opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-21 17:38:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add configuration for Cirrus-CI

Browse Source 
Testing podman requires exercising on a full-blown VM.  The current
containerized-approach is complicated, and mostly a band-aid over
shortcomings in the other CI systems.  Namely, we want:

* To pre-build environments with dependencies to reduce the
  setup time needed for testing.
* The ability to verify the pre-built environments are working
  before utilizing them for further testing.
* A simple, single set of flexible automation instructions to
  reduce maintenance burden.
* Ease of environment reproduction across clouds or locally, for
  debugging failures.

This change leverages Cirrus-CI + Packer + collection of shell scripts
to realize all of the above.

Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2018-07-09 12:30:20 -04:00
parent 094b8b7350
commit c53163b75a
13 changed files with 1079 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
.cirrus.yml
View File

@ -0,0 +1,117 @@
---
# Only github users with write-access can define or use encrypted variables
# This credential represents a service account with access to manage both VMs
# and storage.
gcp_credentials: ENCRYPTED[885c6e4297dd8d6f67593c42b810353af0c505a7a670e2c6fd830c56e86bbb2debcc3c18f942d0d46ab36b63521061d4]
# Default VM to use for testing, unless values overriden by specific tasks (below)
gce_instance:
image_project: "libpod-218412"
zone: "us-central1-a" # Required by Cirrus for the time being
cpu: 4
memory: "8Gb"
disk: 40
# Main collection of env. varss to set for all scripts. All others
# are cooked in by $SCRIPT_BASE/setup_environment.sh
env:
CNI_COMMIT: "7480240de9749f9a0a5c8614b17f1f03e0c06ab9"
CRIO_COMMIT: "662dbb31b5d4f5ed54511a47cde7190c61c28677"
RUNC_COMMIT: "ad0f5255060d36872be04de22f8731f38ef2d7b1"
# File to update in home-dir with task-specific env. var values
ENVLIB: ".bash_profile"
# Overrides default location (/tmp/cirrus) for repo clone
CIRRUS_WORKING_DIR: "/go/src/github.com/containers/libpod"
# Required so $ENVLIB gets loaded
CIRRUS_SHELL: "/bin/bash"
# Save a little typing (path relative to $CIRRUS_WORKING_DIR)
SCRIPT_BASE: "./contrib/cirrus"
PACKER_BASE: "./contrib/cirrus/packer"
# Every *_task runs in parallel in separate VMs. The name prefix only for reference
# in WebUI, and will be followed by matrix details. This task does all the
# per-pr unit/integration testing.
full_vm_testing_task:
gce_instance:
# Generate multiple 'test' tasks, covering all possible
# 'matrix' combinations. All run in parallel.
matrix:
# Images are generated separetly, from build_images_task (below)
image_name: "ubuntu-1804-bionic-v20180911-libpod-5763563410948096"
# TODO: Make these work (also build_images_task below)
#image_name: "rhel-server-ec2-7-5-165-1-libpod-5358668723781632"
#image_name: "centos-7-v20180911-libpod-5358668723781632"
#image_name: "fedora-cloud-base-28-1-1-7-libpod-5358668723781632"
timeout_in: 120m
# Every *_script runs in sequence, for each task. The name prefix is for
# WebUI reference. The values may be strings...
setup_environment_script: $SCRIPT_BASE/setup_environment.sh
# ...or lists of strings
unit_test_script:
- whoami # root!
- $SCRIPT_BASE/unit_test.sh
integration_test_script: $SCRIPT_BASE/integration_test.sh
# This task build new images for future PR testing, but only after a PR merge.
# These images save needing to install/setup the same environment to test every
# PR. The 'active' image for testing is selected by the 'image_name' items in
# task above. Currently this requires manually updating them, but this could
# be automated (see comment at end).
build_vm_images_task:
# Only produce new images after a PR merge
only_if: $CIRRUS_BRANCH == 'master'
# Require tests to pass first.
depends_on:
- test # i.e. 'test_task'
env:
# CSV of packer builder names to enable (see $PACKER_BASE/libpod_images.json)
PACKER_BUILDS: "ubuntu-18"
# TODO: Make these work (also full_vm_testing_task above)
# PACKER_BUILDS: "rhel-7,centos-7,fedora-28,ubuntu-18"
# Command to register a RHEL VM
RHSM_COMMAND: ENCRYPTED[fec01433222af1ed0b8e40e89e7d18f6ee2fa9f49a1e721dc72f7eed3c740661215d1bd05cb54ac66a1a62116b92bdce]
# Additional environment variables needed to build GCE images, within a GCE VM
SERVICE_ACCOUNT: ENCRYPTED[02e03838b1156eb9516c7cc1e888e287910759842275f3c7bc2b4d56075cc6740e29ffa0ab71ebdbbd079673361dd8c9]
GCE_SSH_USERNAME: ENCRYPTED[a19a4ec62423e3e0fe4e7d1a5c9f11eda8fde321b9047ab5ed5590c2b1d7a2d12091c2be1531f949eae927059c2ae531]
GCP_PROJECT_ID: ENCRYPTED[77cb2d392bbc8d17412547d7d91f8d190089bf6e6b96eab9927994bbff6ab2c691ba0329ac7a650ba6182fbbab9fb68d]
# Existing base values to use, output images get epoc stamped names
PACKER_VER: "1.3.1"
# low-level base VM image name inputs to packer
CENTOS_BASE_IMAGE: "centos-7-v20180911"
RHEL_BASE_IMAGE: "rhel-server-ec2-7-5-165-1"
FEDORA_BASE_IMAGE: "fedora-cloud-base-28-1-1-7"
UBUNTU_BASE_IMAGE: "ubuntu-1804-bionic-v20180911"
gce_instance:
image_name: "image-builder-image" # Simply CentOS 7 + packer dependencies
# Additional permissions for building GCE images, within a GCE VM
scopes:
- compute
- devstorage.full_control
# Doesn't need many local resources to run
cpu: 2
memory: "2Gb"
disk: 20
environment_script: $SCRIPT_BASE/setup_environment.sh
build_vm_images_script: $SCRIPT_BASE/build_vm_images.sh
# TODO,Continuous Delivery: Automaticly open a libpod PR after using 'sed' to replace
# the image_names with the new (just build) images. That will
# cause a new round of testing to happen (via the PR) using
# the new images. When all is good, the PR may be manually
# merged so all PR testing uses the new images. The script
# names (below) describe their purpose in this workflow.
# deploy_images_script:
# - clone_podman_release_branch.sh
# - modify_cirrus_yaml_image_names.sh
# - commit_and_create_upstream_pr.sh

59
contrib/cirrus/build_vm_images.sh Executable file
View File

@ -0,0 +1,59 @@
#!/bin/bash
set -e
source $(dirname $0)/lib.sh
req_env_var "
CNI_COMMIT $CNI_COMMIT
CRIO_COMMIT $CRIO_COMMIT
RUNC_COMMIT $RUNC_COMMIT
PACKER_BUILDS $PACKER_BUILDS
CENTOS_BASE_IMAGE $CENTOS_BASE_IMAGE
UBUNTU_BASE_IMAGE $UBUNTU_BASE_IMAGE
FEDORA_BASE_IMAGE $FEDORA_BASE_IMAGE
RHEL_BASE_IMAGE $RHEL_BASE_IMAGE
RHSM_COMMAND $RHSM_COMMAND
CIRRUS_BUILD_ID $CIRRUS_BUILD_ID
SERVICE_ACCOUNT $SERVICE_ACCOUNT
GCE_SSH_USERNAME $GCE_SSH_USERNAME
GCP_PROJECT_ID $GCP_PROJECT_ID
PACKER_VER $PACKER_VER
SCRIPT_BASE $SCRIPT_BASE
PACKER_BASE $PACKER_BASE
"
# TODO: Skip building images if $CIRRUS_BRANCH =~ "master" and
# commit message of $CIRRUS_CHANGE_IN_REPO contains a magic word
# produced by 'commit_and_create_upstream_pr.sh' script (see .cirrus.yml)
show_env_vars
# Everything here is running on the 'image-builder-image' GCE image
# Assume basic dependencies are all met, but there could be a newer version
# of the packer binary
PACKER_FILENAME="packer_${PACKER_VER}_linux_amd64.zip"
mkdir -p "$HOME/packer"
cd "$HOME/packer"
# image_builder_image has packer pre-installed, check if same version requested
if ! [[ -r "$PACKER_FILENAME" ]]
then
curl -L -O https://releases.hashicorp.com/packer/$PACKER_VER/$PACKER_FILENAME
curl -L https://releases.hashicorp.com/packer/${PACKER_VER}/packer_${PACKER_VER}_SHA256SUMS | \
grep 'linux_amd64' > ./sha256sums
sha256sum --check ./sha256sums
unzip -o $PACKER_FILENAME
./packer --help &> /dev/null # verify exit(0)
fi
set -x
cd "$GOSRC"
# N/B: /usr/sbin/packer is a DIFFERENT tool, and will exit 0 given the args below :(
TEMPLATE="./$PACKER_BASE/libpod_images.json"
$HOME/packer/packer inspect "$TEMPLATE"
#$HOME/packer/packer build -machine-readable "-only=$PACKER_BUILDS" "$TEMPLATE" | tee /tmp/packer_log.csv
$HOME/packer/packer build "-only=$PACKER_BUILDS" "$TEMPLATE"
# TODO: Report back to PR names of built images

28
contrib/cirrus/integration_test.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/bash
set -e
source $(dirname $0)/lib.sh
req_env_var "
GOSRC $GOSRC
OS_RELEASE_ID $OS_RELEASE_ID
OS_RELEASE_VER $OS_RELEASE_VER
"
show_env_vars
set -x
cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
ubuntu-18)
make install PREFIX=/usr ETCDIR=/etc "BUILDTAGS=$BUILDTAGS"
make test-binaries "BUILDTAGS=$BUILDTAGS"
SKIP_USERNS=1 make localintegration "BUILDTAGS=$BUILDTAGS"
;;
fedora-28) ;& # Continue to the next item
centos-7) ;&
rhel-7)
stub 'integration testing not working on $OS_RELEASE_ID'
;;
*) bad_os_id_ver ;;
esac

258
contrib/cirrus/lib.sh Normal file
View File

@ -0,0 +1,258 @@
# Library of common, shared utility functions. This file is intended
# to be sourced by other scripts, not called directly.
# Under some contexts these values are not set, make sure they are.
USER="$(whoami)"
HOME="$(getent passwd $USER | cut -d : -f 6)"
if ! [[ "$PATH" =~ "/usr/local/bin" ]]
then
export PATH="$PATH:/usr/local/bin"
fi
# In ci/testing environment, ensure variables are always loaded
if [[ -r "$HOME/$ENVLIB" ]] && [[ -n "$CI" ]]
then
# Make sure this is always loaded
source "$HOME/$ENVLIB"
fi
# Pass in a line delimited list of, space delimited name/value pairs
# exit non-zero with helpful error message if any value is empty
req_env_var() {
echo "$1" | while read NAME VALUE
do
if [[ -n "$NAME" ]] && [[ -z "$VALUE" ]]
then
echo "Required env. var. \$$NAME is not set"
exit 9
fi
done
}
# Some env. vars may contain secrets. Display values for known "safe"
# and useful variables.
# ref: https://cirrus-ci.org/guide/writing-tasks/#environment-variables
show_env_vars() {
echo "
BUILDTAGS $BUILDTAGS
CI $CI
CIRRUS_CI $CIRRUS_CI
CI_NODE_INDEX $CI_NODE_INDEX
CI_NODE_TOTAL $CI_NODE_TOTAL
CONTINUOUS_INTEGRATION $CONTINUOUS_INTEGRATION
CIRRUS_BASE_BRANCH $CIRRUS_BASE_BRANCH
CIRRUS_BASE_SHA $CIRRUS_BASE_SHA
CIRRUS_BRANCH $CIRRUS_BRANCH
CIRRUS_BUILD_ID $CIRRUS_BUILD_ID
CIRRUS_CHANGE_IN_REPO $CIRRUS_CHANGE_IN_REPO
CIRRUS_CHANGE_MESSAGE $CIRRUS_CHANGE_MESSAGE
CIRRUS_CLONE_DEPTH $CIRRUS_CLONE_DEPTH
CIRRUS_DEFAULT_BRANCH $CIRRUS_DEFAULT_BRANCH
CIRRUS_PR $CIRRUS_PR
CIRRUS_TAG $CIRRUS_TAG
CIRRUS_OS $CIRRUS_OS
OS $OS
CIRRUS_TASK_NAME $CIRRUS_TASK_NAME
CIRRUS_TASK_ID $CIRRUS_TASK_ID
CIRRUS_REPO_NAME $CIRRUS_REPO_NAME
CIRRUS_REPO_OWNER $CIRRUS_REPO_OWNER
CIRRUS_REPO_FULL_NAME $CIRRUS_REPO_FULL_NAME
CIRRUS_REPO_CLONE_URL $CIRRUS_REPO_CLONE_URL
CIRRUS_SHELL $CIRRUS_SHELL
CIRRUS_USER_COLLABORATOR $CIRRUS_USER_COLLABORATOR
CIRRUS_USER_PERMISSION $CIRRUS_USER_PERMISSION
CIRRUS_WORKING_DIR $CIRRUS_WORKING_DIR
CIRRUS_HTTP_CACHE_HOST $CIRRUS_HTTP_CACHE_HOST
$(go env)
" | while read NAME VALUE
do
[[ -z "$NAME" ]] || echo "export $NAME=\"$VALUE\""
done
}
# Return a GCE image-name compatible string representation of distribution name
os_release_id() {
eval "$(egrep -m 1 '^ID=' /etc/os-release | tr -d \' | tr -d \")"
echo "$ID"
}
# Return a GCE image-name compatible string representation of distribution major version
os_release_ver() {
eval "$(egrep -m 1 '^VERSION_ID=' /etc/os-release | tr -d \' | tr -d \")"
echo "$VERSION_ID" | cut -d '.' -f 1
}
bad_os_id_ver() {
echo "Unknown/Unsupported distro. $OS_RELEASE_ID and/or version $OS_RELEASE_VER for $ARGS"
exit 42
}
stub() {
echo "STUB: Pretending to do $1"
}
# Run sudo in directory with GOPATH set
cdsudo() {
DIR="$1"
shift
CMD="cd $DIR && $@"
sudo --preserve-env=GOPATH --non-interactive bash -c "$CMD"
}
# Helper/wrapper script to only show stderr/stdout on non-zero exit
install_ooe() {
req_env_var "SCRIPT_BASE $SCRIPT_BASE"
echo "Installing script to mask stdout/stderr unless non-zero exit."
sudo install -D -m 755 "/tmp/libpod/$SCRIPT_BASE/ooe.sh" /usr/local/bin/ooe.sh
}
# Grab a newer version of git from software collections
# https://www.softwarecollections.org/en/
# and use it with a wrapper
install_scl_git() {
echo "Installing SoftwareCollections updated 'git' version."
ooe.sh sudo yum -y install rh-git29
cat << "EOF" | sudo tee /usr/bin/git
#!/bin/bash
scl enable rh-git29 -- git $@
EOF
sudo chmod 755 /usr/bin/git
}
install_cni_plugins() {
echo "Installing CNI Plugins from commit $CNI_COMMIT"
req_env_var "
GOPATH $GOPATH
CNI_COMMIT $CNI_COMMIT
"
DEST="$GOPATH/src/github.com/containernetworking/plugins"
rm -rf "$DEST"
ooe.sh git clone "https://github.com/containernetworking/plugins.git" "$DEST"
cd "$DEST"
ooe.sh git checkout -q "$CNI_COMMIT"
ooe.sh ./build.sh
sudo mkdir -p /usr/libexec/cni
sudo cp bin/* /usr/libexec/cni
}
install_runc(){
OS_RELEASE_ID=$(os_release_id)
echo "Installing RunC from commit $RUNC_COMMIT"
echo "Platform is $OS_RELEASE_ID"
req_env_var "
GOPATH $GOPATH
RUNC_COMMIT $RUNC_COMMIT
OS_RELEASE_ID $OS_RELEASE_ID
"
if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]; then
echo "Running make install.libseccomp.sudo for ubuntu"
if ! [[ -d "/tmp/libpod" ]]
then
echo "Expecting a copy of libpod repository in /tmp/libpod"
exit 5
fi
mkdir -p "$GOPATH/src/github.com/containers/"
# Symlinks don't work with Go
cp -a /tmp/libpod "$GOPATH/src/github.com/containers/"
cd "$GOPATH/src/github.com/containers/libpod"
ooe.sh sudo make install.libseccomp.sudo
fi
DEST="$GOPATH/src/github.com/opencontainers/runc"
rm -rf "$DEST"
ooe.sh git clone https://github.com/opencontainers/runc.git "$DEST"
cd "$DEST"
ooe.sh git fetch origin --tags
ooe.sh git checkout -q "$RUNC_COMMIT"
ooe.sh make static BUILDTAGS="seccomp selinux"
sudo install -m 755 runc /usr/bin/runc
}
install_buildah() {
echo "Installing buildah from latest upstream master"
req_env_var "GOPATH $GOPATH"
DEST="$GOPATH/src/github.com/containers/buildah"
rm -rf "$DEST"
ooe.sh git clone https://github.com/containers/buildah "$DEST"
cd "$DEST"
ooe.sh make
ooe.sh sudo make install
}
# Requires $GOPATH and $CRIO_COMMIT to be set
install_conmon(){
echo "Installing conmon from commit $CRIO_COMMIT"
req_env_var "
GOPATH $GOPATH
CRIO_COMMIT $CRIO_COMMIT
"
DEST="$GOPATH/src/github.com/kubernetes-sigs/cri-o.git"
rm -rf "$DEST"
ooe.sh git clone https://github.com/kubernetes-sigs/cri-o.git "$DEST"
cd "$DEST"
ooe.sh git fetch origin --tags
ooe.sh git checkout -q "$CRIO_COMMIT"
ooe.sh make
sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon
}
# Runs in testing VM, not image building
install_testing_dependencies() {
echo "Installing ginkgo, gomega, and easyjson into \$GOPATH=$GOPATH"
req_env_var "
GOPATH $GOPATH
GOSRC $GOSRC
"
cd "$GOSRC"
ooe.sh go get -u github.com/onsi/ginkgo/ginkgo
ooe.sh install -D -m 755 "$GOPATH"/bin/ginkgo /usr/bin/
ooe.sh go get github.com/onsi/gomega/...
ooe.sh go get -u github.com/mailru/easyjson/...
sudo install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/
}
install_packer_copied_files(){
# Install cni config, policy and registry config
sudo install -D -m 755 /tmp/libpod/cni/87-podman-bridge.conflist \
/etc/cni/net.d/87-podman-bridge.conflist
sudo install -D -m 755 /tmp/libpod/test/policy.json \
/etc/containers/policy.json
sudo install -D -m 755 /tmp/libpod/test/redhat_sigstore.yaml \
/etc/containers/registries.d/registry.access.redhat.com.yaml
}
install_varlink(){
echo "Installing varlink from the cheese-factory"
ooe.sh sudo -H pip3 install varlink
}
_finalize(){
echo "Removing leftover giblets from cloud-init"
cd /
sudo rm -rf /var/lib/cloud
sudo rm -rf /root/.ssh/*
sudo rm -rf /home/*
}
rh_finalize(){
# Allow root ssh-logins
if [[ -r /etc/cloud/cloud.cfg ]]
then
sudo sed -re 's/^disable_root:.*/disable_root: 0/g' -i /etc/cloud/cloud.cfg
fi
echo "Resetting to fresh-state for usage as cloud-image."
sudo $(type -P dnf || type -P yum) clean all
sudo rm -rf /var/cache/{yum,dnf}
sudo rm -f /etc/udev/rules.d/*-persistent-*.rules
sudo touch /.unconfigured # force firstboot to run
_finalize
}
ubuntu_finalize(){
echo "Resetting to fresh-state for usage as cloud-image."
sudo rm -rf /var/cache/apt
_finalize
}

39
contrib/cirrus/ooe.sh Executable file
View File

@ -0,0 +1,39 @@
#!/bin/bash
# This script executes a command while logging all output to a temporary
# file. If the command exits non-zero, then all output is sent to the console,
# before returning the exit code. If the script itself fails, the exit code 121
# is returned.
set -eo pipefail
SCRIPT_PATH="$0"
badusage() {
echo "Incorrect usage: $(basename $SCRIPT_PATH) <command> [options]" > /dev/stderr
echo "ERROR: $1"
exit 121
}
COMMAND="$@"
[[ -n "$COMMAND" ]] || badusage "No command specified"
OUTPUT_TMPFILE="$(mktemp -p '' $(basename $0)_output_XXXX)"
output_on_error() {
RET=$?
set +e
if [[ "$RET" -ne "0" ]]
then
echo "---------------------------"
cat "$OUTPUT_TMPFILE"
echo "[$(date --iso-8601=second)] <exit $RET> $COMMAND"
fi
rm -f "$OUTPUT_TMPFILE"
}
trap "output_on_error" EXIT
"$@" 2>&1 | while IFS='' read LINE # Preserve leading/trailing whitespace
do
# Every stdout and (copied) stderr line
echo "[$(date --iso-8601=second)] $LINE"
done >> "$OUTPUT_TMPFILE"

2
contrib/cirrus/packer/README.md Normal file
View File

@ -0,0 +1,2 @@
These are definitions and scripts consumed by packer to produce the
various distribution images used for CI testing.

69
contrib/cirrus/packer/centos_setup.sh Normal file
View File

@ -0,0 +1,69 @@
#!/bin/bash
# This script is called by packer on the subject CentOS VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var "
SCRIPT_BASE $SCRIPT_BASE
CNI_COMMIT $CNI_COMMIT
CRIO_COMMIT $CRIO_COMMIT
"
install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
ooe.sh sudo yum -y update
ooe.sh sudo yum -y install centos-release-scl epel-release
ooe.sh sudo yum -y install \
atomic-registries \
btrfs-progs-devel \
bzip2 \
device-mapper-devel \
findutils \
glib2-devel \
glibc-static \
gnupg \
golang \
golang-github-cpuguy83-go-md2man \
golang-github-cpuguy83-go-md2man \
gpgme-devel \
iptables \
libassuan-devel \
libseccomp-devel \
libselinux-devel \
lsof \
make \
nmap-ncat \
ostree-devel \
python \
python3-dateutil \
python3-psutil \
python3-pytoml \
runc \
skopeo-containers \
unzip \
which \
xz
install_scl_git
install_cni_plugins
install_buildah
install_conmon
install_packer_copied_files
rh_finalize
echo "SUCCESS!"

72
contrib/cirrus/packer/fedora_setup.sh Normal file
View File

@ -0,0 +1,72 @@
#!/bin/bash
# This script is called by packer on the subject fedora VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var "
SCRIPT_BASE $SCRIPT_BASE
CNI_COMMIT $CNI_COMMIT
CRIO_COMMIT $CRIO_COMMIT
RUNC_COMMIT $RUNC_COMMIT
"
install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
# breaks networking on f28/29 in GCE
# ooe.sh sudo dnf update -y
ooe.sh sudo dnf install -y \
atomic-registries \
btrfs-progs-devel \
bzip2 \
conmon \
device-mapper-devel \
findutils \
git \
glib2-devel \
glibc-static \
gnupg \
golang \
golang-github-cpuguy83-go-md2man \
golang-github-cpuguy83-go-md2man \
gpgme-devel \
iptables \
libassuan-devel \
libseccomp-devel \
libselinux-devel \
lsof \
make \
nmap-ncat \
ostree-devel \
procps-ng \
python \
python3-dateutil \
python3-psutil \
python3-pytoml \
runc \
skopeo-containers \
slirp4netns \
which\
xz
install_varlink
install_cni_plugins
install_buildah
install_conmon
install_packer_copied_files
rh_finalize # N/B: Halts system!
echo "SUCCESS!"

124
contrib/cirrus/packer/libpod_images.json Normal file
View File

@ -0,0 +1,124 @@
{
"variables": {
"CNI_COMMIT": "{{env `CNI_COMMIT`}}",
"CRIO_COMMIT": "{{env `CRIO_COMMIT`}}",
"RUNC_COMMIT": "{{env `RUNC_COMMIT`}}",
"CENTOS_BASE_IMAGE": "{{env `CENTOS_BASE_IMAGE`}}" ,
"UBUNTU_BASE_IMAGE": "{{env `UBUNTU_BASE_IMAGE`}}",
"FEDORA_BASE_IMAGE": "{{env `FEDORA_BASE_IMAGE`}}",
"RHEL_BASE_IMAGE": "{{env `RHEL_BASE_IMAGE`}}",
"GOSRC": "{{env `GOSRC`}}",
"PACKER_BASE": "{{env `PACKER_BASE`}}",
"SCRIPT_BASE": "{{env `SCRIPT_BASE`}}",
"SERVICE_ACCOUNT": "{{env `SERVICE_ACCOUNT`}}",
"GCP_PROJECT_ID": "{{env `GCP_PROJECT_ID`}}",
"CIRRUS_BUILD_ID": "{{env `CIRRUS_BUILD_ID`}}",
"GCE_SSH_USERNAME": "{{env `GCE_SSH_USERNAME`}}",
"RHSM_COMMAND": "{{env `RHSM_COMMAND`}}"
},
"sensitive-variables": [
"GCP_PROJECT_ID", "SERVICE_ACCOUNT", "GCE_SSH_USERNAME", "RHSM_COMMAND"
],
"builders": [
{
"name": "rhel-7",
"type": "googlecompute",
"project_id": "{{user `GCP_PROJECT_ID`}}",
"zone": "us-central1-a",
"source_image": "{{user `RHEL_BASE_IMAGE`}}",
"image_name": "{{user `RHEL_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}",
"image_family": "{{user `RHEL_BASE_IMAGE`}}-libpod",
"service_account_email": "{{user `SERVICE_ACCOUNT`}}",
"communicator": "ssh",
"ssh_username": "ec2-user",
"ssh_pty": "true"
},{
"name": "centos-7",
"type": "googlecompute",
"project_id": "{{user `GCP_PROJECT_ID`}}",
"zone": "us-central1-a",
"source_image": "{{user `CENTOS_BASE_IMAGE`}}",
"image_name": "{{user `CENTOS_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}",
"image_family": "{{user `CENTOS_BASE_IMAGE`}}-libpod",
"service_account_email": "{{user `SERVICE_ACCOUNT`}}",
"communicator": "ssh",
"ssh_username": "{{user `GCE_SSH_USERNAME`}}",
"ssh_pty": "true"
},{
"name": "fedora-28",
"type": "googlecompute",
"project_id": "{{user `GCP_PROJECT_ID`}}",
"zone": "us-central1-a",
"source_image": "{{user `FEDORA_BASE_IMAGE`}}",
"image_name": "{{user `FEDORA_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}",
"image_family": "{{user `FEDORA_BASE_IMAGE`}}-libpod",
"service_account_email": "{{user `SERVICE_ACCOUNT`}}",
"communicator": "ssh",
"ssh_username": "fedora",
"ssh_pty": "true"
},{
"name": "ubuntu-18",
"type": "googlecompute",
"project_id": "{{user `GCP_PROJECT_ID`}}",
"zone": "us-central1-a",
"source_image": "{{user `UBUNTU_BASE_IMAGE`}}",
"image_name": "{{user `UBUNTU_BASE_IMAGE`}}-libpod-{{user `CIRRUS_BUILD_ID`}}",
"image_family": "{{user `UBUNTU_BASE_IMAGE`}}-libpod",
"service_account_email": "{{user `SERVICE_ACCOUNT`}}",
"communicator": "ssh",
"ssh_username": "{{user `GCE_SSH_USERNAME`}}",
"ssh_pty": "true"
}
],
"provisioners": [
{
"type": "file",
"source": "{{user `GOSRC`}}",
"destination": "/tmp/libpod"
},{
"type": "shell",
"only": ["rhel-7"],
"script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/rhel_setup.sh",
"environment_vars": [
"SCRIPT_BASE={{user `SCRIPT_BASE`}}",
"CNI_COMMIT={{user `CNI_COMMIT`}}",
"CRIO_COMMIT={{user `CRIO_COMMIT`}}",
"RUNC_COMMIT={{user `RUNC_COMMIT`}}",
"RHSM_COMMAND={{user `RHSM_COMMAND`}}"
]
},{
"type": "shell",
"only": ["centos-7"],
"script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/centos_setup.sh",
"environment_vars": [
"SCRIPT_BASE={{user `SCRIPT_BASE`}}",
"CNI_COMMIT={{user `CNI_COMMIT`}}",
"CRIO_COMMIT={{user `CRIO_COMMIT`}}",
"RUNC_COMMIT={{user `RUNC_COMMIT`}}"
]
},{
"type": "shell",
"only": ["fedora-28"],
"script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/fedora_setup.sh",
"environment_vars": [
"SCRIPT_BASE={{user `SCRIPT_BASE`}}",
"CNI_COMMIT={{user `CNI_COMMIT`}}",
"CRIO_COMMIT={{user `CRIO_COMMIT`}}",
"RUNC_COMMIT={{user `RUNC_COMMIT`}}"
]
},{
"type": "shell",
"only": ["ubuntu-18"],
"script": "{{user `GOSRC`}}/{{user `PACKER_BASE`}}/ubuntu_setup.sh",
"environment_vars": [
"SCRIPT_BASE={{user `SCRIPT_BASE`}}",
"CNI_COMMIT={{user `CNI_COMMIT`}}",
"CRIO_COMMIT={{user `CRIO_COMMIT`}}",
"RUNC_COMMIT={{user `RUNC_COMMIT`}}"
]
}
]
}

111
contrib/cirrus/packer/rhel_setup.sh Normal file
View File

@ -0,0 +1,111 @@
#!/bin/bash
# This script is called by packer on the subject CentOS VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var "
SCRIPT_BASE $SCRIPT_BASE
CNI_COMMIT $CNI_COMMIT
CRIO_COMMIT $CRIO_COMMIT
RHSM_COMMAND $RHSM_COMMAND
"
install_ooe
export GOPATH="$(mktemp -d)"
export RHSMCMD="$(mktemp)"
exit_handler() {
set +ex
cd /
sudo rm -rf "$RHSMCMD"
sudo rm -rf "$GOPATH"
sudo subscription-manager remove --all
sudo subscription-manager unregister
sudo subscription-manager clean
}
trap "exit_handler" EXIT
# Avoid logging sensitive details
echo "$RHSM_COMMAND" > "$RHSMCMD"
ooe.sh sudo bash "$RHSMCMD"
sudo rm -rf "$RHSMCMD"
ooe.sh sudo yum -y erase "rh-amazon-rhui-client*"
ooe.sh sudo subscription-manager repos "--disable=*"
ooe.sh sudo subscription-manager repos \
--enable=rhel-7-server-rpms \
--enable=rhel-7-server-optional-rpms \
--enable=rhel-7-server-extras-rpms \
--enable=rhel-server-rhscl-7-rpms
ooe.sh sudo yum -y update
# Frequently needed
ooe.sh sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Required for google to manage ssh keys
sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM
[google-cloud-compute]
name=google-cloud-compute
baseurl=https://packages.cloud.google.com/yum/repos/google-cloud-compute-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
ooe.sh sudo yum -y install \
atomic-registries \
btrfs-progs-devel \
bzip2 \
device-mapper-devel \
findutils \
glib2-devel \
glibc-static \
gnupg \
golang \
golang-github-cpuguy83-go-md2man \
golang-github-cpuguy83-go-md2man \
google-compute-engine \
google-compute-engine-oslogin \
gpgme-devel \
iptables \
libassuan-devel \
libseccomp-devel \
libselinux-devel \
lsof \
make \
nmap-ncat \
ostree-devel \
python \
python34-dateutil \
python34-psutil \
python34-pytoml \
runc \
skopeo-containers \
unzip \
which \
xz
install_scl_git
install_cni_plugins
install_buildah
install_conmon
install_packer_copied_files
exit_handler # release subscription!
rh_finalize
echo "SUCCESS!"

93
contrib/cirrus/packer/ubuntu_setup.sh Normal file
View File

@ -0,0 +1,93 @@
#!/bin/bash
# This script is called by packer on the subject Ubuntu VM, to setup the podman
# build/test environment. It's not intended to be used outside of this context.
set -e
# Load in library (copied by packer, before this script was run)
source /tmp/libpod/$SCRIPT_BASE/lib.sh
req_env_var "
SCRIPT_BASE $SCRIPT_BASE
CNI_COMMIT $CNI_COMMIT
CRIO_COMMIT $CRIO_COMMIT
RUNC_COMMIT $RUNC_COMMIT
"
install_ooe
export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT
ooe.sh sudo apt-get -qq update
ooe.sh sudo apt-get -qq update # sometimes it needs to get it twice :S
ooe.sh sudo apt-get -qq upgrade
ooe.sh sudo apt-get -qq install --no-install-recommends \
apparmor \
autoconf \
automake \
bison \
btrfs-tools \
build-essential \
curl \
e2fslibs-dev \
gawk \
gettext \
golang \
go-md2man \
iptables \
libaio-dev \
libapparmor-dev \
libcap-dev \
libdevmapper-dev \
libdevmapper1.02.1 \
libfuse-dev \
libglib2.0-dev \
libgpgme11-dev \
liblzma-dev \
libostree-dev \
libprotobuf-c0-dev \
libprotobuf-dev \
libtool \
libtool \
libudev-dev \
lsof \
netcat \
pkg-config \
protobuf-c-compiler \
protobuf-compiler \
python-minimal \
python3-dateutil \
python3-pip \
python3-psutil \
python3-pytoml \
python3-setuptools \
socat \
unzip \
xz-utils
echo "Fixing Ubuntu kernel not enabling swap accounting by default"
SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/g'
ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub.d/*
ooe.sh sudo sed -re "$SEDCMD" -i /etc/default/grub
ooe.sh sudo update-grub
install_runc
install_conmon
install_cni_plugins
install_buildah
install_packer_copied_files
install_varlink
sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora\
-o /etc/containers/registries.conf
ubuntu_finalize
echo "SUCCESS!"

77
contrib/cirrus/setup_environment.sh Executable file
View File

@ -0,0 +1,77 @@
#!/bin/bash
set -e
source $(dirname $0)/lib.sh
req_env_var "
CI $CI
USER $USER
HOME $HOME
ENVLIB $ENVLIB
SCRIPT_BASE $SCRIPT_BASE
CIRRUS_BUILD_ID $CIRRUS_BUILD_ID"
[[ "$SHELL" =~ "bash" ]] || chsh -s /bin/bash
cd "$CIRRUS_WORKING_DIR" # for clarity of initial conditions
# Verify basic dependencies
for depbin in go rsync unzip sha256sum curl make
do
if ! type -P "$depbin" &> /dev/null
then
echo "ERROR: $depbin binary not found in $PATH"
exit 2
fi
done
# Setup env. vars common to all tasks/scripts/platforms and
# ensure they return for every following script execution.
MARK="# Added by $0, manual changes will be lost."
touch "$HOME/$ENVLIB"
if ! grep -q "$MARK" "$HOME/$ENVLIB"
then
cp "$HOME/$ENVLIB" "$HOME/${ENVLIB}_original"
# N/B: Single-quote items evaluated every time, double-quotes only once (right now).
for envstr in \
"$MARK" \
"export HEAD=\"$CIRRUS_CHANGE_IN_REPO\"" \
"export TRAVIS=\"1\"" \
"export GOSRC=\"$CIRRUS_WORKING_DIR\"" \
"export OS_RELEASE_ID=\"$(os_release_id)\"" \
"export OS_RELEASE_VER=\"$(os_release_ver)\"" \
"export OS_REL_VER=\"${OS_RELEASE_ID}-${OS_RELEASE_VER}\"" \
"export GOPATH=\"/go\"" \
'export PATH="$HOME/bin:$GOPATH/bin:/usr/local/bin:$PATH"' \
'export LD_LIBRARY_PATH="/usr/local/lib${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}"'
do
# Make permanent in later shells, and set in current shell
X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
done
# Some setup needs to vary between distros
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
ubuntu-18)
envstr='export BUILDTAGS="seccomp $($GOSRC/hack/btrfs_tag.sh) $($GOSRC/hack/btrfs_installed_tag.sh) $($GOSRC/hack/ostree_tag.sh) varlink exclude_graphdriver_devicemapper"'
;;
fedora-28) ;& # Continue to the next item
centos-7) ;&
rhel-7)
envstr='unset BUILDTAGS' # Use default from Makefile
;;
*) bad_os_id_ver ;;
esac
X=$(echo "$envstr" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
# Do the same for golang env. vars
go env | while read envline
do
X=$(echo "export $envline" | tee -a "$HOME/$ENVLIB") && eval "$X" && echo "$X"
done
cd "${GOSRC}/"
source "$SCRIPT_BASE/lib.sh"
# Only testing-VMs need deps installed
[[ -n "$PACKER_BUILDS" ]] || install_testing_dependencies # must exist in $GOPATH
fi

30
contrib/cirrus/unit_test.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
set -e
source $(dirname $0)/lib.sh
req_env_var "
GOSRC $GOSRC
OS_RELEASE_ID $OS_RELEASE_ID
OS_RELEASE_VER $OS_RELEASE_VER
"
show_env_vars
set -x
cd "$GOSRC"
case "${OS_RELEASE_ID}-${OS_RELEASE_VER}" in
ubuntu-18)
make localunit "BUILDTAGS=$BUILDTAGS"
make "BUILDTAGS=$BUILDTAGS"
;;
fedora-28)
make localunit
make
;;
centos-7) ;& # Continue to the next item
rhel-7)
stub 'unit testing not working on $OS_RELEASE_ID'
;;
*) bad_os_id_ver ;;
esac