opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-28 14:29:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16389 from edsantiago/verify_network_backend

Browse Source 
CI: set and verify DESIRED_NETWORK (netavark, cni)
This commit is contained in:
OpenShift Merge Robot
2022-11-03 08:25:31 -04:00
committed by GitHub
parent a1fe0cd662 d7e70c7489
commit 6428ff180a
5 changed files with 63 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.cirrus.yml
View File

@ -103,16 +103,19 @@ build_task:
CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
# ID for re-use of build output # ID for re-use of build output
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
- env: &priorfedora_envvars - env: &priorfedora_envvars
DISTRO_NV: ${PRIOR_FEDORA_NAME} DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: cni
#- env: &ubuntu_envvars #- env: &ubuntu_envvars
# DISTRO_NV: ${UBUNTU_NAME} # DISTRO_NV: ${UBUNTU_NAME}
# VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} # VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME}
# CTR_FQIN: ${UBUNTU_CONTAINER_FQIN} # CTR_FQIN: ${UBUNTU_CONTAINER_FQIN}
# CI_DESIRED_RUNTIME: runc # CI_DESIRED_RUNTIME: runc
# CI_DESIRED_NETWORK: whatever
env: env:
TEST_FLAVOR: build TEST_FLAVOR: build
# NOTE: The default way Cirrus-CI clones is *NOT* compatible with # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
@ -192,6 +195,7 @@ build_aarch64_task:
VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI} VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
TEST_FLAVOR: build TEST_FLAVOR: build
clone_script: *full_clone clone_script: *full_clone
prebuild_script: *prebuild prebuild_script: *prebuild
@ -591,11 +595,13 @@ container_integration_test_task:
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
- env: - env:
DISTRO_NV: ${PRIOR_FEDORA_NAME} DISTRO_NV: ${PRIOR_FEDORA_NAME}
VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: cni
gce_instance: *standardvm gce_instance: *standardvm
timeout_in: 90m timeout_in: 90m
env: env:
@ -650,6 +656,7 @@ podman_machine_task:
PRIV_NAME: "rootless" # intended use-case PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_NAME}" DISTRO_NV: "${FEDORA_NAME}"
VM_IMAGE_NAME: "${FEDORA_AMI}" VM_IMAGE_NAME: "${FEDORA_AMI}"
CI_DESIRED_NETWORK: netavark
clone_script: *get_gosrc clone_script: *get_gosrc
setup_script: *setup setup_script: *setup
main_script: *main main_script: *main
@ -675,6 +682,7 @@ podman_machine_aarch64_task:
PRIV_NAME: "rootless" # intended use-case PRIV_NAME: "rootless" # intended use-case
DISTRO_NV: "${FEDORA_AARCH64_NAME}" DISTRO_NV: "${FEDORA_AARCH64_NAME}"
VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}" VM_IMAGE_NAME: "${FEDORA_AARCH64_AMI}"
CI_DESIRED_NETWORK: netavark
clone_script: *get_gosrc_aarch64 clone_script: *get_gosrc_aarch64
setup_script: *setup setup_script: *setup
main_script: *main main_script: *main
@ -760,6 +768,7 @@ rootless_remote_system_test_task:
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun CI_DESIRED_RUNTIME: crun
CI_DESIRED_NETWORK: netavark
<<: *local_system_test_task <<: *local_system_test_task
alias: rootless_remote_system_test alias: rootless_remote_system_test
depends_on: depends_on:
@ -822,6 +831,7 @@ buildah_bud_test_task:
# Not used here, is used in other tasks # Not used here, is used in other tasks
VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_NETWORK: netavark
matrix: matrix:
- env: - env:
PODBIN_NAME: podman PODBIN_NAME: podman
@ -874,10 +884,13 @@ upgrade_test_task:
matrix: matrix:
- env: - env:
PODMAN_UPGRADE_FROM: v2.1.1 PODMAN_UPGRADE_FROM: v2.1.1
CI_DESIRED_NETWORK: cni
- env: - env:
PODMAN_UPGRADE_FROM: v3.1.2 PODMAN_UPGRADE_FROM: v3.1.2
CI_DESIRED_NETWORK: cni
- env: - env:
PODMAN_UPGRADE_FROM: v3.4.4 PODMAN_UPGRADE_FROM: v3.4.4
CI_DESIRED_NETWORK: cni
gce_instance: *standardvm gce_instance: *standardvm
env: env:
TEST_FLAVOR: upgrade_test TEST_FLAVOR: upgrade_test

9
contrib/cirrus/lib.sh
View File

@ -214,6 +214,9 @@ use_cni() {
msg "Force-removing netavark and aardvark-dns" msg "Force-removing netavark and aardvark-dns"
# Other packages depend on nv/av, but we're testing with podman # Other packages depend on nv/av, but we're testing with podman
# binaries built from source, so it's safe to ignore these deps. # binaries built from source, so it's safe to ignore these deps.
#
# FIXME FIXME FIXME: if/when we bring back Ubuntu (or use Debian),
# someone will have to conditionalize these rpm/dnf commands
rpm -e --nodeps netavark aardvark-dns rpm -e --nodeps netavark aardvark-dns
msg "Installing default CNI configuration" msg "Installing default CNI configuration"
dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-plugins* dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-plugins*
@ -236,9 +239,9 @@ use_netavark() {
export NETWORK_BACKEND=netavark # needed for install_test_configs() export NETWORK_BACKEND=netavark # needed for install_test_configs()
msg "Removing any/all CNI configuration" msg "Removing any/all CNI configuration"
rm -rvf /etc/cni/net.d/* rm -rvf /etc/cni/net.d/*
# N/B: The netavark/aardvark-dns packages are still installed and # N/B: The CNI packages are still installed and available. This is
# available. This is on purpose, since CI needs to verify the # on purpose, since CI needs to verify the selection mechanisms are
# selection mechanisms are functional when both are available. # functional when both are available.
} }
# Remove all files provided by the distro version of podman. # Remove all files provided by the distro version of podman.

27
contrib/cirrus/setup_environment.sh
View File

@ -125,26 +125,19 @@ case "$OS_RELEASE_ID" in
msg "Enabling container_manage_cgroup" msg "Enabling container_manage_cgroup"
setsebool container_manage_cgroup true setsebool container_manage_cgroup true
fi fi
# For the latest Fedora CI VM images, netavark/aardvark is the
# intended networking stack for podman. All previous VM images
# should use CNI networking. Upgrading from one to the other is
# not supported at this time. The only exception in CI is
# the "upgrade tests" which must always use CNI.
#
# OS_RELEASE_VER is defined by automation-library
# shellcheck disable=SC2154
if [[ "$DISTRO_NV" != "$PRIOR_FEDORA_NAME" ]] && \
[[ "$TEST_FLAVOR" != "upgrade_test" ]];
then
use_netavark
else # Fedora N-1 or upgrade testing.
use_cni
fi
;; ;;
*) die_unknown OS_RELEASE_ID *) die_unknown OS_RELEASE_ID
esac esac
# Networking: force CNI or Netavark as requested in .cirrus.yml
# (this variable is mandatory).
# shellcheck disable=SC2154
case "$CI_DESIRED_NETWORK" in
netavark) use_netavark ;;
cni) use_cni ;;
*) die_unknown CI_DESIRED_NETWORK ;;
esac
# Required to be defined by caller: The environment where primary testing happens # Required to be defined by caller: The environment where primary testing happens
# shellcheck disable=SC2154 # shellcheck disable=SC2154
case "$TEST_ENVIRON" in case "$TEST_ENVIRON" in
@ -196,6 +189,7 @@ esac
# Required to be defined by caller: Are we testing as root or a regular user # Required to be defined by caller: Are we testing as root or a regular user
case "$PRIV_NAME" in case "$PRIV_NAME" in
root) root)
# shellcheck disable=SC2154
if [[ "$TEST_FLAVOR" = "sys" || "$TEST_FLAVOR" = "apiv2" ]]; then if [[ "$TEST_FLAVOR" = "sys" || "$TEST_FLAVOR" = "apiv2" ]]; then
# Used in local image-scp testing # Used in local image-scp testing
setup_rootless setup_rootless
@ -212,6 +206,7 @@ case "$PRIV_NAME" in
*) die_unknown PRIV_NAME *) die_unknown PRIV_NAME
esac esac
# shellcheck disable=SC2154
if [[ -n "$ROOTLESS_USER" ]]; then if [[ -n "$ROOTLESS_USER" ]]; then
echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
echo "ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment echo "ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment

15
test/e2e/info_test.go
View File

@ -166,4 +166,19 @@ var _ = Describe("Podman Info", func() {
Expect(session).To(Exit(0)) Expect(session).To(Exit(0))
Expect(session.OutputToString()).To(Equal(want)) Expect(session.OutputToString()).To(Equal(want))
}) })
It("Podman info: check desired network backend", func() {
// defined in .cirrus.yml
want := os.Getenv("CI_DESIRED_NETWORK")
if want == "" {
if os.Getenv("CIRRUS_CI") == "" {
Skip("CI_DESIRED_NETWORK is not set--this is OK because we're not running under Cirrus")
}
Fail("CIRRUS_CI is set, but CI_DESIRED_NETWORK is not! See #16389")
}
session := podmanTest.Podman([]string{"info", "--format", "{{.Host.NetworkBackend}}"})
session.WaitWithDefaultTimeout()
Expect(session).To(Exit(0))
Expect(session.OutputToString()).To(Equal(want))
})
}) })

18
test/system/005-info.bats
View File

@ -75,6 +75,24 @@ host.slirp4netns.executable | $expr_path
is "$output" "$CI_DESIRED_RUNTIME" "CI_DESIRED_RUNTIME (from .cirrus.yml)" is "$output" "$CI_DESIRED_RUNTIME" "CI_DESIRED_RUNTIME (from .cirrus.yml)"
} }
@test "podman info - confirm desired network backend" {
if [[ -z "$CI_DESIRED_NETWORK" ]]; then
# When running in Cirrus, CI_DESIRED_NETWORK *must* be defined
# in .cirrus.yml so we can double-check that all CI VMs are
# using netavark or cni as desired.
if [[ -n "$CIRRUS_CI" ]]; then
die "CIRRUS_CI is set, but CI_DESIRED_NETWORK is not! See #16389"
fi
# Not running under Cirrus (e.g., gating tests, or dev laptop).
# Totally OK to skip this test.
skip "CI_DESIRED_NETWORK is unset--OK, because we're not in Cirrus"
fi
run_podman info --format '{{.Host.NetworkBackend}}'
is "$output" "$CI_DESIRED_NETWORK" "CI_DESIRED_NETWORK (from .cirrus.yml)"
}
# 2021-04-06 discussed in watercooler: RHEL must never use crun, even if # 2021-04-06 discussed in watercooler: RHEL must never use crun, even if
# using cgroups v2. # using cgroups v2.
@test "podman info - RHEL8 must use runc" { @test "podman info - RHEL8 must use runc" {