023-06-13 buildah PR 4746 broke this test" \
 skip "FIXME: 2024-04-16 nixery is down" \
     "bud-implicit-no-history"

+# 2024-05-28 FIXME FIXME FIXME new VMs barf on all git tests, can't connect
+skip "FIXME: 2024-05-28 new VMs from #338" \
+     "bud-git-context" \
+     "bud-git-context-subdirectory" \
+     "bud using gitrepo and branch"
+
 # END   temporary workarounds that must be reevaluated periodically
 ###############################################################################

--- a/test/e2e/container_iface_name_test.go
+++ b/test/e2e/container_iface_name_test.go
@ -9,13 +9,10 @@ import (
 	. "github.com/onsi/gomega"
 )

-func isDebianRunc(pTest *PodmanTestIntegration) bool {
+// FIXME 2024-05-14: "Debian" here is a proxy for "netavark < 1.10"
+func isDebian() bool {
 	info := GetHostDistributionInfo()
-	if info.Distribution == "debian" && pTest.OCIRuntime == "runc" {
-		return true
-	}
-
-	return false
+	return info.Distribution == "debian"
 }

 func createNetworkDevice(name string) {
@ -104,7 +101,7 @@ var _ = Describe("Podman container interface name", func() {
 			}

 			for _, driverType := range []string{"macvlan", "ipvlan"} {
-				if driverType == "ipvlan" && isDebianRunc(podmanTest) {
+				if driverType == "ipvlan" && isDebian() {
 					GinkgoWriter.Println("FIXME: Fails with netavark < 1.10. Re-enable once Debian gets an update")
 					continue
 				}
@ -157,7 +154,7 @@ var _ = Describe("Podman container interface name", func() {
 		SkipIfRootless("cannot create network device in rootless mode.")

 		for _, driverType := range []string{"macvlan", "ipvlan"} {
-			if driverType == "ipvlan" && isDebianRunc(podmanTest) {
+			if driverType == "ipvlan" && isDebian() {
 				GinkgoWriter.Println("FIXME: Fails with netavark < 1.10. Re-enable once Debian gets an update")
 				continue
 			}
@ -223,7 +220,7 @@ var _ = Describe("Podman container interface name", func() {
 		createContainersConfFileWithDeviceIfaceName(podmanTest)

 		for _, driverType := range []string{"macvlan", "ipvlan"} {
-			if driverType == "ipvlan" && isDebianRunc(podmanTest) {
+			if driverType == "ipvlan" && isDebian() {
 				GinkgoWriter.Println("FIXME: Fails with netavark < 1.10. Re-enable once Debian gets an update")
 				continue
 			}
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@ -743,6 +743,11 @@ USER bin`, BB)

 	It("podman run limits host test", func() {
 		SkipIfRemote("This can only be used for local tests")
+		info := GetHostDistributionInfo()
+		if info.Distribution == "debian" {
+			// "expected 1048576 to be >= 1073741816"
+			Skip("FIXME 2024-05-28 fails on debian, maybe because of systemd 256?")
+		}

 		var l syscall.Rlimit

@ -2187,6 +2192,12 @@ WORKDIR /madethis`, BB)
 	})

 	It("podman run --shm-size-systemd", func() {
+		// FIXME Failed to set RLIMIT_CORE: Operation not permitted
+		info := GetHostDistributionInfo()
+		if info.Distribution == "debian" {
+			Skip("FIXME 2024-05-28 fails on debian, maybe because of systemd 256?")
+		}
+
 		ctrName := "testShmSizeSystemd"
 		run := podmanTest.Podman([]string{"run", "--name", ctrName, "--shm-size-systemd", "10mb", "-d", SYSTEMD_IMAGE, "/sbin/init"})
 		run.WaitWithDefaultTimeout()
--- a/test/e2e/toolbox_test.go
+++ b/test/e2e/toolbox_test.go
@ -62,6 +62,11 @@ var _ = Describe("Toolbox-specific testing", func() {
 		if podmanTest.RemoteTest {
 			Skip("Ulimit check does not work with a remote client")
 		}
+		info := GetHostDistributionInfo()
+		if info.Distribution == "debian" {
+			// "expected 1048576 to be >= 1073741816"
+			Skip("FIXME 2024-05-28 fails on debian, maybe because of systemd 256?")
+		}
 		var session *PodmanSessionIntegration
 		var containerHardLimit int
 		var rlimit syscall.Rlimit
--- a/test/e2e/update_test.go
+++ b/test/e2e/update_test.go
@ -3,6 +3,7 @@ package integration
 import (
 	"github.com/containers/common/pkg/cgroupv2"
 	. "github.com/containers/podman/v5/test/utils"
+	"github.com/containers/storage/pkg/fileutils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
@ -115,8 +116,10 @@ var _ = Describe("Podman update", func() {
 		// checking cpu quota and period
 		podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/cpu.max", "500000")

-		// checking blkio weight
-		podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/io.bfq.weight", "123")
+		// checking blkio weight (as of 2024-05 this file does not exist on Debian 13)
+		if err := fileutils.Exists("/sys/fs/cgroup/system.slice/io.bfq.weight"); err == nil {
+			podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/io.bfq.weight", "123")
+		}

 		// checking device-read/write-bps/iops
 		podmanTest.CheckFileInContainerSubstring(ctrID, "/sys/fs/cgroup/io.max", "rbps=10485760 wbps=10485760 riops=1000 wiops=1000")
--- a/test/system/260-sdnotify.bats
+++ b/test/system/260-sdnotify.bats
@ -595,7 +595,22 @@ READY=1" "podman-system-service sends expected data over NOTIFY_SOCKET"
    assert "$output" !~ "EXTEND_TIMEOUT_USEC="

    # Give the system-service 5sec to terminate before killing it.
-    /bin/kill --timeout 5000 KILL --signal TERM $mainpid
+    kill -TERM $mainpid
+    timeout=5
+    while :;do
+        if ! kill -0 $mainpid; then
+            # Yay, it's gone
+            break
+        fi
+
+        timeout=$((timeout - 1))
+        if [[ $timeout -eq 0 ]]; then
+            kill -KILL $mainpid
+            break
+        fi
+        sleep 1
+    done
+
    run_podman rmi $image_on_local_registry
    _stop_socat
 }
--- a/test/system/280-update.bats
+++ b/test/system/280-update.bats
@ -90,6 +90,7 @@ device-write-iops   = /dev/zero:4000 | - | -
            fi
        fi

+        # Determine the "path = newvalue" string for this cgroup
        tuple=$cgv1
        if is_cgroupsv2; then
            tuple=$cgv2
@ -99,6 +100,13 @@ device-write-iops   = /dev/zero:4000 | - | -
            continue
        fi

+        # Sigh. bfq doesn't exist on Debian (2024-03)
+        read path op expect <<<"$tuple"
+        if [[ ! -e /sys/fs/cgroup/$path ]]; then
+            echo "[ skipping --$opt : /sys/fs/cgroup/$path does not exist ]"
+            continue
+        fi
+
        # OK: setting is applicable. Preserve it. (First removing whitespace)
        opt=${opt// /}
        opts+=("--$opt")
--- a/test/system/520-checkpoint.bats
+++ b/test/system/520-checkpoint.bats
@ -22,6 +22,14 @@ function setup() {
        skip "checkpoint does not work rootless"
    fi

+    # As of 2024-05, crun on Debian is not built with criu support:
+    # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008249
+    runtime=$(podman_runtime)
+    run $runtime checkpoint --help
+    if [[ $status -ne 0 ]]; then
+        skip "runtime $runtime does not support checkpoint/restore"
+    fi
+
    basic_setup
 }