opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-10-10 15:57:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

Cirrus: Support testing with F31

Browse Source 
Signed-off-by: Chris Evich <cevich@redhat.com>
This commit is contained in:
Chris Evich
2019-08-28 12:39:36 -04:00
parent 3d37dc639d
commit e0ca4a2260
11 changed files with 218 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
.cirrus.yml
View File

@ -30,10 +30,9 @@ env:
#### ####
#### Cache-image names to test with (double-quotes around names are critical) #### Cache-image names to test with (double-quotes around names are critical)
### ###
_BUILT_IMAGE_SUFFIX: "libpod-5642998972416000" _BUILT_IMAGE_SUFFIX: "libpod-5874660151656448"
FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" FEDORA_CACHE_IMAGE_NAME: "fedora-31-${_BUILT_IMAGE_SUFFIX}"
PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
SPECIAL_FEDORA_CACHE_IMAGE_NAME: "xfedora-30-${_BUILT_IMAGE_SUFFIX}"
UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-19-${_BUILT_IMAGE_SUFFIX}"
PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}" PRIOR_UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
@ -143,11 +142,16 @@ gating_task:
on_failure: on_failure:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
# This task checks to make sure that we can still build an rpm from the # This task checks to make sure that we can still build an rpm from the
# source code using contrib/rpm/podman.spec.in # source code using contrib/rpm/podman.spec.in
rpmbuild_task: rpmbuild_task:
only_if: $CIRRUS_BRANCH != $DEST_BRANCH only_if: >-
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' &&
$CIRRUS_BRANCH != $DEST_BRANCH
depends_on: depends_on:
- "gating" - "gating"
env: env:
@ -246,12 +250,8 @@ build_each_commit_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
gce_instance: gce_instance:
image_project: "libpod-218412"
zone: "us-central1-a" # Required by Cirrus for the time being
cpu: 8 cpu: 8
memory: "8Gb" memory: "8Gb"
disk: 200
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
timeout_in: 30m timeout_in: 30m
@ -279,12 +279,8 @@ build_without_cgo_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
gce_instance: gce_instance:
image_project: "libpod-218412"
zone: "us-central1-a" # Required by Cirrus for the time being
cpu: 8 cpu: 8
memory: "8Gb" memory: "8Gb"
disk: 200
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
timeout_in: 30m timeout_in: 30m
@ -317,7 +313,6 @@ meta_task:
IMGNAMES: >- IMGNAMES: >-
${FEDORA_CACHE_IMAGE_NAME} ${FEDORA_CACHE_IMAGE_NAME}
${PRIOR_FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
${SPECIAL_FEDORA_CACHE_IMAGE_NAME}
${UBUNTU_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME}
${PRIOR_UBUNTU_CACHE_IMAGE_NAME} ${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
${IMAGE_BUILDER_CACHE_IMAGE_NAME} ${IMAGE_BUILDER_CACHE_IMAGE_NAME}
@ -377,8 +372,7 @@ testing_task:
gce_instance: gce_instance:
matrix: matrix:
# Images are generated separately, from build_images_task (below) image_name: "${FEDORA_CACHE_IMAGE_NAME}"
#image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}" image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
# Multiple test failures on Ubuntu 19 - Fixes TBD in future PR # Multiple test failures on Ubuntu 19 - Fixes TBD in future PR
# TODO: image_name: "${UBUNTU_CACHE_IMAGE_NAME}" # TODO: image_name: "${UBUNTU_CACHE_IMAGE_NAME}"
@ -466,6 +460,12 @@ special_testing_in_podman_task:
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' && $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
# Make sure F31 container images can run podman on F30 or F31 host
gce_instance:
matrix:
image_name: "${FEDORA_CACHE_IMAGE_NAME}"
image_name: "${PRIOR_FEDORA_CACHE_IMAGE_NAME}"
env: env:
ADD_SECOND_PARTITION: true ADD_SECOND_PARTITION: true
SPECIALMODE: 'in_podman' # See docs SPECIALMODE: 'in_podman' # See docs
@ -519,39 +519,6 @@ special_testing_cross_task:
type: "application/octet-stream" type: "application/octet-stream"
special_testing_cgroupv2_task:
depends_on:
- "gating"
- "varlink_api"
- "vendor"
only_if: >-
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
gce_instance:
image_name: "${SPECIAL_FEDORA_CACHE_IMAGE_NAME}"
env:
SPECIALMODE: 'cgroupv2' # See docs
matrix:
TEST_REMOTE_CLIENT: true
TEST_REMOTE_CLIENT: false
timeout_in: 120m
networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh'
setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
on_failure:
failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
always:
<<: *standardlogs
special_testing_bindings_task: special_testing_bindings_task:
depends_on: depends_on:
@ -577,6 +544,7 @@ special_testing_bindings_task:
always: always:
<<: *standardlogs <<: *standardlogs
special_testing_endpoint_task: special_testing_endpoint_task:
depends_on: depends_on:
@ -603,22 +571,6 @@ special_testing_endpoint_task:
<<: *standardlogs <<: *standardlogs
test_building_snap_task:
depends_on:
- "gating"
only_if: >-
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
$CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
container:
image: yakshaveinc/snapcraft:core18
snapcraft_script:
- 'apt-get -y update'
- 'cd contrib/snapcraft && snapcraft'
# Test building of new cache-images for future PR testing, in this PR. # Test building of new cache-images for future PR testing, in this PR.
test_build_cache_images_task: test_build_cache_images_task:
@ -677,12 +629,13 @@ verify_test_built_images_task:
matrix: matrix:
# Required env. var. by check_image_script # Required env. var. by check_image_script
PACKER_BUILDER_NAME: "fedora-30" PACKER_BUILDER_NAME: "fedora-30"
#PACKER_BUILDER_NAME: "fedora-31" PACKER_BUILDER_NAME: "fedora-31"
PACKER_BUILDER_NAME: "xfedora-30"
PACKER_BUILDER_NAME: "ubuntu-18" PACKER_BUILDER_NAME: "ubuntu-18"
# TODO support $UBUNTU_CACHE_IMAGE_NAME: PACKER_BUILDER_NAME: "ubuntu-19" # Multiple test failures on ${UBUNTU_CACHE_IMAGE_NAME}
# PACKER_BUILDER_NAME: "ubuntu-19"
networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh' networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh'
installed_packages_script: '$SCRIPT_BASE/logcollector.sh packages'
environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
# Verify expectations once per image # Verify expectations once per image
check_image_script: >- check_image_script: >-
@ -691,44 +644,60 @@ verify_test_built_images_task:
# Note: A truncated form of normal testing. It only needs to confirm new images # Note: A truncated form of normal testing. It only needs to confirm new images
# "probably" work. A full round of testing will happen again after $*_CACHE_IMAGE_NAME # "probably" work. A full round of testing will happen again after $*_CACHE_IMAGE_NAME
# are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***'). # are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***').
integration_test_script: >- integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
[[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}
build_release_script: '$SCRIPT_BASE/build_release.sh |& ${TIMESTAMP}' build_release_script: '$SCRIPT_BASE/build_release.sh |& ${TIMESTAMP}'
system_test_script: >- system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}'
[[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}
always: always:
<<: *standardlogs <<: *standardlogs
#upload_snap_task:
# only_if: >- #test_building_snap_task:
# $CIRRUS_BRANCH != $DEST_BRANCH && #
# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' && # depends_on:
# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' # - "gating"
# #
# # Only when PR or branch is merged into master # only_if: >-
# # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
# depends_on: # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
# - "test_building_snap" #
# # container:
# container: # image: yakshaveinc/snapcraft:core18
# image: yakshaveinc/snapcraft:core18 # snapcraft_script:
# # - 'apt-get -y update'
# env: # - 'cd contrib/snapcraft && snapcraft'
# SNAPCRAFT_LOGIN: ENCRYPTED[d8e82eb31c6372fec07f405f413d57806026b1a9f8400033531ebcd54d6750a5e4a8b1f68e3ec65c98c65e0d9b2a6a75] #
# snapcraft_login_file: #
# path: /root/.snapcraft/login.cfg #upload_snap_task:
# variable_name: SNAPCRAFT_LOGIN # only_if: >-
# snapcraft_script: # $CIRRUS_BRANCH != $DEST_BRANCH &&
# - 'apt-get -y update' # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' &&
# - 'snapcraft login --with "/root/.snapcraft/login.cfg"' # $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*'
# - 'cd contrib/snapcraft && snapcraft && snapcraft push *.snap --release edge' #
# # Only when PR or branch is merged into master
#
# depends_on:
# - "test_building_snap"
#
# container:
# image: yakshaveinc/snapcraft:core18
#
# env:
# SNAPCRAFT_LOGIN: ENCRYPTED[d8e82eb31c6372fec07f405f413d57806026b1a9f8400033531ebcd54d6750a5e4a8b1f68e3ec65c98c65e0d9b2a6a75]
# snapcraft_login_file:
# path: /root/.snapcraft/login.cfg
# variable_name: SNAPCRAFT_LOGIN
# snapcraft_script:
# - 'apt-get -y update'
# - 'snapcraft login --with "/root/.snapcraft/login.cfg"'
# - 'cd contrib/snapcraft && snapcraft && snapcraft push *.snap --release edge'
docs_task: docs_task:
# Don't run this when building/testing new VM images
only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*'
depends_on: depends_on:
- "gating" - "gating"
@ -757,12 +726,10 @@ success_task:
- "rpmbuild" - "rpmbuild"
- "special_testing_rootless" - "special_testing_rootless"
- "special_testing_in_podman" - "special_testing_in_podman"
- "special_testing_cgroupv2"
- "special_testing_cross" - "special_testing_cross"
- "special_testing_endpoint" - "special_testing_endpoint"
- "special_testing_bindings" - "special_testing_bindings"
- "test_build_cache_images" - "test_build_cache_images"
- "test_building_snap"
- "verify_test_built_images" - "verify_test_built_images"
- "docs" - "docs"

35
contrib/cirrus/README.md
View File

@ -216,10 +216,10 @@ the ``cache_images`` Task) some input parameters are required:
to limit the base-images produced. For example, to limit the base-images produced. For example,
``PACKER_BUILDS=fedora,image-builder-image``. ``PACKER_BUILDS=fedora,image-builder-image``.
If there is an existing 'image-builder-image' within GCE, it may be utilized If there is no existing 'image-builder-image' within GCE, a new
to produce base-images (in addition to cache-images). However it must be one may be bootstrapped by creating a CentOS 7 VM with support for
created with support for nested-virtualization, and with elevated cloud nested-virtualization, and with elevated cloud privileges (to access
privileges (to access GCE, from within the GCE VM). For example: GCE, from within the GCE VM). For example:
``` ```
$ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID $ alias pgcloud='sudo podman run -it --rm -e AS_ID=$UID
@ -229,34 +229,33 @@ $ URL=https://www.googleapis.com/auth
$ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control $ SCOPES=$URL/userinfo.email,$URL/compute,$URL/devstorage.full_control
# The --min-cpu-platform is critical for nested-virt. # The --min-cpu-platform is critical for nested-virt.
$ pgcloud compute instances create $USER-making-images \ $ pgcloud compute instances create $USER-image-builder \
--image-family image-builder-image \ --image-family centos-7 \
--boot-disk-size "200GB" \ --boot-disk-size "200GB" \
--min-cpu-platform "Intel Haswell" \ --min-cpu-platform "Intel Haswell" \
--machine-type n1-standard-2 \ --machine-type n1-standard-2 \
--scopes $SCOPES --scopes $SCOPES
``` ```
Alternatively, if there is no image-builder-image available yet, a bare-metal Then from that VM, execute the
CentOS 7 machine with network access to GCE is required. Software dependencies ``contrib/cirrus/packer/image-builder-image_base_setup.sh`` script.
can be obtained from the ``packer/image-builder-image_base_setup.sh`` script. Shutdown the VM, and convert it into a new image-builder-image.
In both cases, the following can be used to setup and build base-images. Building new base images is done by first creating a VM from an
image-builder-image and copying the credentials json file to it.
``` ```
$ IP_ADDRESS=1.2.3.4 # EXTERNAL_IP from command output above $ hack/get_ci_vm.sh image-builder-image-1541772081
$ rsync -av $PWD centos@$IP_ADDRESS:. ...in another terminal...
$ scp $GOOGLE_APPLICATION_CREDENTIALS centos@$IP_ADDRESS:. $ pgcloud compute scp /path/to/gac.json $USER-image-builder-image-1541772081:.
$ ssh centos@$IP_ADDRESS
...
``` ```
When ready, change to the ``packer`` sub-directory, and build the images: Then, on the VM, change to the ``packer`` sub-directory, and build the images:
``` ```
$ cd libpod/contrib/cirrus/packer $ cd libpod/contrib/cirrus/packer
$ make libpod_base_images GCP_PROJECT_ID=<VALUE> \ $ make libpod_base_images GCP_PROJECT_ID=<VALUE> \
GOOGLE_APPLICATION_CREDENTIALS=<VALUE> \ GOOGLE_APPLICATION_CREDENTIALS=/path/to/gac.json \
PACKER_BUILDS=<OPTIONAL> PACKER_BUILDS=<OPTIONAL>
``` ```
@ -283,7 +282,5 @@ values follows:
* `rootless`: Causes a random, ordinary user account to be created * `rootless`: Causes a random, ordinary user account to be created
and utilized for testing. and utilized for testing.
* `in_podman`: Causes testing to occur within a container executed by * `in_podman`: Causes testing to occur within a container executed by
Podman on the host.
* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
* `windows`: See **darwin** * `windows`: See **darwin**
* `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client. * `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.

14
contrib/cirrus/integration_test.sh
View File

@ -36,16 +36,6 @@ case "$SPECIALMODE" in
-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
-o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
;; ;;
cgroupv2)
setenforce 0
dnf install -y crun
export OCI_RUNTIME=/usr/bin/crun
make
make install PREFIX=/usr ETCDIR=/etc
make install.config PREFIX=/usr
make test-binaries
make local${TESTSUITE}
;;
endpoint) endpoint)
make make
make install PREFIX=/usr ETCDIR=/etc make install PREFIX=/usr ETCDIR=/etc
@ -53,9 +43,9 @@ case "$SPECIALMODE" in
make endpoint make endpoint
;; ;;
bindings) bindings)
make make
make install PREFIX=/usr ETCDIR=/etc make install PREFIX=/usr ETCDIR=/etc
cd pkg/bindings/test && ginkgo -r cd pkg/bindings/test && ginkgo -r
;; ;;
none) none)
make make

24
contrib/cirrus/lib.sh
View File

@ -7,10 +7,10 @@
source /etc/environment # not always loaded under all circumstances source /etc/environment # not always loaded under all circumstances
# Under some contexts these values are not set, make sure they are. # Under some contexts these values are not set, make sure they are.
USER="$(whoami)" export USER="$(whoami)"
HOME="$(getent passwd $USER | cut -d : -f 6)" export HOME="$(getent passwd $USER | cut -d : -f 6)"
[[ -n "$UID" ]] || UID=$(getent passwd $USER | cut -d : -f 3) [[ -n "$UID" ]] || export UID=$(getent passwd $USER | cut -d : -f 3)
GID=$(getent passwd $USER | cut -d : -f 4) export GID=$(getent passwd $USER | cut -d : -f 4)
# Essential default paths, many are overridden when executing under Cirrus-CI # Essential default paths, many are overridden when executing under Cirrus-CI
export GOPATH="${GOPATH:-/var/tmp/go}" export GOPATH="${GOPATH:-/var/tmp/go}"
@ -59,13 +59,13 @@ PACKER_VER="1.4.2"
# CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
# Base-images rarely change, define them here so they're out of the way. # Base-images rarely change, define them here so they're out of the way.
export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-30,xfedora-30,fedora-29}" export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,ubuntu-19,fedora-31,fedora-30}"
# Google-maintained base-image names # Manually produced base-image names (see $SCRIPT_BASE/README.md)
export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724" export UBUNTU_BASE_IMAGE="ubuntu-1904-disco-v20190724"
export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a" export PRIOR_UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
# Manually produced base-image names (see $SCRIPT_BASE/README.md) # Manually produced base-image names (see $SCRIPT_BASE/README.md)
export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410"
export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1541789245" export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410"
export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}"
# IN_PODMAN container image # IN_PODMAN container image
IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest" IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest"
@ -79,8 +79,8 @@ SUDOAPTADD="ooe.sh sudo -E add-apt-repository --yes"
# Regex that finds enabled periodic apt configuration items # Regex that finds enabled periodic apt configuration items
PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;' PERIODIC_APT_RE='^(APT::Periodic::.+")1"\;'
# Short-cuts for retrying/timeout calls # Short-cuts for retrying/timeout calls
LILTO="timeout_attempt_delay_command 24s 5 30s" LILTO="timeout_attempt_delay_command 120s 5 30s"
BIGTO="timeout_attempt_delay_command 300s 5 30s" BIGTO="timeout_attempt_delay_command 300s 5 60s"
# Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately) # Safe env. vars. to transfer from root -> $ROOTLESS_USER (go env handled separately)
ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)' ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(.*FILEPATH)|(SOURCE.*)|(DEPEND.*)|(.+_DEPS_.+)|(OS_REL.*)|(.+_ENV_RE)|(TRAVIS)|(CI.+)|(TEST_REMOTE.*)'
@ -178,8 +178,7 @@ die() {
} }
warn() { warn() {
echo ">>>>> ${2:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr echo ">>>>> ${1:-WARNING (but no message given!) in ${FUNCNAME[1]}()}" > /dev/stderr
echo ${1:-1} > /dev/stdout
} }
bad_os_id_ver() { bad_os_id_ver() {
@ -456,7 +455,6 @@ _finalize() {
echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS" echo "Could not find any files in $CUSTOM_CLOUD_CONFIG_DEFAULTS"
fi fi
echo "Re-initializing so next boot does 'first-boot' setup again." echo "Re-initializing so next boot does 'first-boot' setup again."
sudo history -c
cd / cd /
sudo rm -rf /var/lib/cloud/instanc* sudo rm -rf /var/lib/cloud/instanc*
sudo rm -rf /root/.ssh/* sudo rm -rf /root/.ssh/*

11
contrib/cirrus/packer/Makefile
View File

@ -1,9 +1,4 @@
PACKER_VER ?= 1.4.3
# N/B: PACKER_BUILDS variable is required. Should contain CSV of
# builder name(s) from applicable YAML file,
# e.g for names see libpod_images.yml
PACKER_VER ?= 1.4.2
GOARCH=$(shell go env GOARCH) GOARCH=$(shell go env GOARCH)
ARCH=$(uname -m) ARCH=$(uname -m)
PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip PACKER_DIST_FILENAME := packer_${PACKER_VER}_linux_${GOARCH}.zip
@ -56,8 +51,9 @@ test: libpod_base_images.json libpod_images.json packer
.PHONY: libpod_images .PHONY: libpod_images
libpod_images: guard-PACKER_BUILDS libpod_images.json packer libpod_images: guard-PACKER_BUILDS libpod_images.json packer
./packer build -only=${PACKER_BUILDS} \ ./packer build \
-force \ -force \
$(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-var GOSRC=$(GOSRC) \ -var GOSRC=$(GOSRC) \
-var PACKER_BASE=$(PACKER_BASE) \ -var PACKER_BASE=$(PACKER_BASE) \
-var SCRIPT_BASE=$(SCRIPT_BASE) \ -var SCRIPT_BASE=$(SCRIPT_BASE) \
@ -82,6 +78,7 @@ cidata.iso: user-data meta-data
.PHONY: libpod_base_images .PHONY: libpod_base_images
libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer libpod_base_images: guard-GCP_PROJECT_ID guard-GOOGLE_APPLICATION_CREDENTIALS libpod_base_images.json cidata.iso cidata.ssh packer
PACKER_CACHE_DIR=/tmp ./packer build \ PACKER_CACHE_DIR=/tmp ./packer build \
$(shell test -z "${PACKER_BUILDS}" || echo "-only=${PACKER_BUILDS}") \
-force \ -force \
-var TIMESTAMP=$(TIMESTAMP) \ -var TIMESTAMP=$(TIMESTAMP) \
-var TTYDEV=$(TTYDEV) \ -var TTYDEV=$(TTYDEV) \

176
contrib/cirrus/packer/fedora_setup.sh
View File

@ -15,100 +15,106 @@ install_ooe
export GOPATH="$(mktemp -d)" export GOPATH="$(mktemp -d)"
trap "sudo rm -rf $GOPATH" EXIT trap "sudo rm -rf $GOPATH" EXIT
ooe.sh sudo dnf update -y $BIGTO ooe.sh sudo dnf update -y
echo "Enabling updates-testing repository" echo "Enabling updates-testing repository"
ooe.sh sudo dnf install -y 'dnf-command(config-manager)' $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)'
ooe.sh sudo dnf config-manager --set-enabled updates-testing $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing
echo "Installing general build/test dependencies" echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'"
ooe.sh sudo dnf install -y \ REMOVE_PACKAGES=()
atomic-registries \ INSTALL_PACKAGES=(\
autoconf \ autoconf
automake \ automake
bash-completion \ bash-completion
bats \ bats
bridge-utils \ bridge-utils
btrfs-progs-devel \ btrfs-progs-devel
bzip2 \ bzip2
conmon \ conmon
container-selinux \ container-selinux
containernetworking-plugins \ containernetworking-plugins
containers-common \ containers-common
criu \ criu
device-mapper-devel \ device-mapper-devel
emacs-nox \ dnsmasq
file \ emacs-nox
findutils \ file
fuse3 \ findutils
fuse3-devel \ fuse3
gcc \ fuse3-devel
git \ gcc
glib2-devel \ git
glibc-static \ glib2-devel
gnupg \ glibc-static
go-md2man \ gnupg
golang \ go-md2man
golang-github-cpuguy83-go-md2man \ golang
gpgme-devel \ gpgme-devel
iproute \ iproute
iptables \ iptables
jq \ jq
libassuan-devel \ libassuan-devel
libcap-devel \ libcap-devel
libmsi1 \ libmsi1
libnet \ libnet
libnet-devel \ libnet-devel
libnl3-devel \ libnl3-devel
libseccomp \ libseccomp
libseccomp-devel \ libseccomp-devel
libselinux-devel \ libselinux-devel
libtool \ libtool
libvarlink-util \ libvarlink-util
lsof \ lsof
make \ make
msitools \ msitools
nmap-ncat \ nmap-ncat
pandoc \ pandoc
podman \ podman
procps-ng \ procps-ng
protobuf \ protobuf
protobuf-c \ protobuf-c
protobuf-c-devel \ protobuf-c-devel
protobuf-compiler \ protobuf-devel
protobuf-devel \ protobuf-python
protobuf-python \ python
python \ python3-dateutil
python2-future \ python3-psutil
python3-dateutil \ python3-pytoml
python3-psutil \ selinux-policy-devel
python3-pytoml \ skopeo
runc \ slirp4netns
selinux-policy-devel \ unzip
slirp4netns \ vim
unzip \ which
vim \ xz
which \
xz \
zip zip
)
case "$OS_RELEASE_VER" in
30)
INSTALL_PACKAGES+=(\
atomic-registries
golang-github-cpuguy83-go-md2man
python2-future
runc
)
;;
31)
INSTALL_PACKAGES+=(crun)
REMOVE_PACKAGES+=(runc)
;;
*)
bad_os_id_ver ;;
esac
$BIGTO ooe.sh sudo dnf install -y ${INSTALL_PACKAGES[@]}
[[ "${#REMOVE_PACKAGES[@]}" -eq "0" ]] || \
$LILTO ooe.sh sudo dnf erase -y ${REMOVE_PACKAGES[@]}
# Ensure there are no disruptive periodic services enabled by default in image # Ensure there are no disruptive periodic services enabled by default in image
systemd_banish systemd_banish
sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
# Same script is used for several related contexts
case "$PACKER_BUILDER_NAME" in
xfedora*)
echo "Configuring CGroups v2 enabled on next boot"
sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
sudo dnf install -y crun
;& # continue to next matching item
*)
echo "Finalizing $PACKER_BUILDER_NAME VM image"
;;
esac
rh_finalize rh_finalize

6
contrib/cirrus/packer/image-builder-image_base-setup.sh
View File

@ -31,10 +31,8 @@ ooe.sh sudo yum -y install \
libvirt-client \ libvirt-client \
libvirt-daemon \ libvirt-daemon \
make \ make \
python34 \ python36 \
python34 \ python36-PyYAML \
python34-PyYAML \
python34-PyYAML \
qemu-img \ qemu-img \
qemu-kvm \ qemu-kvm \
qemu-kvm-tools \ qemu-kvm-tools \

12
contrib/cirrus/packer/libpod_base_images.yml
View File

@ -17,14 +17,14 @@ variables:
PRIOR_UBUNTU_BASE_IMAGE: PRIOR_UBUNTU_BASE_IMAGE:
# Latest Fedora release # Latest Fedora release
FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2" FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-Base-31-1.9.x86_64.qcow2"
FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM" FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/31/Cloud/x86_64/images/Fedora-Cloud-31-1.9-x86_64-CHECKSUM"
FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2' FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-31-1-9'
# Prior Fedora release # Prior Fedora release
PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-Base-29-1.2.x86_64.qcow2" PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-Base-30-1.2.x86_64.qcow2"
PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/29/Cloud/x86_64/images/Fedora-Cloud-29-1.2-x86_64-CHECKSUM" PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/30/Cloud/x86_64/images/Fedora-Cloud-30-1.2-x86_64-CHECKSUM"
PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-29-1-2' # Name to use in GCE PRIOR_FEDORA_BASE_IMAGE_NAME: 'fedora-cloud-base-30-1-2'
# The name of the image in GCE used for packer build libpod_images.yml # The name of the image in GCE used for packer build libpod_images.yml
IBI_BASE_NAME: 'image-builder-image' IBI_BASE_NAME: 'image-builder-image'

15
contrib/cirrus/packer/libpod_images.yml
View File

@ -50,18 +50,13 @@ builders:
source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}' source_image: '{{user `PRIOR_UBUNTU_BASE_IMAGE`}}'
source_image_family: 'prior-ubuntu-base' source_image_family: 'prior-ubuntu-base'
- <<: *gce_hosted_image
name: 'fedora-31'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
source_image_family: 'fedora-base'
- <<: *gce_hosted_image - <<: *gce_hosted_image
name: 'fedora-30' name: 'fedora-30'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
source_image_family: 'fedora-base'
- <<: *gce_hosted_image
name: 'xfedora-30'
source_image: '{{user `FEDORA_BASE_IMAGE`}}'
source_image_family: 'fedora-base'
- <<: *gce_hosted_image
name: 'fedora-29'
source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}' source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
source_image_family: 'prior-fedora-base' source_image_family: 'prior-fedora-base'

4
contrib/cirrus/packer/ubuntu_setup.sh
View File

@ -59,6 +59,8 @@ $BIGTO $SUDOAPTGET install \
cri-o-runc \ cri-o-runc \
criu \ criu \
curl \ curl \
conmon \
dnsmasq \
e2fslibs-dev \ e2fslibs-dev \
emacs-nox \ emacs-nox \
file \ file \
@ -129,7 +131,7 @@ then
ooe.sh sudo update-grub ooe.sh sudo update-grub
fi fi
sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo /tmp/libpod/hack/install_catatonit.sh
ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
ubuntu_finalize ubuntu_finalize

16
contrib/cirrus/setup_environment.sh
View File

@ -47,6 +47,19 @@ case "${OS_RELEASE_ID}" in
setsebool container_manage_cgroup true setsebool container_manage_cgroup true
if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then
bash "$SCRIPT_BASE/add_second_partition.sh"; fi bash "$SCRIPT_BASE/add_second_partition.sh"; fi
if [[ "$OS_RELEASE_VER" == "31" ]]; then
warn "Testing with crun instead of runc"
X=$(echo "export export OCI_RUNTIME=/usr/bin/crun" | \
tee -a /etc/environment) && eval "$X" && echo "$X"
warn "Upgrading to the latest crun"
# Normally not something to do for stable testing
# but crun is new, and late-breaking fixes may be required
# on short notice
dnf update -y crun
warn "Setting SELinux into Permissive mode"
setenforce 0
fi
;; ;;
centos) # Current VM is an image-builder-image no local podman/testing centos) # Current VM is an image-builder-image no local podman/testing
echo "No further setup required for VM image building" echo "No further setup required for VM image building"
@ -62,9 +75,6 @@ source "$SCRIPT_BASE/lib.sh"
make install.tools make install.tools
case "$SPECIALMODE" in case "$SPECIALMODE" in
cgroupv2)
remove_packaged_podman_files # we're building from source
;;
none) none)
[[ -n "$CROSS_PLATFORM" ]] || \ [[ -n "$CROSS_PLATFORM" ]] || \
remove_packaged_podman_files remove_packaged_podman_files