mirror of
				https://github.com/containers/podman.git
				synced 2025-10-25 02:04:43 +08:00 
			
		
		
		
	 bdd5f82458
			
		
	
	bdd5f82458
	
	
	
		
			
			The passthrough_env function was unnecessarily complicated, hence fragile. Clean it up, and add regression tests. For future reference: CI broke horribly because of this. Rootless tests all failed with missing CI_DESIRED_NETWORK. Root cause was that CIRRUS_CHANGE_TITLE had a trailing space which, because of shell indirection, passthrough_env() wrote as trailing backslash (not backslash-space) in the /etc/ci_environment file, which then caused the next line in the file to get glommed onto CIRRUS_CHANGE_TITLE. Signed-off-by: Ed Santiago <santiago@redhat.com>
		
			
				
	
	
		
			383 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			383 lines
		
	
	
		
			14 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| 
 | |
| # This script is intended to be executed early by automation before
 | |
| # performing other substantial operations.  It relies heavily on
 | |
| # desired setup information being passed in environment variables
 | |
| # from Cirrus-CI and/or other orchestration tooling.  To that end,
 | |
| # VM's must always be considered single-purpose, single-use,
 | |
| # disposable entities. i.e. One setup, one test, then always discarded.
 | |
| 
 | |
| set -e
 | |
| 
 | |
| # shellcheck source=./contrib/cirrus/lib.sh
 | |
| source $(dirname $0)/lib.sh
 | |
| 
 | |
| die_unknown() {
 | |
|     local var_name="$1"
 | |
|     req_env_vars var_name
 | |
|     local var_value="${!var_name}"
 | |
|     die "Unknown/unsupported \$$var_name '$var_value'"
 | |
| }
 | |
| 
 | |
| msg "************************************************************"
 | |
| msg "Setting up runtime environment"
 | |
| msg "************************************************************"
 | |
| show_env_vars
 | |
| 
 | |
| req_env_vars USER HOME GOSRC SCRIPT_BASE TEST_FLAVOR TEST_ENVIRON \
 | |
|              PODBIN_NAME PRIV_NAME DISTRO_NV DEST_BRANCH
 | |
| 
 | |
| # Verify basic dependencies
 | |
| for depbin in go rsync unzip sha256sum curl make python3 git
 | |
| do
 | |
|     if ! type -P "$depbin" &> /dev/null
 | |
|     then
 | |
|         warn "$depbin binary not found in $PATH"
 | |
|     fi
 | |
| done
 | |
| 
 | |
| cp hack/podman-registry /bin
 | |
| 
 | |
| # Some test operations & checks require a git "identity"
 | |
| _gc='git config --file /root/.gitconfig'
 | |
| $_gc user.email "TMcTestFace@example.com"
 | |
| $_gc user.name "Testy McTestface"
 | |
| # Bypass git safety/security checks when operating in a throwaway environment
 | |
| git config --system --add safe.directory $GOSRC
 | |
| 
 | |
| # Ensure that all lower-level contexts and child-processes have
 | |
| # ready access to higher level orchestration (e.g Cirrus-CI)
 | |
| # variables.
 | |
| echo -e "\n# Begin single-use VM global variables (${BASH_SOURCE[0]})" \
 | |
|     > "/etc/ci_environment"
 | |
| (
 | |
|     while read -r env_var; do
 | |
|         printf -- "%s=%q\n" "${env_var}" "${!env_var}"
 | |
|     done <<<"$(passthrough_envars)"
 | |
| ) >> "/etc/ci_environment"
 | |
| 
 | |
| # This is a possible manual maintenance gaff, check to be sure everything matches.
 | |
| # shellcheck disable=SC2154
 | |
| [[ "$DISTRO_NV" =~ $OS_REL_VER ]] || \
 | |
|     die "Automation spec. '$DISTRO_NV'; actual host '$OS_REL_VER'"
 | |
| 
 | |
| # Only allow this script to execute once
 | |
| if ((${SETUP_ENVIRONMENT:-0})); then
 | |
|     # Comes from automation library
 | |
|     # shellcheck disable=SC2154
 | |
|     warn "Not executing $SCRIPT_FILENAME again"
 | |
|     exit 0
 | |
| fi
 | |
| 
 | |
| cd "${GOSRC}/"
 | |
| 
 | |
| # Defined by lib.sh: Does the host support cgroups v1 or v2? Use runc or crun
 | |
| # respectively.
 | |
| # **IMPORTANT**: $OCI_RUNTIME is a fakeout! It is used only in e2e tests.
 | |
| # For actual podman, as in system tests, we force runtime in containers.conf
 | |
| case "$CG_FS_TYPE" in
 | |
|     tmpfs)
 | |
|         if ((CONTAINER==0)); then
 | |
|             warn "Forcing testing with runc instead of crun"
 | |
|             echo "OCI_RUNTIME=runc" >> /etc/ci_environment
 | |
|             printf "[engine]\nruntime=\"runc\"\n" >>/etc/containers/containers.conf
 | |
|         fi
 | |
|         ;;
 | |
|     cgroup2fs)
 | |
|         # Nothing to do: podman defaults to crun
 | |
|         ;;
 | |
|     *) die_unknown CG_FS_TYPE
 | |
| esac
 | |
| 
 | |
| if ((CONTAINER==0)); then  # Not yet running inside a container
 | |
|     # Discovered reemergence of BFQ scheduler bug in kernel 5.8.12-200
 | |
|     # which causes a kernel panic when system is under heavy I/O load.
 | |
|     # Disable the I/O scheduler (a.k.a. elevator) for all environments,
 | |
|     # leaving optimization up to underlying storage infrastructure.
 | |
|     testfs="/"  # mountpoint that experiences the most I/O during testing
 | |
|     msg "Querying block device owning partition hosting the '$testfs' filesystem"
 | |
|     # Need --nofsroot b/c btrfs appends subvolume label to `source` name
 | |
|     testdev=$(findmnt --canonicalize --noheadings --nofsroot \
 | |
|               --output source --mountpoint $testfs)
 | |
|     msg "    found partition: '$testdev'"
 | |
|     testdisk=$(lsblk --noheadings --output pkname --paths $testdev)
 | |
|     msg "    found block dev: '$testdisk'"
 | |
|     testsched="/sys/block/$(basename $testdisk)/queue/scheduler"
 | |
|     if [[ -n "$testdev" ]] && [[ -n "$testdisk" ]] && [[ -e "$testsched" ]]; then
 | |
|         msg "    Found active I/O scheduler: $(cat $testsched)"
 | |
|         if [[ ! "$(<$testsched)" =~ \[none\]  ]]; then
 | |
|             msg "    Disabling elevator for '$testsched'"
 | |
|             echo "none" > "$testsched"
 | |
|         else
 | |
|             msg "    Elevator already disabled"
 | |
|         fi
 | |
|     else
 | |
|         warn "Sys node for elevator doesn't exist: '$testsched'"
 | |
|     fi
 | |
| fi
 | |
| 
 | |
| # Which distribution are we testing on.
 | |
| case "$OS_RELEASE_ID" in
 | |
|     ubuntu) ;;
 | |
|     fedora)
 | |
|         if ((CONTAINER==0)); then
 | |
|             # All SELinux distros need this for systemd-in-a-container
 | |
|             msg "Enabling container_manage_cgroup"
 | |
|             setsebool container_manage_cgroup true
 | |
|         fi
 | |
|         ;;
 | |
|     *) die_unknown OS_RELEASE_ID
 | |
| esac
 | |
| 
 | |
| # Networking: force CNI or Netavark as requested in .cirrus.yml
 | |
| # (this variable is mandatory).
 | |
| # shellcheck disable=SC2154
 | |
| case "$CI_DESIRED_NETWORK" in
 | |
|     netavark)   use_netavark ;;
 | |
|     cni)        use_cni ;;
 | |
|     *)          die_unknown CI_DESIRED_NETWORK ;;
 | |
| esac
 | |
| 
 | |
| # Required to be defined by caller: The environment where primary testing happens
 | |
| # shellcheck disable=SC2154
 | |
| case "$TEST_ENVIRON" in
 | |
|     host)
 | |
|         # The e2e tests wrongly guess `--cgroup-manager` option
 | |
|         # shellcheck disable=SC2154
 | |
|         if [[ "$CG_FS_TYPE" == "cgroup2fs" ]] || [[ "$PRIV_NAME" == "root" ]]
 | |
|         then
 | |
|             warn "Forcing CGROUP_MANAGER=systemd"
 | |
|             echo "CGROUP_MANAGER=systemd" >> /etc/ci_environment
 | |
|         else
 | |
|             warn "Forcing CGROUP_MANAGER=cgroupfs"
 | |
|             echo "CGROUP_MANAGER=cgroupfs" >> /etc/ci_environment
 | |
|         fi
 | |
|         ;;
 | |
|     container)
 | |
|         if ((CONTAINER==0)); then  # not yet inside a container
 | |
|             warn "Force loading iptables modules"
 | |
|             # Since CRIU 3.11, uses iptables to lock and unlock
 | |
|             # the network during checkpoint and restore.  Needs
 | |
|             # the following two modules loaded on the host.
 | |
|             modprobe ip6table_nat || :
 | |
|             modprobe iptable_nat || :
 | |
|         else
 | |
|             warn "Forcing CGROUP_MANAGER=cgroupfs"
 | |
|             echo "CGROUP_MANAGER=cgroupfs" >> /etc/ci_environment
 | |
| 
 | |
|             # There's no practical way to detect userns w/in a container
 | |
|             # affected/related tests are sensitive to this variable.
 | |
|             warn "Disabling usernamespace integration testing"
 | |
|             echo "SKIP_USERNS=1" >> /etc/ci_environment
 | |
| 
 | |
|             # In F35 the hard-coded default
 | |
|             # (from containers-common-1-32.fc35.noarch) is 'journald' despite
 | |
|             # the upstream repository having this line commented-out.
 | |
|             # Containerized integration tests cannot run with 'journald'
 | |
|             # as there is no daemon/process there to receive them.
 | |
|             cconf="/usr/share/containers/containers.conf"
 | |
|             note="- commented-out by setup_environment.sh"
 | |
|             if grep -Eq '^log_driver.+journald' "$cconf"; then
 | |
|                 warn "Patching out $cconf journald log_driver"
 | |
|                 sed -r -i -e "s/^log_driver(.*)/# log_driver\1 $note/" "$cconf"
 | |
|             fi
 | |
|         fi
 | |
|         ;;
 | |
|     *) die_unknown TEST_ENVIRON
 | |
| esac
 | |
| 
 | |
| # Required to be defined by caller: Are we testing as root or a regular user
 | |
| case "$PRIV_NAME" in
 | |
|     root)
 | |
|         # shellcheck disable=SC2154
 | |
|         if [[ "$TEST_FLAVOR" = "sys" || "$TEST_FLAVOR" = "apiv2" ]]; then
 | |
|             # Used in local image-scp testing
 | |
|             setup_rootless
 | |
|             echo "PODMAN_ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
 | |
|             echo "PODMAN_ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment
 | |
|         fi
 | |
|         ;;
 | |
|     rootless)
 | |
|         # load kernel modules since the rootless user has no permission to do so
 | |
|         modprobe ip6_tables || :
 | |
|         modprobe ip6table_nat || :
 | |
|         setup_rootless
 | |
|         ;;
 | |
|     *) die_unknown PRIV_NAME
 | |
| esac
 | |
| 
 | |
| # shellcheck disable=SC2154
 | |
| if [[ -n "$ROOTLESS_USER" ]]; then
 | |
|     echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment
 | |
|     echo "ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment
 | |
| fi
 | |
| 
 | |
| # Required to be defined by caller: Are we testing podman or podman-remote client
 | |
| # shellcheck disable=SC2154
 | |
| case "$PODBIN_NAME" in
 | |
|     podman) ;;
 | |
|     remote) ;;
 | |
|     *) die_unknown PODBIN_NAME
 | |
| esac
 | |
| 
 | |
| # Required to be defined by caller: The primary type of testing that will be performed
 | |
| # shellcheck disable=SC2154
 | |
| case "$TEST_FLAVOR" in
 | |
|     validate)
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm
 | |
|         # For some reason, this is also needed for validation
 | |
|         make .install.pre-commit .install.gitvalidation
 | |
|         ;;
 | |
|     altbuild)
 | |
|         # Defined in .cirrus.yml
 | |
|         # shellcheck disable=SC2154
 | |
|         if [[ "$ALT_NAME" =~ RPM ]]; then
 | |
|             bigto dnf install -y glibc-minimal-langpack go-rpm-macros rpkg rpm-build shadow-utils-subid-devel
 | |
|         fi
 | |
|         ;;
 | |
|     docker-py)
 | |
|         remove_packaged_podman_files
 | |
|         make install PREFIX=/usr ETCDIR=/etc
 | |
| 
 | |
|         msg "Installing previously downloaded/cached packages"
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm
 | |
|         virtualenv .venv/docker-py
 | |
|         source .venv/docker-py/bin/activate
 | |
|         pip install --upgrade pip
 | |
|         pip install --requirement $GOSRC/test/python/requirements.txt
 | |
|         ;;
 | |
|     build) make clean ;;
 | |
|     unit)
 | |
|         make .install.ginkgo
 | |
|         ;;
 | |
|     compose_v2)
 | |
|         dnf -y remove docker-compose
 | |
|         curl -SL https://github.com/docker/compose/releases/download/v2.2.3/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
 | |
|         chmod +x /usr/local/bin/docker-compose
 | |
|         ;& # Continue with next item
 | |
|     apiv2)
 | |
|         msg "Installing previously downloaded/cached packages"
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/python3*.rpm
 | |
|         virtualenv .venv/requests
 | |
|         source .venv/requests/bin/activate
 | |
|         pip install --upgrade pip
 | |
|         pip install --requirement $GOSRC/test/apiv2/python/requirements.txt
 | |
|         ;&  # continue with next item
 | |
|     compose)
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-docker*
 | |
|         ;&  # continue with next item
 | |
|     int)
 | |
|         make .install.ginkgo
 | |
|         ;&
 | |
|     sys) ;&
 | |
|     upgrade_test) ;&
 | |
|     bud) ;&
 | |
|     bindings) ;&
 | |
|     endpoint)
 | |
|         # Use existing host bits when testing is to happen inside a container
 | |
|         # since this script will run again in that environment.
 | |
|         # shellcheck disable=SC2154
 | |
|         if [[ "$TEST_ENVIRON" =~ host ]]; then
 | |
|             if ((CONTAINER)); then
 | |
|                 die "Refusing to config. host-test in container";
 | |
|             fi
 | |
|             remove_packaged_podman_files
 | |
|             make install PREFIX=/usr ETCDIR=/etc
 | |
|         elif [[ "$TEST_ENVIRON" == "container" ]]; then
 | |
|             if ((CONTAINER)); then
 | |
|                 remove_packaged_podman_files
 | |
|                 make install PREFIX=/usr ETCDIR=/etc
 | |
|             fi
 | |
|         else
 | |
|             die "Invalid value for \$TEST_ENVIRON=$TEST_ENVIRON"
 | |
|         fi
 | |
| 
 | |
|         install_test_configs
 | |
|         ;;
 | |
|     minikube)
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/minikube-latest*
 | |
|         remove_packaged_podman_files
 | |
|         make install.tools
 | |
|         make install PREFIX=/usr ETCDIR=/etc
 | |
|         minikube config set driver podman
 | |
|         install_test_configs
 | |
|         ;;
 | |
|     machine)
 | |
|         dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-gvproxy*
 | |
|         remove_packaged_podman_files
 | |
|         make install PREFIX=/usr ETCDIR=/etc
 | |
|         install_test_configs
 | |
|         ;;
 | |
|     gitlab)
 | |
|         # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
 | |
|         # This sets up a special ubuntu environment exclusively for
 | |
|         # running the upstream gitlab-runner unit tests through
 | |
|         # podman as a drop-in replacement for the Docker daemon.
 | |
|         # Test and setup information can be found here:
 | |
|         # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/27270#note_499585550
 | |
|         #
 | |
|         # Unless you know what you're doing, and/or are in contact
 | |
|         # with the upstream gitlab-runner developers/community,
 | |
|         # please don't make changes willy-nilly to this setup.
 | |
|         # It's designed to follow upstream gitlab-runner development
 | |
|         # and alert us if any podman change breaks their foundation.
 | |
|         #
 | |
|         # That said, if this task does break in strange ways or requires
 | |
|         # updates you're unsure of.  Please consult with the upstream
 | |
|         # community through an issue near the one linked above.  If
 | |
|         # an extended period of breakage is expected, please un-comment
 | |
|         # the related `allow_failures: $CI == $CI` line in `.cirrus.yml`.
 | |
|         # ***WARNING*** ***WARNING*** ***WARNING*** ***WARNING***
 | |
| 
 | |
|         if [[ "$OS_RELEASE_ID" != "ubuntu" ]]; then
 | |
|             die "This test only runs on Ubuntu due to sheer laziness"
 | |
|         fi
 | |
| 
 | |
|         remove_packaged_podman_files
 | |
|         make install PREFIX=/usr ETCDIR=/etc
 | |
| 
 | |
|         msg "Installing docker and containerd"
 | |
|         # N/B: Tests check/expect `docker info` output, and this `!= podman info`
 | |
|         ooe.sh dpkg -i \
 | |
|             $PACKAGE_DOWNLOAD_DIR/containerd.io*.deb \
 | |
|             $PACKAGE_DOWNLOAD_DIR/docker-ce*.deb
 | |
| 
 | |
|         msg "Disabling docker service and socket activation"
 | |
|         systemctl stop docker.service docker.socket
 | |
|         systemctl disable docker.service docker.socket
 | |
|         rm -rf /run/docker*
 | |
|         # Guarantee the docker daemon can't be started, even by accident
 | |
|         rm -vf $(type -P dockerd)
 | |
| 
 | |
|         msg "Recursively chowning source to $ROOTLESS_USER"
 | |
|         chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
 | |
| 
 | |
|         msg "Obtaining necessary gitlab-runner testing bits"
 | |
|         slug="gitlab.com/gitlab-org/gitlab-runner"
 | |
|         helper_fqin="registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-latest-pwsh"
 | |
|         ssh="ssh $ROOTLESS_USER@localhost -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o CheckHostIP=no env GOPATH=$GOPATH"
 | |
|         showrun $ssh go install github.com/jstemmer/go-junit-report/v2@v2.0.0
 | |
|         showrun $ssh git clone https://$slug $GOPATH/src/$slug
 | |
|         showrun $ssh make -C $GOPATH/src/$slug development_setup
 | |
|         showrun $ssh bash -c "'cd $GOPATH/src/$slug && GOPATH=$GOPATH go get .'"
 | |
| 
 | |
|         showrun $ssh podman pull $helper_fqin
 | |
|         # Tests expect image with this exact name
 | |
|         showrun $ssh podman tag $helper_fqin \
 | |
|             docker.io/gitlab/gitlab-runner-helper:x86_64-latest-pwsh
 | |
|         ;;
 | |
|     swagger)
 | |
|         make .install.swagger
 | |
|         ;;
 | |
|     release) ;;
 | |
|     *) die_unknown TEST_FLAVOR
 | |
| esac
 | |
| 
 | |
| # Must be the very last command.  Prevents setup from running twice.
 | |
| echo 'SETUP_ENVIRONMENT=1' >> /etc/ci_environment
 | |
| echo -e "\n# End of global variable definitions" \
 | |
|     >> /etc/ci_environment
 | |
| 
 | |
| msg "Global CI Environment vars.:"
 | |
| grep -Ev '^#' /etc/ci_environment | sort | indent
 |