opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-17 03:04:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cirrus: fixups based on review feedback

Browse Source 
Also remove disused distros (RHEL/CentOS/FAH) and fix get_ci_vm script

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2019-04-30 13:09:32 -04:00
parent c4d9b03f78
commit 95141f88d4
19 changed files with 172 additions and 578 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.cirrus.yml
View File

@ -29,12 +29,9 @@ env:
#### ####
#### Cache-image names to test with #### Cache-image names to test with
### ###
FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5699523102900224" FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5170730531028992"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5699523102900224" PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5170730531028992"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5699523102900224" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5170730531028992"
PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-5699523102900224"
RHEL_CACHE_IMAGE_NAME: "rhel-8-notready"
CENTOS_CACHE_IMAGE_NAME: "centos-7-notready"
#### ####
#### Variables for composing new cache-images (used in PR testing) from #### Variables for composing new cache-images (used in PR testing) from
@ -46,12 +43,6 @@ env:
CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9" CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9"
CRIO_COMMIT: "7a283c391abb7bd25086a8ff91dbb36ebdd24466" CRIO_COMMIT: "7a283c391abb7bd25086a8ff91dbb36ebdd24466"
CRIU_COMMIT: "c74b83cd49c00589c0c0468ba5fe685b67fdbd0a" CRIU_COMMIT: "c74b83cd49c00589c0c0468ba5fe685b67fdbd0a"
# Only RHEL/Centos VM cache-image building needs RUNC_COMMIT
RUNC_COMMIT: "029124da7af7360afa781a0234d1b083550f797c"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
PACKER_BUILDS: "ubuntu-18,fedora-29,fedora-28,rhel-7" # TODO: rhel-8,centos-7
# Version of packer to use
PACKER_VER: "1.3.2"
# Special image w/ nested-libvirt + tools for creating new cache and base images # Special image w/ nested-libvirt + tools for creating new cache and base images
IMAGE_BUILDER_CACHE_IMAGE_NAME: "image-builder-image-1541772081" IMAGE_BUILDER_CACHE_IMAGE_NAME: "image-builder-image-1541772081"
@ -66,8 +57,6 @@ env:
#### ####
# Freenode IRC credentials for posting status messages # Freenode IRC credentials for posting status messages
IRCID: ENCRYPTED[e87bba62a8e924dc70bdb2b66b16f6ab4a60d2870e6e5534ae9e2b0076f483c71c84091c655ca239101e6816c5ec0883] IRCID: ENCRYPTED[e87bba62a8e924dc70bdb2b66b16f6ab4a60d2870e6e5534ae9e2b0076f483c71c84091c655ca239101e6816c5ec0883]
# Command to register a RHEL VM to install/update packages
RHSM_COMMAND: ENCRYPTED[5caa5ff8c5370c3d25c7a1a28168501ab0fa2e5e3b627926f6eaba02b3fed965a7638a6151657809661f8c905c7dc187]
# Needed to build GCE images, within a GCE VM # Needed to build GCE images, within a GCE VM
SERVICE_ACCOUNT: ENCRYPTED[99e9a0b1c23f8dd29e83dfdf164f064cfd17afd9b895ca3b5e4c41170bd4290a8366fe2ad8e7a210b9f751711d1d002a] SERVICE_ACCOUNT: ENCRYPTED[99e9a0b1c23f8dd29e83dfdf164f064cfd17afd9b895ca3b5e4c41170bd4290a8366fe2ad8e7a210b9f751711d1d002a]
# User ID for cirrus to ssh into VMs # User ID for cirrus to ssh into VMs
@ -244,10 +233,6 @@ meta_task:
${FEDORA_CACHE_IMAGE_NAME} ${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME}
${PRIOR_RHEL_CACHE_IMAGE_NAME}
${RHEL_CACHE_IMAGE_NAME}
${PRIOR_CENTOS_CACHE_IMAGE_NAME}
${CENTOS_CACHE_IMAGE_NAME}
${IMAGE_BUILDER_CACHE_IMAGE_NAME} ${IMAGE_BUILDER_CACHE_IMAGE_NAME}
BUILDID: "${CIRRUS_BUILD_ID}" BUILDID: "${CIRRUS_BUILD_ID}"
REPOREF: "${CIRRUS_CHANGE_IN_REPO}" REPOREF: "${CIRRUS_CHANGE_IN_REPO}"
@ -352,10 +337,6 @@ optional_testing_task:
image_name: "${FEDORA_CACHE_IMAGE_NAME}" image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
image_name: "${UBUNTU_CACHE_IMAGE_NAME}" image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_RHEL_CACHE_IMAGE_NAME}"
# image_name: "${RHEL_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_CENTOS_CACHE_IMAGE_NAME}"
# image_name: "${CENTOS_CACHE_IMAGE_NAME}"
timeout_in: 60m timeout_in: 60m

29
contrib/cirrus/README.md
View File

@ -136,11 +136,10 @@ you'll find the new image names displayed at the end of the
`test_build_cache_images_task` in the `build_vm_images` output. `test_build_cache_images_task` in the `build_vm_images` output.
For example: For example:
``` ```
...cut... ...cut...
==> Builds finished. The artifacts of successful builds are: ==> Builds finished. The artifacts of successful builds are:
--> rhel-7: A disk image was created: rhel-7-libpod-5699523102900224
--> rhel-7:
--> ubuntu-18: A disk image was created: ubuntu-18-libpod-5699523102900224 --> ubuntu-18: A disk image was created: ubuntu-18-libpod-5699523102900224
--> ubuntu-18: --> ubuntu-18:
--> fedora-29: A disk image was created: fedora-29-libpod-5699523102900224 --> fedora-29: A disk image was created: fedora-29-libpod-5699523102900224
@ -148,8 +147,8 @@ For example:
--> fedora-28: A disk image was created: fedora-28-libpod-5699523102900224 --> fedora-28: A disk image was created: fedora-28-libpod-5699523102900224
``` ```
An updated (or new) pull-request with this change, will utilize Now edit `.cirrus.yml`, updating the `*_IMAGE_NAME` lines to reflect the
the new cache-images: images from above:
```yaml ```yaml
@ -161,14 +160,14 @@ env:
FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5699523102900224" FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5699523102900224"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5699523102900224" PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-28-libpod-5699523102900224"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5699523102900224" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5699523102900224"
PRIOR_RHEL_CACHE_IMAGE_NAME: "rhel-7-libpod-5699523102900224"
...cut... ...cut...
``` ```
Take care to also update the PR description if any 'magic' phrases were used ***NOTE:*** If re-using the same PR with new images in `.cirrus.yml`,
(they affect which tests run). In other words, you'll likely want to take care to also *update the PR description* to remove
remove the ``***CIRRUS: TEST IMAGES***`` string - otherwise Cirrus-CI will the magic ``***CIRRUS: TEST IMAGES***`` string. Keeping it and
simply build new and test again. `--force` pushing would needlessly cause Cirrus-CI to build
and test images again.
### ``build_cache_images`` Task *(Deprecated)* ### ``build_cache_images`` Task *(Deprecated)*
@ -216,15 +215,6 @@ the ``cache_images`` Task) some input parameters are required:
or [end-user or [end-user
credentials](https://cloud.google.com/docs/authentication/end-user#creating_your_client_credentials) credentials](https://cloud.google.com/docs/authentication/end-user#creating_your_client_credentials)
* ``RHEL_IMAGE_FILE`` and ``RHEL_CSUM_FILE`` complete paths
to a `rhel-server-ec2-*.raw.xz` and it's cooresponding
checksum file. These must be supplied manually because
they're not available directly via URL like other images.
* ``RHSM_COMMAND`` contains the complete string needed to register
the VM for installing package dependencies. The VM will be de-registered
upon completion.
* Optionally, CSV's may be specified to ``PACKER_BUILDS`` * Optionally, CSV's may be specified to ``PACKER_BUILDS``
to limit the base-images produced. For example, to limit the base-images produced. For example,
``PACKER_BUILDS=fedora,image-builder-image``. ``PACKER_BUILDS=fedora,image-builder-image``.
@ -270,9 +260,6 @@ When ready, change to the ``packer`` sub-directory, and build the images:
$ cd libpod/contrib/cirrus/packer $ cd libpod/contrib/cirrus/packer
$ make libpod_base_images GCP_PROJECT_ID=<VALUE> \ $ make libpod_base_images GCP_PROJECT_ID=<VALUE> \
GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \ GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \
RHEL_IMAGE_FILE=<VALUE> \
RHEL_CSUM_FILE=<VALUE> \
RHSM_COMMAND=<VALUE> \
PACKER_BUILDS=<OPTIONAL> PACKER_BUILDS=<OPTIONAL>
``` ```

2
contrib/cirrus/build_vm_images.sh
View File

@ -3,7 +3,7 @@
set -e set -e
source $(dirname $0)/lib.sh source $(dirname $0)/lib.sh
ENV_VARS='CNI_COMMIT CRIO_COMMIT RUNC_COMMIT PACKER_BUILDS BUILT_IMAGE_SUFFIX CENTOS_BASE_IMAGE UBUNTU_BASE_IMAGE FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE FAH_BASE_IMAGE RHEL_BASE_IMAGE RHSM_COMMAND SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE' ENV_VARS='CNI_COMMIT CRIO_COMMIT PACKER_BUILDS BUILT_IMAGE_SUFFIX UBUNTU_BASE_IMAGE FEDORA_BASE_IMAGE PRIOR_FEDORA_BASE_IMAGE SERVICE_ACCOUNT GCE_SSH_USERNAME GCP_PROJECT_ID PACKER_VER SCRIPT_BASE PACKER_BASE'
req_env_var $ENV_VARS req_env_var $ENV_VARS
# Must also be made available through make, into packer process # Must also be made available through make, into packer process
export $ENV_VARS export $ENV_VARS

9
contrib/cirrus/integration_test.sh
View File

@ -25,16 +25,19 @@ then
elif [[ "$SPECIALMODE" == "rootless" ]] elif [[ "$SPECIALMODE" == "rootless" ]]
then then
req_env_var ROOTLESS_USER req_env_var ROOTLESS_USER
set -x
if [[ "$USER" == "$ROOTLESS_USER" ]]
then
$GOSRC/$SCRIPT_BASE/rootless_test.sh
else
ssh $ROOTLESS_USER@localhost \ ssh $ROOTLESS_USER@localhost \
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no \ -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no \
$GOSRC/$SCRIPT_BASE/rootless_test.sh $GOSRC/$SCRIPT_BASE/rootless_test.sh
exit $? fi
else else
make make
make install PREFIX=/usr ETCDIR=/etc make install PREFIX=/usr ETCDIR=/etc
make test-binaries make test-binaries
make install.tools
if [[ "$TEST_REMOTE_CLIENT" == "true" ]] if [[ "$TEST_REMOTE_CLIENT" == "true" ]]
then then
make remoteintegration make remoteintegration

77
contrib/cirrus/lib.sh
View File

@ -3,6 +3,9 @@
# Library of common, shared utility functions. This file is intended # Library of common, shared utility functions. This file is intended
# to be sourced by other scripts, not called directly. # to be sourced by other scripts, not called directly.
# Global details persist here
source /etc/environment # not always loaded under all circumstances
# Under some contexts these values are not set, make sure they are. # Under some contexts these values are not set, make sure they are.
USER="$(whoami)" USER="$(whoami)"
HOME="$(getent passwd $USER | cut -d : -f 6)" HOME="$(getent passwd $USER | cut -d : -f 6)"
@ -18,6 +21,9 @@ then
eval "$(go env)" eval "$(go env)"
# required by make and other tools # required by make and other tools
export $(go env | cut -d '=' -f 1) export $(go env | cut -d '=' -f 1)
# Ensure compiled tooling is reachable
export PATH="$PATH:$GOPATH/bin"
fi fi
CIRRUS_WORKING_DIR="${CIRRUS_WORKING_DIR:-$GOPATH/src/github.com/containers/libpod}" CIRRUS_WORKING_DIR="${CIRRUS_WORKING_DIR:-$GOPATH/src/github.com/containers/libpod}"
export GOSRC="${GOSRC:-$CIRRUS_WORKING_DIR}" export GOSRC="${GOSRC:-$CIRRUS_WORKING_DIR}"
@ -47,29 +53,25 @@ CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)} # must be short and uniq
# Vars. for image-building # Vars. for image-building
PACKER_VER="1.3.5" PACKER_VER="1.3.5"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-29,fedora-28,rhel-7,centos-7}"
# Base-images rarely change, define them here so they're out of the way. # Base-images rarely change, define them here so they're out of the way.
PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-29,fedora-28}"
# Google-maintained base-image names # Google-maintained base-image names
UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a" UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a"
CENTOS_BASE_IMAGE="centos-7-v20181113"
# Manually produced base-image names (see $SCRIPT_BASE/README.md) # Manually produced base-image names (see $SCRIPT_BASE/README.md)
FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245" FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245"
PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-28-1-1-1544474897" PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-28-1-1-1544474897"
FAH_BASE_IMAGE="fedora-atomichost-29-20181025-1-1541787861"
# RHEL image must be imported, native image bills for subscription.
RHEL_BASE_IMAGE="rhel-guest-image-7-6-210-x86-64-qcow2-1548099756"
BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
RHSM_COMMAND="${RHSM_COMMAND:-/bin/true}"
# Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separetly) # Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separetly)
ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)' ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)'
# Unsafe env. vars for display # Unsafe env. vars for display
SECRET_ENV_RE='(IRCID)|(RHSM)|(ACCOUNT)|(^GC[EP]..+)|(SSH)' SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(^GC[EP]..+)|(SSH)'
SPECIALMODE="${SPECIALMODE:-none}" SPECIALMODE="${SPECIALMODE:-none}"
TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}"
export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman}
# When running as root, this may be empty or not, as a user, it MUST be set. # When running as root, this may be empty or not, as a user, it MUST be set.
if [[ "$USER" == "root" ]] if [[ "$USER" == "root" ]]
then then
@ -79,9 +81,9 @@ else
fi fi
# GCE image-name compatible string representation of distribution name # GCE image-name compatible string representation of distribution name
OS_RELEASE_ID="$(egrep -m 1 '^ID=' /etc/os-release | cut -d = -f 2 | tr -d \' | tr -d \")" OS_RELEASE_ID="$(source /etc/os-release; echo $ID)"
# GCE image-name compatible string representation of distribution major version # GCE image-name compatible string representation of distribution _major_ version
OS_RELEASE_VER="$(egrep -m 1 '^VERSION_ID=' /etc/os-release | cut -d = -f 2 | tr -d \' | tr -d \" | cut -d '.' -f 1)" OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | cut -d '.' -f 1)"
# Combined to ease soe usage # Combined to ease soe usage
OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}"
@ -118,8 +120,7 @@ show_env_vars() {
for _env_var_name in $_ENV_VAR_NAMES for _env_var_name in $_ENV_VAR_NAMES
do do
# Supports older BASH versions # Supports older BASH versions
_value="$(printenv $_env_var_name)" printf " ${_env_var_name}=%q\n" "$(printenv $_env_var_name)"
printf " ${_env_var_name}=%q\n" "${_value}"
done done
echo "" echo ""
echo "##### $(go version) #####" echo "##### $(go version) #####"
@ -127,12 +128,14 @@ show_env_vars() {
} }
die() { die() {
echo "${2:-FATAL ERROR (but no message given!) in ${FUNCNAME[1]}()}" echo "************************************************"
echo ">>>>> ${2:-FATAL ERROR (but no message given!) in ${FUNCNAME[1]}()}"
echo "************************************************"
exit ${1:-1} exit ${1:-1}
} }
bad_os_id_ver() { bad_os_id_ver() {
echo "Unknown/Unsupported distro. $OS_RELEASE_ID and/or version $OS_RELEASE_VER for $ARGS" echo "Unknown/Unsupported distro. $OS_RELEASE_ID and/or version $OS_RELEASE_VER for $(basename $0)"
exit 42 exit 42
} }
@ -141,7 +144,7 @@ stub() {
} }
ircmsg() { ircmsg() {
req_env_var CIRRUS_TASK_ID MSG req_env_var CIRRUS_TASK_ID IRCID
[[ -n "$*" ]] || die 9 "ircmsg() invoked without message text argument" [[ -n "$*" ]] || die 9 "ircmsg() invoked without message text argument"
# Sometimes setup_environment.sh didn't run # Sometimes setup_environment.sh didn't run
SCRIPT="$(dirname $0)/podbot.py" SCRIPT="$(dirname $0)/podbot.py"
@ -193,14 +196,15 @@ setup_rootless() {
# Env. vars set by Cirrus and setup_environment.sh must be explicitly # Env. vars set by Cirrus and setup_environment.sh must be explicitly
# transfered to the test-user. # transfered to the test-user.
echo "Configuring rootless user's environment variables:" echo "Configuring rootless user's environment variables:"
echo "# Added by $GOSRC/$SCRIPT_PATH/lib.sh setup_rootless()"
_ENV_VAR_NAMES=$(awk 'BEGIN{for(v in ENVIRON) print v}' | \ _ENV_VAR_NAMES=$(awk 'BEGIN{for(v in ENVIRON) print v}' | \
egrep -v "(^PATH$)|(^BASH_FUNC)|(^[[:punct:][:space:]]+)|$SECRET_ENV_RE" | \ egrep -v "(^PATH$)|(^BASH_FUNC)|(^[[:punct:][:space:]]+)|$SECRET_ENV_RE" | \
egrep "$ROOTLESS_ENV_RE" | \ egrep "$ROOTLESS_ENV_RE" | \
sort -u) sort -u)
for _env_var_name in $_ENV_VAR_NAMES for _env_var_name in $_ENV_VAR_NAMES
do do
_value="$(printenv $_env_var_name)" # Works with older versions of bash
printf "${_env_var_name}=%q" "${_value}" | tee -a "/home/$ROOTLESS_USER/.bashrc" printf "${_env_var_name}=%q\n" "$(printenv $_env_var_name)" >> "/home/$ROOTLESS_USER/.bashrc"
done done
} }
@ -312,21 +316,6 @@ install_criu(){
ooe.sh sudo -E add-apt-repository -y ppa:criu/ppa ooe.sh sudo -E add-apt-repository -y ppa:criu/ppa
ooe.sh sudo -E apt-get -qq -y update ooe.sh sudo -E apt-get -qq -y update
ooe.sh sudo -E apt-get -qq -y install criu ooe.sh sudo -E apt-get -qq -y install criu
elif [[ ( "$OS_RELEASE_ID" =~ "centos" || "$OS_RELEASE_ID" =~ "rhel" ) && "$OS_RELEASE_VER" =~ "7"* ]]; then
echo "Configuring Repositories for latest CRIU"
ooe.sh sudo tee /etc/yum.repos.d/adrian-criu-el7.repo <<EOF
[adrian-criu-el7]
name=Copr repo for criu-el7 owned by adrian
baseurl=https://copr-be.cloud.fedoraproject.org/results/adrian/criu-el7/epel-7-$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/adrian/criu-el7/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF
ooe.sh sudo yum -y install criu
elif [[ "$OS_RELEASE_ID" =~ "fedora" ]]; then elif [[ "$OS_RELEASE_ID" =~ "fedora" ]]; then
echo "Using CRIU from distribution" echo "Using CRIU from distribution"
else else
@ -369,7 +358,7 @@ rh_finalize(){
fi fi
echo "Resetting to fresh-state for usage as cloud-image." echo "Resetting to fresh-state for usage as cloud-image."
PKG=$(type -P dnf || type -P yum || echo "") PKG=$(type -P dnf || type -P yum || echo "")
[[ -z "$PKG" ]] || sudo $PKG clean all # not on atomic sudo $PKG clean all
sudo rm -rf /var/cache/{yum,dnf} sudo rm -rf /var/cache/{yum,dnf}
sudo rm -f /etc/udev/rules.d/*-persistent-*.rules sudo rm -f /etc/udev/rules.d/*-persistent-*.rules
sudo touch /.unconfigured # force firstboot to run sudo touch /.unconfigured # force firstboot to run
@ -382,25 +371,3 @@ ubuntu_finalize(){
sudo rm -rf /var/cache/apt sudo rm -rf /var/cache/apt
_finalize _finalize
} }
rhel_exit_handler() {
set +ex
req_env_var GOPATH RHSMCMD
cd /
sudo rm -rf "$RHSMCMD"
sudo rm -rf "$GOPATH"
sudo subscription-manager remove --all
sudo subscription-manager unregister
sudo subscription-manager clean
}
rhsm_enable() {
req_env_var RHSM_COMMAND
export GOPATH="$(mktemp -d)"
export RHSMCMD="$(mktemp)"
trap "rhel_exit_handler" EXIT
# Avoid logging sensitive details
echo "$RHSM_COMMAND" > "$RHSMCMD"
ooe.sh sudo bash "$RHSMCMD"
sudo rm -rf "$RHSMCMD"
}

17
contrib/cirrus/lib.sh.t
View File

@ -10,12 +10,13 @@ rc=0
function check_result { function check_result {
testnum=$(expr $testnum + 1) testnum=$(expr $testnum + 1)
if [ "$1" = "$2" ]; then MSG=$(echo "$1" | tr -d '*>\012'|sed -e 's/^ \+//')
echo "ok $testnum $3 = $1" if [ "$MSG" = "$2" ]; then
echo "ok $testnum $3 = $MSG"
else else
echo "not ok $testnum $3" echo "not ok $testnum $3"
echo "# expected: $2" echo "# expected: $2"
echo "# actual: $1" echo "# actual: $MSG"
rc=1 rc=1
fi fi
} }
@ -64,11 +65,17 @@ test_rev '' 1 'FATAL: req_env_var: invoked without arguments'
unset FOO BAR unset FOO BAR
test_rev FOO 9 'FATAL: test_rev() requires $FOO to be non-empty' test_rev FOO 9 'FATAL: test_rev() requires $FOO to be non-empty'
test_rev BAR 9 'FATAL: test_rev() requires $BAR to be non-empty' test_rev BAR 9 'FATAL: test_rev() requires $BAR to be non-empty'
# OK if desired envariable was unset
# OK if desired envariable is unset
FOO=1 FOO=1
test_rev FOO 0 '' test_rev FOO 0 ''
# OK if multiple vars are non-empty
FOO="stuff"
BAR="things"
ENV_VARS="FOO BAR"
test_rev "$ENV_VARS" 0 ''
unset BAR
# ...but error if any single desired one is unset # ...but error if any single desired one is unset
test_rev "FOO BAR" 9 'FATAL: test_rev() requires $BAR to be non-empty' test_rev "FOO BAR" 9 'FATAL: test_rev() requires $BAR to be non-empty'

15
contrib/cirrus/packer/Makefile
View File

@ -49,6 +49,7 @@ ifndef PACKER_BUILDS
$(error PACKER_BUILDS is undefined, expected builder-names CSV) $(error PACKER_BUILDS is undefined, expected builder-names CSV)
endif endif
./packer build -only=${PACKER_BUILDS} \ ./packer build -only=${PACKER_BUILDS} \
-force \
-var GOSRC=$(GOSRC) \ -var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \ -var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \
@ -77,17 +78,9 @@ ifndef GCP_PROJECT_ID
endif endif
ifndef GOOGLE_APPLICATION_CREDENTIALS ifndef GOOGLE_APPLICATION_CREDENTIALS
$(error GOOGLE_APPLICATION_CREDENTIALS is undefined, expected absolute path to JSON file, like $HOME/.config/gcloud/legacy_credentials/*/adc.json) $(error GOOGLE_APPLICATION_CREDENTIALS is undefined, expected absolute path to JSON file, like $HOME/.config/gcloud/legacy_credentials/*/adc.json)
endif
ifndef RHEL_IMAGE_FILE
$(error RHEL_IMAGE_FILE is undefined, expected full path to a rhel-server-ec2-*.raw.xz file)
endif
ifndef RHEL_CSUM_FILE
$(error RHEL_CSUM_FILE is undefined, expected full path to a rhel-server-ec2-*.raw.xz.SHA256SUM file)
endif
ifndef RHSM_COMMAND
$(error RHSM_COMMAND is undefined, expected string required for temporarily registering VM)
endif endif
PACKER_CACHE_DIR=/tmp ./packer build \ PACKER_CACHE_DIR=/tmp ./packer build \
-force \
-var TIMESTAMP=$(TIMESTAMP) \ -var TIMESTAMP=$(TIMESTAMP) \
-var TTYDEV=$(TTYDEV) \ -var TTYDEV=$(TTYDEV) \
-var GCP_PROJECT_ID=$(GCP_PROJECT_ID) \ -var GCP_PROJECT_ID=$(GCP_PROJECT_ID) \
@ -95,10 +88,6 @@ endif
-var GOSRC=$(GOSRC) \ -var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \ -var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \
-var RHEL_BASE_IMAGE_NAME=$(shell basename $(RHEL_IMAGE_FILE) | tr -d '[[:space:]]' | sed -r -e 's/\.${ARCH}\.raw\.xz//' | tr '[[:upper:]]' '[[:lower:]]' | tr '[[:punct:]]' '-') \
-var RHEL_IMAGE_FILE=$(RHEL_IMAGE_FILE) \
-var RHEL_CSUM_FILE=$(RHEL_CSUM_FILE) \
-var 'RHSM_COMMAND=$(RHSM_COMMAND)' \
-var POST_MERGE_BUCKET_SUFFIX=$(POST_MERGE_BUCKET_SUFFIX) \ -var POST_MERGE_BUCKET_SUFFIX=$(POST_MERGE_BUCKET_SUFFIX) \
-only $(PACKER_BUILDS) \ -only $(PACKER_BUILDS) \
libpod_base_images.json libpod_base_images.json

84
contrib/cirrus/packer/centos_setup.sh
View File

@ -1,84 +0,0 @@
#!/bin/bash
# This script is called by packer on the subject CentOS VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var SCRIPT_BASE CNI_COMMIT CRIO_COMMIT CRIU_COMMIT RUNC_COMMIT
install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
ooe.sh sudo yum -y update
ooe.sh sudo yum -y install centos-release-scl epel-release
ooe.sh sudo yum -y install \
PyYAML \
atomic-registries \
bats \
btrfs-progs-devel \
bzip2 \
device-mapper-devel \
emacs-nox \
findutils \
glib2-devel \
glibc-static \
gnupg \
golang \
golang-github-cpuguy83-go-md2man \
golang-github-cpuguy83-go-md2man \
gpgme-devel \
iptables \
jq \
libassuan-devel \
libcap-devel \
libnet \
libnet-devel \
libnl3-devel \
libseccomp-devel \
libselinux-devel \
lsof \
make \
nmap-ncat \
ostree-devel \
protobuf \
protobuf-c \
protobuf-c-devel \
protobuf-compiler \
protobuf-devel \
protobuf-python \
python \
python2-future \
python3-dateutil \
python3-psutil \
python3-pytoml \
skopeo-containers \
unzip \
vim \
which \
xz
install_scl_git
install_conmon
install_runc
install_criu
install_cni_plugins
install_buildah
sudo /tmp/libpod/hack/install_catatonit.sh
rh_finalize
echo "SUCCESS!"

45
contrib/cirrus/packer/fah_base-setup.sh
View File

@ -1,45 +0,0 @@
# N/B: This script is not intended to be run by humans. It is used to configure the
# FAH base image for importing, so that it will boot in GCE.
set -e
# Load in library (copied by packer, before this script was run)
source $GOSRC/$SCRIPT_BASE/lib.sh
install_ooe
if [[ "$1" == "pre" ]]
then
echo "Upgrading Atomic Host"
setenforce 0
ooe.sh atomic host upgrade
echo "Configuring Repositories"
ooe.sh sudo tee /etc/yum.repos.d/ngompa-gce-oslogin.repo <<EOF
[ngompa-gce-oslogin]
name=Copr repo for gce-oslogin owned by ngompa
baseurl=https://copr-be.cloud.fedoraproject.org/results/ngompa/gce-oslogin/fedora-\$releasever-\$basearch/
type=rpm-md
skip_if_unavailable=True
gpgcheck=1
gpgkey=https://copr-be.cloud.fedoraproject.org/results/ngompa/gce-oslogin/pubkey.gpg
repo_gpgcheck=0
enabled=1
enabled_metadata=1
EOF
echo "Installing necessary packages and google services"
# Google services are enabled by default, upon install.
ooe.sh rpm-ostree install rng-tools google-compute-engine google-compute-engine-oslogin
echo "Rebooting..."
systemctl reboot # Required for upgrade + package installs to be active
elif [[ "$1" == "post" ]]
then
echo "Enabling necessary services"
systemctl enable rngd # Must reboot before enabling
rh_finalize
echo "SUCCESS!"
else
echo "Expected to be called with 'pre' or 'post'"
exit 6
fi

21
contrib/cirrus/packer/fah_setup.sh
View File

@ -1,21 +0,0 @@
#!/bin/bash
# This script is called by packer on the subject fah VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var SCRIPT_BASE
install_ooe
ooe.sh sudo atomic host upgrade
ooe.sh sudo rpm-ostree uninstall cloud-init
rh_finalize
echo "SUCCESS!"

2
contrib/cirrus/packer/fedora_setup.sh
View File

@ -8,7 +8,7 @@ set -e
# Load in library (copied by packer, before this script was run) # Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var SCRIPT_BASE FEDORA_CNI_COMMIT CNI_COMMIT CRIO_COMMIT CRIU_COMMIT RUNC_COMMIT req_env_var SCRIPT_BASE FEDORA_CNI_COMMIT CNI_COMMIT CRIO_COMMIT CRIU_COMMIT
install_ooe install_ooe

53
contrib/cirrus/packer/libpod_base_images.yml
View File

@ -11,12 +11,6 @@ variables:
TIMESTAMP: TIMESTAMP:
# Required for output from qemu builders # Required for output from qemu builders
TTYDEV: TTYDEV:
# RHEL images require click-through agreements to obtain (required)
RHEL_BASE_IMAGE_NAME:
RHEL_IMAGE_FILE:
RHEL_CSUM_FILE:
# RHEL requires a subscription to install/update packages
RHSM_COMMAND:
# Latest Fedora release # Latest Fedora release
FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2" FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2"
@ -26,9 +20,6 @@ variables:
PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2" PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-Base-28-1.1.x86_64.qcow2"
PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-28-1.1-x86_64-CHECKSUM" PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/28/Cloud/x86_64/images/Fedora-Cloud-28-1.1-x86_64-CHECKSUM"
PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-28-1-1' # Name to use in GCE PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-28-1-1' # Name to use in GCE
FAH_IMAGE_URL: "https://dl.fedoraproject.org/pub/alt/atomic/stable/Fedora-Atomic-29-20181025.1/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20181025.1.x86_64.qcow2"
FAH_CSUM_URL: "https://dl.fedoraproject.org/pub/alt/atomic/stable/Fedora-Atomic-29-20181025.1/AtomicHost/x86_64/images/Fedora-AtomicHost-29-20181025.1-x86_64-CHECKSUM"
FAH_BASE_IMAGE_NAME: 'fedora-atomichost-29-20181025-1' # Name to use in GCE
# The name of the image in GCE used for packer build libpod_images.yml # The name of the image in GCE used for packer build libpod_images.yml
IBI_BASE_NAME: 'image-builder-image' IBI_BASE_NAME: 'image-builder-image'
@ -45,28 +36,9 @@ variables:
sensitive-variables: sensitive-variables:
- 'GOOGLE_APPLICATION_CREDENTIALS' - 'GOOGLE_APPLICATION_CREDENTIALS'
- 'GCP_PROJECT_ID' - 'GCP_PROJECT_ID'
- 'RHSM_COMMAND'
# What images to produce in which cloud # What images to produce in which cloud
builders: builders:
- name: '{{user `IBI_BASE_NAME`}}'
type: 'googlecompute'
image_name: '{{user `IBI_BASE_NAME`}}-{{user `TIMESTAMP`}}'
image_family: '{{user `IBI_BASE_NAME`}}'
source_image_project_id: 'centos-cloud'
source_image_family: 'centos-7'
project_id: '{{user `GCP_PROJECT_ID`}}'
account_file: '{{user `GOOGLE_APPLICATION_CREDENTIALS`}}'
communicator: 'ssh'
ssh_username: 'centos'
ssh_pty: 'true'
# The only supported zone in Cirrus-CI, as of addition of this comment
zone: 'us-central1-a'
# Enable nested virtualization in case it's ever needed
image_licenses:
- 'https://www.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx'
min_cpu_platform: "Intel Broadwell" # nested-virt requirement
- &nested_virt - &nested_virt
name: 'fedora' name: 'fedora'
type: 'qemu' type: 'qemu'
@ -109,18 +81,6 @@ builders:
iso_url: '{{user `PRIOR_FEDORA_IMAGE_URL`}}' iso_url: '{{user `PRIOR_FEDORA_IMAGE_URL`}}'
iso_checksum_url: '{{user `PRIOR_FEDORA_CSUM_URL`}}' iso_checksum_url: '{{user `PRIOR_FEDORA_CSUM_URL`}}'
- <<: *nested_virt
name: 'fah'
iso_url: '{{user `FAH_IMAGE_URL`}}'
iso_checksum_url: '{{user `FAH_CSUM_URL`}}'
disk_size: 10240
- <<: *nested_virt
name: 'rhel'
iso_url: 'file://{{user `RHEL_IMAGE_FILE`}}'
iso_checksum_url: 'file://{{user `RHEL_CSUM_FILE`}}'
disk_size: 10240
provisioners: provisioners:
- type: 'shell' - type: 'shell'
inline: inline:
@ -150,7 +110,6 @@ provisioners:
- 'GOSRC=/tmp/libpod' - 'GOSRC=/tmp/libpod'
- 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
- 'PACKER_BASE={{user `PACKER_BASE`}}' - 'PACKER_BASE={{user `PACKER_BASE`}}'
- 'RHSM_COMMAND={{user `RHSM_COMMAND`}}'
- <<: *shell_script - <<: *shell_script
inline: ['{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh'] inline: ['{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{build_name}}_base-setup.sh']
@ -161,7 +120,7 @@ provisioners:
post-processors: post-processors:
- - type: "compress" - - type: "compress"
only: ['fedora', 'prior-fedora', 'fah', 'rhel'] only: ['fedora', 'prior-fedora']
output: '/tmp/{{build_name}}/disk.raw.tar.gz' output: '/tmp/{{build_name}}/disk.raw.tar.gz'
format: '.tar.gz' format: '.tar.gz'
compression_level: 9 compression_level: 9
@ -180,14 +139,4 @@ post-processors:
image_name: "{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}" image_name: "{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}' image_description: 'Based on {{user `PRIOR_FEDORA_IMAGE_URL`}}'
image_family: '{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}' image_family: '{{user `PRIOR_FEDORA_BASE_IMAGE_NAME`}}'
- <<: *gcp_import
only: ['fah']
image_name: "{{user `FAH_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `FAH_IMAGE_URL`}}'
image_family: '{{user `FAH_BASE_IMAGE_NAME`}}'
- <<: *gcp_import
only: ['rhel']
image_name: "{{user `RHEL_BASE_IMAGE_NAME`}}-{{user `TIMESTAMP`}}"
image_description: 'Based on {{user `RHEL_IMAGE_FILE`}}'
image_family: '{{user `RHEL_BASE_IMAGE_NAME`}}'
- type: 'manifest' - type: 'manifest'

18
contrib/cirrus/packer/libpod_images.yml
View File

@ -3,12 +3,9 @@
# All of these are required # All of these are required
variables: variables:
# Names of GCE Base images to start from, in .cirrus.yml # Names of GCE Base images to start from, in .cirrus.yml
RHEL_BASE_IMAGE: '{{env `RHEL_BASE_IMAGE`}}'
CENTOS_BASE_IMAGE: '{{env `CENTOS_BASE_IMAGE`}}'
UBUNTU_BASE_IMAGE: '{{env `UBUNTU_BASE_IMAGE`}}' UBUNTU_BASE_IMAGE: '{{env `UBUNTU_BASE_IMAGE`}}'
FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}' FEDORA_BASE_IMAGE: '{{env `FEDORA_BASE_IMAGE`}}'
PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}' PRIOR_FEDORA_BASE_IMAGE: '{{env `PRIOR_FEDORA_BASE_IMAGE`}}'
FAH_BASE_IMAGE: '{{env `FAH_BASE_IMAGE`}}'
# libpod dependencies to build and install into images # libpod dependencies to build and install into images
FEDORA_CNI_COMMIT: "{{env `FEDORA_CNI_COMMIT`}}" FEDORA_CNI_COMMIT: "{{env `FEDORA_CNI_COMMIT`}}"
@ -25,7 +22,6 @@ variables:
# Protected credentials, decrypted by Cirrus at runtime # Protected credentials, decrypted by Cirrus at runtime
GCE_SSH_USERNAME: '{{env `GCE_SSH_USERNAME`}}' GCE_SSH_USERNAME: '{{env `GCE_SSH_USERNAME`}}'
GCP_PROJECT_ID: '{{env `GCP_PROJECT_ID`}}' GCP_PROJECT_ID: '{{env `GCP_PROJECT_ID`}}'
RHSM_COMMAND: '{{env `RHSM_COMMAND`}}'
SERVICE_ACCOUNT: '{{env `SERVICE_ACCOUNT`}}' SERVICE_ACCOUNT: '{{env `SERVICE_ACCOUNT`}}'
GOOGLE_APPLICATION_CREDENTIALS: '{{env `GOOGLE_APPLICATION_CREDENTIALS`}}' GOOGLE_APPLICATION_CREDENTIALS: '{{env `GOOGLE_APPLICATION_CREDENTIALS`}}'
@ -37,7 +33,6 @@ variables:
sensitive-variables: sensitive-variables:
- 'GCE_SSH_USERNAME' - 'GCE_SSH_USERNAME'
- 'GCP_PROJECT_ID' - 'GCP_PROJECT_ID'
- 'RHSM_COMMAND'
- 'SERVICE_ACCOUNT' - 'SERVICE_ACCOUNT'
# What images to produce in which cloud # What images to produce in which cloud
@ -59,14 +54,6 @@ builders:
zone: 'us-central1-a' zone: 'us-central1-a'
# v----- is a YAML alias, allows partial re-use of the anchor object # v----- is a YAML alias, allows partial re-use of the anchor object
- <<: *gce_hosted_image
name: 'rhel-7'
source_image: '{{user `RHEL_BASE_IMAGE`}}'
- <<: *gce_hosted_image
name: 'centos-7'
source_image: '{{user `CENTOS_BASE_IMAGE`}}'
- <<: *gce_hosted_image - <<: *gce_hosted_image
name: 'fedora-29' name: 'fedora-29'
source_image: '{{user `FEDORA_BASE_IMAGE`}}' source_image: '{{user `FEDORA_BASE_IMAGE`}}'
@ -75,10 +62,6 @@ builders:
name: 'fedora-28' name: 'fedora-28'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}' source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
- <<: *gce_hosted_image
name: 'fah-29'
source_image: '{{user `FAH_BASE_IMAGE`}}'
# The brains of the operation, making actual modifications to the base-image. # The brains of the operation, making actual modifications to the base-image.
provisioners: provisioners:
- type: 'file' - type: 'file'
@ -95,7 +78,6 @@ provisioners:
- 'CRIU_COMMIT={{user `CRIU_COMMIT`}}' - 'CRIU_COMMIT={{user `CRIU_COMMIT`}}'
- 'RUNC_COMMIT={{user `RUNC_COMMIT`}}' - 'RUNC_COMMIT={{user `RUNC_COMMIT`}}'
- 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
- 'RHSM_COMMAND={{user `RHSM_COMMAND`}}'
post-processors: post-processors:
- - type: 'manifest' # writes packer-manifest.json - - type: 'manifest' # writes packer-manifest.json

78
contrib/cirrus/packer/rhel_base-setup.sh
View File

@ -1,78 +0,0 @@
#!/bin/bash
# N/B: This script is not intended to be run by humans. It is used to configure the
# rhel base image for importing, so that it will boot in GCE
set -e
[[ "$1" == "post" ]] || exit 0 # pre stage is not needed
# Load in library (copied by packer, before this script was run)
source $GOSRC/$SCRIPT_BASE/lib.sh
req_env_var RHSM_COMMAND
install_ooe
rhsm_enable
echo "Setting up repos"
# Frequently needed
ooe.sh sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Required for google to manage ssh keys
ooe.sh sudo tee /etc/yum.repos.d/google-cloud-sdk.repo << EOM
[google-cloud-compute]
name=google-cloud-compute
baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-compute-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
echo "Updating all packages"
ooe.sh sudo yum -y update
echo "Installing/removing packages"
ooe.sh sudo yum -y install rng-tools google-compute-engine google-compute-engine-oslogin
echo "Enabling critical services"
ooe.sh sudo systemctl enable \
rngd \
google-accounts-daemon \
google-clock-skew-daemon \
google-instance-setup \
google-network-daemon \
google-shutdown-scripts \
google-startup-scripts
rhel_exit_handler # release subscription!
echo "Configuring boot"
cat << "EOF" | sudo tee /etc/default/grub
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL="serial console"
GRUB_SERIAL_COMMAND="serial --speed=38400"
GRUB_CMDLINE_LINUX="crashkernel=auto console=ttyS0,38400n8"
GRUB_DISABLE_RECOVERY="true"
EOF
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
echo "Configuring networking"
ooe.sh sudo nmcli connection modify 'System eth0' 802-3-ethernet.mtu 1460
ooe.sh sudo nmcli connection modify 'System eth0' connection.autoconnect yes
ooe.sh sudo nmcli connection modify 'System eth0' connection.autoconnect-priority
ooe.sh sudo nmcli connection modify 'System eth0' ipv4.method auto
ooe.sh sudo nmcli connection modify 'System eth0' ipv4.dhcp-send-hostname yes
ooe.sh sudo nmcli connection modify 'System eth0' ipv4.dhcp-timeout 0
ooe.sh sudo nmcli connection modify 'System eth0' ipv4.never-default no
ooe.sh /usr/bin/google_instance_setup
rh_finalize
echo "SUCCESS!"

96
contrib/cirrus/packer/rhel_setup.sh
View File

@ -1,96 +0,0 @@
#!/bin/bash
# This script is called by packer on the subject CentOS VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var SCRIPT_BASE CNI_COMMIT CRIO_COMMIT CRIU_COMMIT RHSM_COMMAND RUNC_COMMIT
install_ooe
rhsm_enable
ooe.sh sudo yum -y erase "rh-amazon-rhui-client*"
ooe.sh sudo subscription-manager repos "--disable=*"
ooe.sh sudo subscription-manager repos \
--enable=rhel-7-server-rpms \
--enable=rhel-7-server-optional-rpms \
--enable=rhel-7-server-extras-rpms \
--enable=rhel-server-rhscl-7-rpms
sudo sed -r -i -e 's/^notify_only=.+/notify_only=0/g' \
/etc/yum/pluginconf.d/search-disabled-repos.conf
ooe.sh sudo yum -y update
ooe.sh sudo yum -y install \
PyYAML \
atomic-registries \
bats \
btrfs-progs-devel \
bzip2 \
device-mapper-devel \
emacs-nox \
findutils \
glib2-devel \
glibc-static \
gnupg \
golang \
golang-github-cpuguy83-go-md2man \
golang-github-cpuguy83-go-md2man \
gpgme-devel \
iptables \
jq \
libassuan-devel \
libcap-devel \
libnet \
libnet-devel \
libnl3-devel \
libseccomp-devel \
libselinux-devel \
lsof \
make \
nmap-ncat \
ostree-devel \
protobuf \
protobuf-c \
protobuf-c-devel \
protobuf-compiler \
protobuf-devel \
protobuf-python \
python \
python2-future \
python2-pyyaml \
python34-dateutil \
python34-psutil \
python34-pytoml \
python34-PyYAML \
skopeo-containers \
unzip \
vim \
which \
xz
install_scl_git
install_conmon
install_runc
install_criu
install_cni_plugins
install_buildah
sudo /tmp/libpod/hack/install_catatonit.sh
rhel_exit_handler # release subscription!
rh_finalize
echo "SUCCESS!"

7
contrib/cirrus/rootless_test.sh
View File

@ -4,20 +4,23 @@ set -e
source $(dirname $0)/lib.sh source $(dirname $0)/lib.sh
req_env_var GOSRC ROOTLESS_USER
if [[ "$UID" == "0" ]] if [[ "$UID" == "0" ]]
then then
echo "Error: Expected to be running as a regular user" echo "Error: Expected to be running as a regular user"
exit 1 exit 1
fi fi
# Ensure environment setup correctly
req_env_var GOSRC ROOTLESS_USER
echo "." echo "."
echo "Hello, my name is $USER and I live in $PWD can I be your friend?" echo "Hello, my name is $USER and I live in $PWD can I be your friend?"
echo "."
export PODMAN_VARLINK_ADDRESS=unix:/tmp/podman-$(id -u) export PODMAN_VARLINK_ADDRESS=unix:/tmp/podman-$(id -u)
show_env_vars show_env_vars
set -x
cd "$GOSRC" cd "$GOSRC"
make make
make varlink_generate make varlink_generate

30
contrib/cirrus/setup_environment.sh
View File

@ -12,15 +12,11 @@ exithandler() {
RET=$? RET=$?
set +e set +e
show_env_vars show_env_vars
record_timestamp "env. setup end"
echo "$(basename $0) exit status: $RET" echo "$(basename $0) exit status: $RET"
[[ "$RET" -eq "0" ]] && date +%s >> "SETUP_MARKER_FILEPATH" [[ "$RET" -eq "0" ]] && date +%s >> "SETUP_MARKER_FILEPATH"
} }
trap exithandler EXIT trap exithandler EXIT
# Must be bash, always bash
[[ "$SHELL" =~ "bash" ]] || chsh -s /bin/bash
# Verify basic dependencies # Verify basic dependencies
for depbin in go rsync unzip sha256sum curl make python3 git for depbin in go rsync unzip sha256sum curl make python3 git
do do
@ -39,8 +35,10 @@ case "${OS_REL_VER}" in
ubuntu-18) ;; ubuntu-18) ;;
fedora-29) ;; fedora-29) ;;
fedora-28) ;; fedora-28) ;;
centos-7) ;; centos-7) # Current VM is an image-builder-image no local podman/testing
rhel-7) ;; echo "No further setup required for VM image building"
exit 0
;;
*) bad_os_id_ver ;; *) bad_os_id_ver ;;
esac esac
@ -59,19 +57,27 @@ sudo install -D -m 755 $GOSRC/test/registries.conf \
# cri-o if installed will mess with testing in non-obvious ways # cri-o if installed will mess with testing in non-obvious ways
rm -f /etc/cni/net.d/*cri* rm -f /etc/cni/net.d/*cri*
go get github.com/onsi/ginkgo/ginkgo make install.tools
go get github.com/onsi/gomega/...
case "$SPECIALMODE" in case "$SPECIALMODE" in
none) ;; # Do the normal thing
rootless) rootless)
X=$(echo "export ROOTLESS_USER='some${RANDOM}dude'" | \ # Only do this once, even if ROOTLESS_USER (somehow) changes
tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X" if ! grep -q 'ROOTLESS_USER' /etc/environment
X=$(echo "export SPECIALMODE='$SPECIALMODE'"| \ then
tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X" X=$(echo "export ROOTLESS_USER='${ROOTLESS_USER:-some${RANDOM}dude}'" | \
tee -a /etc/environment) && eval "$X" && echo "$X"
X=$(echo "export SPECIALMODE='${SPECIALMODE}'" | \
tee -a /etc/environment) && eval "$X" && echo "$X"
X=$(echo "export TEST_REMOTE_CLIENT='${TEST_REMOTE_CLIENT}'" | \
tee -a /etc/environment) && eval "$X" && echo "$X"
setup_rootless setup_rootless
fi
;; ;;
in_podman) # Assumed to be Fedora in_podman) # Assumed to be Fedora
dnf install -y podman buildah dnf install -y podman buildah
$SCRIPT_BASE/setup_container_environment.sh $SCRIPT_BASE/setup_container_environment.sh
;; ;;
*)
die 111 "Unsupported \$SPECIAL_MODE: $SPECIALMODE"
esac esac

9
contrib/cirrus/system_test.sh
View File

@ -8,12 +8,9 @@ req_env_var GOSRC OS_RELEASE_ID OS_RELEASE_VER
set -x set -x
cd "$GOSRC" cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in case "${OS_RELEASE_ID}" in
ubuntu-18) ;& # Continue to the next item ubuntu) ;& # Continue to the next item
fedora-28) ;& fedora)
fedora-29) ;&
centos-7) ;&
rhel-7)
make install.tools make install.tools
make make
make test-binaries make test-binaries

129
hack/get_ci_vm.sh
View File

@ -19,7 +19,6 @@ PROJECT="libpod-218412"
GOSRC="/var/tmp/go/src/github.com/containers/libpod" GOSRC="/var/tmp/go/src/github.com/containers/libpod"
GCLOUD_IMAGE=${GCLOUD_IMAGE:-quay.io/cevich/gcloud_centos:latest} GCLOUD_IMAGE=${GCLOUD_IMAGE:-quay.io/cevich/gcloud_centos:latest}
GCLOUD_SUDO=${GCLOUD_SUDO-sudo} GCLOUD_SUDO=${GCLOUD_SUDO-sudo}
ROOTLESS_USER="madcowdog"
# Shared tmp directory between container and us # Shared tmp directory between container and us
TMPDIR=$(mktemp -d --tmpdir $(basename $0)_tmpdir_XXXXXX) TMPDIR=$(mktemp -d --tmpdir $(basename $0)_tmpdir_XXXXXX)
@ -48,11 +47,15 @@ showrun() {
} }
cleanup() { cleanup() {
RET=$?
set +e set +e
wait wait
# set GCLOUD_DEBUG to leave tmpdir behind for postmortem # set GCLOUD_DEBUG to leave tmpdir behind for postmortem
test -z "$GCLOUD_DEBUG" && rm -rf $TMPDIR test -z "$GCLOUD_DEBUG" && rm -rf $TMPDIR
# Not always called from an exit handler, but should always exit when called
exit $RET
} }
trap cleanup EXIT trap cleanup EXIT
@ -67,14 +70,15 @@ delvm() {
image_hints() { image_hints() {
egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \ egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \
"$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \ "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \
grep -v 'notready' | grep -v 'image-builder' | sort -u grep -v 'notready' | sort -u
} }
show_usage() { show_usage() {
echo -e "\n${RED}ERROR: $1${NOR}" echo -e "\n${RED}ERROR: $1${NOR}"
echo -e "${YEL}Usage: $(basename $0) [-s | -p | -r] <image_name>${NOR}" echo -e "${YEL}Usage: $(basename $0) [-m <SPECIALMODE>] [-u <ROOTLESS_USER> ] <image_name>${NOR}"
echo "Use -s / -p to select source or package based dependencies" echo "Use -m <SPECIALMODE> with a supported value documented in contrib/cirrus/README.md."
echo -e "Use -r to setup and run tests as a regular user.\n" echo "With '-m rootless' must also specify -u <ROOTLESS_USER> with name of user to create & use"
echo ""
if [[ -r ".cirrus.yml" ]] if [[ -r ".cirrus.yml" ]]
then then
echo -e "${YEL}Some possible image_name values (from .cirrus.yml):${NOR}" echo -e "${YEL}Some possible image_name values (from .cirrus.yml):${NOR}"
@ -87,7 +91,7 @@ show_usage() {
get_env_vars() { get_env_vars() {
python -c ' python -c '
import yaml import yaml
env=yaml.load(open(".cirrus.yml"))["env"] env=yaml.load(open(".cirrus.yml"), Loader=yaml.SafeLoader)["env"]
keys=[k for k in env if "ENCRYPTED" not in str(env[k])] keys=[k for k in env if "ENCRYPTED" not in str(env[k])]
for k,v in env.items(): for k,v in env.items():
v=str(v) v=str(v)
@ -99,28 +103,56 @@ for k,v in env.items():
parse_args(){ parse_args(){
echo -e "$USAGE_WARNING" echo -e "$USAGE_WARNING"
if [[ -z "$1" ]] if [[ "$USER" =~ "root" ]]
then then
show_usage "Must specify at least one command-line parameter." show_usage "This script must be run as a regular user."
elif [[ "$1" == "-p" ]] fi
then
echo -e "${YEL}Hint: Use -p for package-based dependencies or -s for source-based.${NOR}"
DEPS="PACKAGE_DEPS=true SOURCE_DEPS=false"
IMAGE_NAME="$2"
elif [[ "$1" == "-s" ]] ENVS="$(get_env_vars)"
[[ "$#" -ge "1" ]] || \
show_usage "Must specify at least one command-line parameter."
IMAGE_NAME=""
ROOTLESS_USER=""
SPECIALMODE="none"
for arg
do
if [[ "$SPECIALMODE" == "GRABNEXT" ]] && [[ "${arg:0:1}" != "-" ]]
then then
echo -e "${RED}Using source-based dependencies.${NOR}" SPECIALMODE="$arg"
DEPS="PACKAGE_DEPS=false SOURCE_DEPS=true" echo -e "${YEL}Using \$SPECIALMODE=$SPECIALMODE.${NOR}"
IMAGE_NAME="$2" continue
elif [[ "$1" == "-r" ]] elif [[ "$ROOTLESS_USER" == "GRABNEXT" ]] && [[ "${arg:0:1}" != "-" ]]
then then
DEPS="ROOTLESS_USER=$ROOTLESS_USER" ROOTLESS_USER="$arg"
IMAGE_NAME="$2" echo -e "${YEL}Using \$ROOTLESS_USER=$ROOTLESS_USER.${NOR}"
else # no -s or -p continue
echo -e "${RED}Using package-based dependencies.${NOR}" fi
DEPS="$(get_env_vars)" case "$arg" in
IMAGE_NAME="$1" -m)
SPECIALMODE="GRABNEXT"
;;
-u)
ROOTLESS_USER="GRABNEXT"
;;
*)
[[ "${arg:0:1}" != "-" ]] || \
show_usage "Unknown command-line option '$arg'."
[[ -z "$IMAGE_NAME" ]] || \
show_usage "Must specify exactly one image name, got '$IMAGE_NAME' and '$arg'."
IMAGE_NAME="$arg"
;;
esac
done
if [[ "$SPECIALMODE" == "GRABNEXT" ]]
then
show_usage "Must specify argument to -m option."
fi
if [[ "$ROOTLESS_USER" == "GRABNEXT" ]]
then
show_usage "Must specify argument to -u option."
fi fi
if [[ -z "$IMAGE_NAME" ]] if [[ -z "$IMAGE_NAME" ]]
@ -128,15 +160,33 @@ parse_args(){
show_usage "No image-name specified." show_usage "No image-name specified."
fi fi
if [[ "$USER" =~ "root" ]] if [[ "$SPECIALMODE" == "rootless" ]] && [[ -z "$ROOTLESS_USER" ]]
then then
show_usage "This script must be run as a regular user." show_usage "With '-m rootless' must also pass -u <username> of rootless user."
fi fi
SETUP_CMD="env $DEPS $GOSRC/contrib/cirrus/setup_environment.sh" if echo "$IMAGE_NAME" | grep -q "image-builder-image"
then
echo -e "Creating an image-builder VM, I hope you know what you're doing.\n"
IBI_ARGS="--scopes=compute-rw,storage-rw,userinfo-email \"--min-cpu-platform=Intel Haswell\""
SSHUSER="centos"
else
unset IBI_ARGS
SSHUSER="root"
fi
ENVS="$ENVS SPECIALMODE=\"$SPECIALMODE\""
[[ -z "$ROOTLESS_USER" ]] || \
ENVS="$ENVS ROOTLESS_USER=$ROOTLESS_USER"
SETUP_CMD="env $ENVS $GOSRC/contrib/cirrus/setup_environment.sh"
VMNAME="${VMNAME:-${USER}-${IMAGE_NAME}}" VMNAME="${VMNAME:-${USER}-${IMAGE_NAME}}"
CREATE_CMD="$PGCLOUD compute instances create --zone=$ZONE --image=${IMAGE_NAME} --custom-cpu=$CPUS --custom-memory=$MEMORY --boot-disk-size=$DISK --labels=in-use-by=$USER $VMNAME"
SSH_CMD="$PGCLOUD compute ssh root@$VMNAME" CREATE_CMD="$PGCLOUD compute instances create --zone=$ZONE --image=${IMAGE_NAME} --custom-cpu=$CPUS --custom-memory=$MEMORY --boot-disk-size=$DISK --labels=in-use-by=$USER $IBI_ARGS $VMNAME"
SSH_CMD="$PGCLOUD compute ssh $SSHUSER@$VMNAME"
CLEANUP_CMD="$PGCLOUD compute instances delete --zone $ZONE --delete-disks=all $VMNAME" CLEANUP_CMD="$PGCLOUD compute instances delete --zone $ZONE --delete-disks=all $VMNAME"
} }
@ -147,7 +197,7 @@ parse_args(){
cd "$LIBPODROOT" cd "$LIBPODROOT"
parse_args $@ parse_args "$@"
# Ensure mount-points and data directories exist on host as $USER. Also prevents # Ensure mount-points and data directories exist on host as $USER. Also prevents
# permission-denied errors during cleanup() b/c `sudo podman` created mount-points # permission-denied errors during cleanup() b/c `sudo podman` created mount-points
@ -188,7 +238,7 @@ showrun --background tar cjf $TMPDIR/$TARBALL --warning=no-file-changed -C $LIBP
trap delvm INT # Allow deleting VM if CTRL-C during create trap delvm INT # Allow deleting VM if CTRL-C during create
# This fails if VM already exists: permit this usage to re-init # This fails if VM already exists: permit this usage to re-init
echo -e "\n${YEL}Trying to creating a VM named $VMNAME ${RED}(might take a minute/two. Errors ignored).${NOR}" echo -e "\n${YEL}Trying to creating a VM named $VMNAME\n${RED}(might take a minute/two. Errors ignored).${NOR}"
showrun $CREATE_CMD || true # allow re-running commands below when "delete: N" showrun $CREATE_CMD || true # allow re-running commands below when "delete: N"
# Any subsequent failure should prompt for VM deletion # Any subsequent failure should prompt for VM deletion
@ -208,19 +258,13 @@ then
fi fi
echo -e "${YEL}Got it${NOR}" echo -e "${YEL}Got it${NOR}"
if $SSH_CMD --command "test -r /root/.bash_profile_original"
then
echo -e "\n${YEL}Resetting environment configuration${NOR}"
showrun $SSH_CMD --command "cp /root/.bash_profile_original /root/.bash_profile"
fi
echo -e "\n${YEL}Removing and re-creating $GOSRC on $VMNAME.${NOR}" echo -e "\n${YEL}Removing and re-creating $GOSRC on $VMNAME.${NOR}"
showrun $SSH_CMD --command "rm -rf $GOSRC" showrun $SSH_CMD --command "rm -rf $GOSRC"
showrun $SSH_CMD --command "mkdir -p $GOSRC" showrun $SSH_CMD --command "mkdir -p $GOSRC"
echo -e "\n${YEL}Transfering tarball to $VMNAME.${NOR}" echo -e "\n${YEL}Transfering tarball to $VMNAME.${NOR}"
wait wait
showrun $SCP_CMD $HOME/$TARBALL root@$VMNAME:/tmp/$TARBALL showrun $SCP_CMD $HOME/$TARBALL $SSHUSER@$VMNAME:/tmp/$TARBALL
echo -e "\n${YEL}Unpacking tarball into $GOSRC on $VMNAME.${NOR}" echo -e "\n${YEL}Unpacking tarball into $GOSRC on $VMNAME.${NOR}"
showrun $SSH_CMD --command "tar xjf /tmp/$TARBALL -C $GOSRC" showrun $SSH_CMD --command "tar xjf /tmp/$TARBALL -C $GOSRC"
@ -231,9 +275,12 @@ showrun $SSH_CMD --command "rm -f /tmp/$TARBALL"
echo -e "\n${YEL}Executing environment setup${NOR}" echo -e "\n${YEL}Executing environment setup${NOR}"
showrun $SSH_CMD --command "$SETUP_CMD" showrun $SSH_CMD --command "$SETUP_CMD"
echo -e "\n${YEL}Connecting to $VMNAME ${RED}(option to delete VM upon logout).${NOR}\n" echo -e "\n${YEL}Connecting to $VMNAME\n${RED}(option to delete VM upon logout).${NOR}\n"
if [[ "$1" == "-r" ]] if [[ -n "$ROOTLESS_USER" ]]
then then
echo "Re-chowning source files after transfer"
showrun $SSH_CMD --command "chown -R $ROOTLESS_USER $GOSRC"
echo "Connecting as user $ROOTLESS_USER"
SSH_CMD="$PGCLOUD compute ssh $ROOTLESS_USER@$VMNAME" SSH_CMD="$PGCLOUD compute ssh $ROOTLESS_USER@$VMNAME"
fi fi
showrun $SSH_CMD -- -t "cd $GOSRC && exec env $DEPS bash -il" showrun $SSH_CMD -- -t "cd $GOSRC && exec env $ENVS bash -il"