Merge pull request #8046 from cevich/simplify_environment

Cirrus: Simplify setting/passing env. vars.

contrib/cirrus/lib.sh

@@ -6,25 +6,23 @@
 # BEGIN Global export of all variables
 set -a
 
-if [[ "$CI" == "true" ]]; then
+# Due to differences across platforms and runtime execution environments,
-    # Due to differences across platforms and runtime execution environments,
+# handling of the (otherwise) default shell setup is non-uniform.  Rather
-    # handling of the (otherwise) default shell setup is non-uniform.  Rather
+# than attempt to workaround differences, simply force-load/set required
-    # than attempt to workaround differences, simply force-load/set required
+# items every time this library is utilized.
-    # items every time this library is utilized.
+source /etc/profile
-    source /etc/profile
+source /etc/environment
-    source /etc/environment
+if [[ -r "/etc/ci_environment" ]]; then source /etc/ci_environment; fi
-    USER="$(whoami)"
+USER="$(whoami)"
-    HOME="$(getent passwd $USER | cut -d : -f 6)"
+HOME="$(getent passwd $USER | cut -d : -f 6)"
-    # Some platforms set and make this read-only
+# Some platforms set and make this read-only
-    [[ -n "$UID" ]] || \
+[[ -n "$UID" ]] || \
     UID=$(getent passwd $USER | cut -d : -f 3)
-    GID=$(getent passwd $USER | cut -d : -f 4)
-fi
 
 # During VM Image build, the 'containers/automation' installation
-# was performed.  The final step of that installation sets the
+# was performed.  The final step of installation sets the library
-# installation location in $AUTOMATION_LIB_PATH in /etc/environment
+# location $AUTOMATION_LIB_PATH in /etc/environment or in the
-# or in the default shell profile.
+# default shell profile depending on distribution.
 # shellcheck disable=SC2154
 if [[ -n "$AUTOMATION_LIB_PATH" ]]; then
     for libname in defaults anchors console_output utils; do
@@ -88,8 +86,10 @@ CIRRUS_BUILD_ID=${CIRRUS_BUILD_ID:-$RANDOM$(date +%s)}  # must be short and uniq
 # The starting place for linting and code validation
 EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA"
 
-# Regex of env. vars. to explicitly pass when executing tests
+# Regex defining all CI-releated env. vars. necessary for all possible
-# inside a container or as a rootless user
+# testing operations on all platforms and versions.  This is necessary
+# to avoid needlessly passing through global/system values across
+# contexts, such as host->container or root->rootless user
 PASSTHROUGH_ENV_RE='(^CI.*)|(^CIRRUS)|(^DISTRO_NV)|(^GOPATH)|(^GOCACHE)|(^GOSRC)|(^SCRIPT_BASE)|(CGROUP_MANAGER)|(OCI_RUNTIME)|(^TEST.*)|(^PODBIN_NAME)|(^PRIV_NAME)|(^ALT_NAME)|(^ROOTLESS_USER)|(SKIP_USERNS)|(.*_NAME)|(.*_FQIN)'
 # Unsafe env. vars for display
 SECRET_ENV_RE='(ACCOUNT)|(GC[EP]..+)|(SSH)|(PASSWORD)|(TOKEN)'
@@ -107,10 +107,8 @@ lilto() { err_retry 8 1000 "" "$@"; }  # just over 4 minutes max
 bigto() { err_retry 7 5670 "" "$@"; }  # 12 minutes max
 
 # Print shell-escaped variable=value pairs, one per line, based on
-# variable name matching a regex.  This is intended to support
+# variable name matching a regex.  This is intended to catch
-# passthrough of CI variables from host -> container or from root -> user.
+# variables being passed down from higher layers, like Cirrus-CI.
-# For all other vars. we rely on tooling to load this library from inside
-# the container or as rootless user to pickup the remainder.
 passthrough_envars(){
     local xchars
     local envname
@@ -176,22 +174,7 @@ setup_rootless() {
         echo "${ROOTLESS_USER}:$[rootless_uid * 100]:65536" | \
             tee -a /etc/subuid >> /etc/subgid
 
-    # Env. vars set by Cirrus and setup_environment.sh must be explicitly
+    msg "Ensure the ssh daemon is up and running within 5 minutes"
-    # transferred to the test-user.
-    msg "Configuring rootless user's environment variables:"
-
-    (
-        echo "# Added by ${BASH_SOURCE[0]} ${FUNCNAME[0]}()"
-        echo "export SETUP_ENVIRONMENT=1"
-    ) >> "/home/$ROOTLESS_USER/.bashrc"
-
-    while read -r env_var_val; do
-        echo "export $env_var_val" >> "/home/$ROOTLESS_USER/.bashrc"
-    done <<<"$(passthrough_envars)"
-    chown $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.bashrc"
-    cat "/home/$ROOTLESS_USER/.bashrc" | indent 2
-
-    msg "Ensure the systems ssh process is up and running within 5 minutes"
     systemctl start sshd
     lilto ssh $ROOTLESS_USER@localhost \
            -o UserKnownHostsFile=/dev/null \

contrib/cirrus/runner.sh

@@ -40,7 +40,7 @@ function _run_automation() {
 
     req_env_vars CI DEST_BRANCH IMAGE_SUFFIX TEST_FLAVOR TEST_ENVIRON \
                  PODBIN_NAME PRIV_NAME DISTRO_NV CONTAINER USER HOME \
-                 UID GID AUTOMATION_LIB_PATH SCRIPT_BASE OS_RELEASE_ID \
+                 UID AUTOMATION_LIB_PATH SCRIPT_BASE OS_RELEASE_ID \
                  OS_RELEASE_VER CG_FS_TYPE
     bigto ooe.sh dnf install -y ShellCheck  # small/quick addition
     $SCRIPT_BASE/shellcheck.sh

contrib/cirrus/setup_environment.sh

@@ -1,5 +1,12 @@
 #!/usr/bin/env bash
 
+# This script is intended to be executed early by automation before
+# performing other substantial operations.  It relies heavily on
+# desired setup information being passed in environment variables
+# from Cirrus-CI and/or other orchestration tooling.  To that end,
+# VM's must always be considered single-purpose, single-use,
+# disposable entities. i.e. One setup, one test, then always discarded.
+
 set -e
 
 # shellcheck source=./contrib/cirrus/lib.sh
@@ -29,6 +36,17 @@ do
     fi
 done
 
+# Ensure that all lower-level contexts and child-processes have
+# ready access to higher level orchestration (e.g Cirrus-CI)
+# variables.
+echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
+    > "/etc/ci_environment"
+(
+    while read -r env_var_val; do
+        echo "$env_var_val"
+    done <<<"$(passthrough_envars)"
+) >> "/etc/ci_environment"
+
 # This is a possible manual maintenance gaff, check to be sure everything matches.
 # shellcheck disable=SC2154
 [[ "$DISTRO_NV" == "$OS_REL_VER" ]] || \
@@ -50,9 +68,9 @@ case "$CG_FS_TYPE" in
         if ((CONTAINER==0)); then
             warn "Forcing testing with runc instead of crun"
             if [[ "$OS_RELEASE_ID" == "ubuntu" ]]; then
-                echo "export OCI_RUNTIME=/usr/lib/cri-o-runc/sbin/runc" >> /etc/environment
+                echo "OCI_RUNTIME=/usr/lib/cri-o-runc/sbin/runc" >> /etc/ci_environment
             else
-                echo "export OCI_RUNTIME=runc" >> /etc/environment
+                echo "OCI_RUNTIME=runc" >> /etc/ci_environment
             fi
         fi
         ;;
@@ -61,7 +79,7 @@ case "$CG_FS_TYPE" in
             # This is necessary since we've built/installed from source,
             # which uses runc as the default.
             warn "Forcing testing with crun instead of runc"
-            echo "export OCI_RUNTIME=crun" >> /etc/environment
+            echo "OCI_RUNTIME=crun" >> /etc/ci_environment
         fi
         ;;
     *) die_unknown CG_FS_TYPE
@@ -91,15 +109,13 @@ case "$TEST_ENVIRON" in
     host)
         if [[ "$OS_RELEASE_ID" == "fedora" ]]; then
             # The e2e tests wrongly guess `--cgroup-manager cgroupfs`
-            msg "Forcing CGROUP_MANAGER=systemd"
+            warn "Forcing CGROUP_MANAGER=systemd"
-            _cgm="export CGROUP_MANAGER=systemd"
+            echo "CGROUP_MANAGER=systemd" >> /etc/ci_environment
-            echo "$_cgm" >> /etc/environment
-            source /etc/environment
         fi
         ;;
     container)
         if ((CONTAINER==0)); then  # not yet inside a container
-            msg "Force loading iptables modules"
+            warn "Force loading iptables modules"
             # Since CRIU 3.11, uses iptables to lock and unlock
             # the network during checkpoint and restore.  Needs
             # the following two modules loaded on the host.
@@ -107,10 +123,8 @@ case "$TEST_ENVIRON" in
             modprobe iptable_nat || :
         else
             # The e2e tests wrongly guess `--cgroup-manager systemd`
-            msg "Forcing CGROUP_MANAGER=cgroupfs"
+            warn "Forcing CGROUP_MANAGER=cgroupfs"
-            _cgm="export CGROUP_MANAGER=cgroupfs"
+            echo "CGROUP_MANAGER=cgroupfs" >> /etc/ci_environment
-            echo "$_cgm" >> /etc/environment
-            source /etc/environment
         fi
         ;;
     *) die_unknown TEST_ENVIRON
@@ -123,15 +137,14 @@ case "$PRIV_NAME" in
         if [[ "$TEST_ENVIRON" == "container" ]] && ((container)); then
             # There's no practical way to detect userns w/in a container
             # affected/related tests are sensitive to this variable.
-            _suns='export SKIP_USERNS=1'
+            warn "Disabling usernamespace integration testing"
-            echo "$_suns" >> /etc/environment
+            echo "SKIP_USERNS=1" >> /etc/ci_environment
-            source /etc/environment
         fi
         ;;
     rootless)
-        _ru="export ROOTLESS_USER='${ROOTLESS_USER:-some${RANDOM}dude}'"
+        # Needs to exist for setup_rootless()
-        echo "$_ru" >> /etc/environment
+        ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}"
-        source /etc/environment
+        echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
         setup_rootless
         ;;
     *) die_unknown PRIV_NAME
@@ -186,5 +199,10 @@ case "$TEST_FLAVOR" in
     *) die_unknown TEST_FLAVOR
 esac
 
-# Must be the very last command.  Establishes successful setup.
+# Must be the very last command.  Prevents setup from running twice.
-echo 'export SETUP_ENVIRONMENT=1' >> /etc/environment
+echo 'SETUP_ENVIRONMENT=1' >> /etc/ci_environment
+echo -e "\n# End of global variable definitions" \
+    >> /etc/ci_environment
+
+msg "Global CI Environment vars.:"
+cat /etc/ci_environment | sort | indent