Cirrus: disable Evil Units in base-images

Also, minor update to prevent harmless 'Fatal: not a git repo' error. Signed-off-by: Chris Evich <cevich@redhat.com>
2025-05-31 15:42:48 +08:00 · 2019-08-09 09:16:09 -04:00
parent 9a2ae2442d
commit 831a64393e
6 changed files with 45 additions and 44 deletions
--- a/contrib/cirrus/check_image.sh
+++ b/contrib/cirrus/check_image.sh
@ -4,6 +4,8 @@ set -eo pipefail

 source $(dirname $0)/lib.sh

+EVIL_UNITS="$($CIRRUS_WORKING_DIR/$PACKER_BASE/systemd_banish.sh --list)"
+
 req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID

 NFAILS=0
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@ -36,7 +36,7 @@ SETUP_MARKER_FILEPATH="${SETUP_MARKER_FILEPATH:-/var/tmp/.setup_environment_sh_c
 AUTHOR_NICKS_FILEPATH="${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/git_authors_to_irc_nicks.csv"

 cd $GOSRC
-if type -P git &> /dev/null
+if type -P git &> /dev/null && [[ -d "$GOSRC/.git" ]]
 then
    CIRRUS_CHANGE_IN_REPO=${CIRRUS_CHANGE_IN_REPO:-$(git show-ref --hash=8 HEAD || date +%s)}
 else # pick something unique and obviously not from Cirrus
@ -61,8 +61,8 @@ export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,
 export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
 export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
 # Manually produced base-image names (see $SCRIPT_BASE/README.md)
-export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849"
-export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849"
+export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1565360543"
+export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1565360543"
 export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
 # IN_PODMAN container image
 IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@ -82,9 +82,6 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.
 # Unsafe env. vars for display
 SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)'

-# Names of systemd units which should never be running
-EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean"
-
 SPECIALMODE="${SPECIALMODE:-none}"
 TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}"
 export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman}
@ -323,7 +320,7 @@ EOF
    sudo chmod 755 /usr/bin/git
 }

-install_test_configs(){
+install_test_configs() {
    echo "Installing cni config, policy and registry config"
    req_env_var GOSRC SCRIPT_BASE
    cd $GOSRC
@ -343,7 +340,7 @@ install_test_configs(){
 # of pulling in necessary prerequisites packages as the set can change over time.
 # For general CI testing however, calling this function makes sure the system
 # can only run the compiled source version.
-remove_packaged_podman_files(){
+remove_packaged_podman_files() {
    echo "Removing packaged podman files to prevent conflicts with source build and testing."
    req_env_var OS_RELEASE_ID

@ -380,24 +377,11 @@ remove_packaged_podman_files(){
    sync && echo 3 > /proc/sys/vm/drop_caches
 }

-systemd_banish(){
-    echo "Disabling periodic services that could destabilize testing (ignoring errors):"
-    set +e  # Not all of these exist on every platform
-    for unit in $EVIL_UNITS
-    do
-        echo "Banishing $unit (ignoring errors)"
-        (
-            sudo systemctl stop $unit
-            sudo systemctl disable $unit
-            sudo systemctl disable $unit.timer
-            sudo systemctl mask $unit
-            sudo systemctl mask $unit.timer
-        ) &> /dev/null
-    done
-    set -e
+systemd_banish() {
+    $GOSRC/$PACKER_BASE/systemd_banish.sh
 }

-_finalize(){
+_finalize() {
    set +e  # Don't fail at the very end
    if [[ -d "$CUSTOM_CLOUD_CONFIG_DEFAULTS" ]]
    then
@ -420,7 +404,7 @@ _finalize(){
    sudo fstrim -av
 }

-rh_finalize(){
+rh_finalize() {
    set +e  # Don't fail at the very end
    echo "Resetting to fresh-state for usage as cloud-image."
    PKG=$(type -P dnf || type -P yum || echo "")
@ -431,7 +415,7 @@ rh_finalize(){
    _finalize
 }

-ubuntu_finalize(){
+ubuntu_finalize() {
    set +e  # Don't fail at the very end
    echo "Resetting to fresh-state for usage as cloud-image."
    $LILTO $SUDOAPTGET autoremove
--- a/contrib/cirrus/packer/fedora_base-setup.sh
+++ b/contrib/cirrus/packer/fedora_base-setup.sh
@ -8,8 +8,6 @@ set -e
 # Load in library (copied by packer, before this script was run)
 source $GOSRC/$SCRIPT_BASE/lib.sh

-[[ "$1" == "post" ]] || exit 0  # nothing to do
-
 install_ooe

 echo "Updating packages"
--- a/contrib/cirrus/packer/libpod_base_images.yml
+++ b/contrib/cirrus/packer/libpod_base_images.yml
@ -95,6 +95,7 @@ builders:
      source_image_project_id: 'ubuntu-os-cloud'
      project_id: '{{user `GCP_PROJECT_ID`}}'
      account_file: '{{user `GOOGLE_APPLICATION_CREDENTIALS`}}'
+      startup_script_file: "systemd_banish.sh"
      zone: 'us-central1-a'
      disk_size: 20
      communicator: 'none'
@ -102,7 +103,7 @@ builders:
    - <<: *imgcopy
      name: 'prior-ubuntu'
      image_name: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'
-      source_image: '{{user `UBUNTU_BASE_IMAGE`}}'
+      source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'

 provisioners:
    - type: 'shell'
@ -130,22 +131,15 @@ provisioners:
      only: ['fedora', 'prior-fedora']
      type: 'shell'
      inline:
-        - 'chmod +x /tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh'
-        - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh pre'
-      expect_disconnect: true  # Allow this to reboot the VM
+        - 'chmod +x /tmp/libpod/{{user `PACKER_BASE`}}/*.sh'
+        - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh'
+      expect_disconnect: true  # Allow this to reboot the VM if needed
      environment_vars:
          - 'TIMESTAMP={{user `TIMESTAMP`}}'
          - 'GOSRC=/tmp/libpod'
          - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
          - 'PACKER_BASE={{user `PACKER_BASE`}}'

-    - <<: *shell_script
-      inline: ['{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh']
-      expect_disconnect: false
-      pause_before: '10s'
-      inline:
-        - '/tmp/libpod/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh post'
-
 post-processors:
    - - type: "compress"
        only: ['fedora', 'prior-fedora']
--- a/contrib/cirrus/packer/libpod_images.yml
+++ b/contrib/cirrus/packer/libpod_images.yml
@ -2,11 +2,6 @@

 # All of these are required
 variables:
-    # Names of GCE Base images to start from, in .cirrus.yml
-    UBUNTU_BASE_IMAGE: '{{env `UBUNTU_BASE_IMAGE`}}'
-    FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}'
-    PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}'
-
    BUILT_IMAGE_SUFFIX: '{{env `BUILT_IMAGE_SUFFIX`}}'
    GOSRC: '{{env `GOSRC`}}'
    PACKER_BASE: '{{env `PACKER_BASE`}}'
--- a/contrib/cirrus/packer/systemd_banish.sh
+++ b/contrib/cirrus/packer/systemd_banish.sh
@ -0,0 +1,28 @@
+#!/bin/bash
+
+set +e  # Not all of these exist on every platform
+
+# This is intended to be executed on VMs as a startup script on initial-boot.
+# Alternativly, it may be executed with the '--list' option to return the list
+# of systemd units defined for disablement (useful for testing).
+
+EVIL_UNITS="cron crond atd apt-daily-upgrade apt-daily fstrim motd-news systemd-tmpfiles-clean"
+
+if [[ "$1" == "--list" ]]
+then
+    echo "$EVIL_UNITS"
+    exit 0
+fi
+
+echo "Disabling periodic services that could destabilize testing:"
+for unit in $EVIL_UNITS
+do
+    echo "Banishing $unit (ignoring errors)"
+    (
+        sudo systemctl stop $unit
+        sudo systemctl disable $unit
+        sudo systemctl disable $unit.timer
+        sudo systemctl mask $unit
+        sudo systemctl mask $unit.timer
+    ) &> /dev/null
+done