Merge pull request #309 from cevich/update_rawhide_crun

Update windows CI VMs for hyper-v machine testing

.cirrus.yml

@@ -272,7 +272,6 @@ win_images_task:
     # Packer needs time to clean up partially created VM images
     auto_cancellation: $CI != "true"
     stateful: true
-    timeout_in: 45m
     # Packer WinRM communicator is not reliable on container tasks
     gce_instance:
         <<: *ibi_vm

IMG_SFX

@@ -1 +1 @@
-20230928t004553z-f39f38d13
+20231004t194547z-f39f38d13

cache_images/fedora_packaging.sh

@@ -206,29 +206,6 @@ DOWNLOAD_PACKAGES=(\
 msg "Installing general build/test dependencies"
 bigto $SUDO dnf install -y $EXARG "${INSTALL_PACKAGES[@]}"
 
-# FIXME: 2023-09-26: emergency upgrade to fix chmod-symlink bug
-if [[ $(date +%Y%m) -gt 202309 ]]; then
-    echo ""
-    echo "FATAL FATAL FATAL: REMOVE THIS TEMPORARY WORKAROUND"
-    echo
-    exit 1
-fi
-source /etc/os-release
-# shellcheck disable=SC2154
-if [[ $VERSION_ID -ge 38 ]]; then
-    arch=$(uname -m)
-    crunrpm=https://kojipkgs.fedoraproject.org//packages/crun/1.9.2/1.fc${VERSION_ID}/${arch}/crun-1.9.2-1.fc${VERSION_ID}.${arch}.rpm
-    msg "FIXME-2023-09-26: installing $crunrpm"
-    bigto $SUDO dnf -y install $crunrpm ${crunrpm/crun-/crun-wasm-}
-fi
-# FIXME FIXME FIXME: https://bugzilla.redhat.com/show_bug.cgi?id=2238149
-# shellcheck disable=SC2154
-if [[ $VERSION_ID -eq 39 ]] && [[ $(uname -m) == "x86_64" ]]; then
-    msg "FIXME-2023-09-27: installing pandoc-3.1.3-25"
-    bigto $SUDO dnf -y install https://kojipkgs.fedoraproject.org//work/tasks/7301/106797301/pandoc-3.1.3-25.fc40.x86_64.rpm \
-                               https://kojipkgs.fedoraproject.org//work/tasks/7301/106797301/pandoc-common-3.1.3-25.fc40.noarch.rpm
-fi
-
 msg "Downloading packages for optional installation at runtime, as needed."
 $SUDO mkdir -p "$PACKAGE_DOWNLOAD_DIR"
 cd "$PACKAGE_DOWNLOAD_DIR"

win_images/win-lib.ps1

@@ -0,0 +1,46 @@
+
+$ErrorActionPreference = "stop"
+
+Set-ExecutionPolicy Bypass -Scope Process -Force
+
+function Check-Exit {
+  param(
+    [parameter(ValueFromRemainingArguments = $true)]
+    [string[]] $codes = @(0)
+  )
+  if ($LASTEXITCODE -eq $null) {
+    return
+  }
+
+  foreach ($code in $codes) {
+    if ($LASTEXITCODE -eq $code) {
+      return
+    }
+  }
+
+  Exit $LASTEXITCODE
+}
+
+# Retry installation on failure or 5-minute timeout (for all packages)
+function retryInstall {
+    param([Parameter(ValueFromRemainingArguments)] [string[]] $pkgs)
+
+    foreach ($pkg in $pkgs) {
+        for ($retries = 0; ; $retries++) {
+            if ($retries -gt 5) {
+                throw "Could not install package $pkg"
+            }
+
+            if ($pkg -match '(.[^\@]+)@(.+)') {
+                $pkg = @("--version", $Matches.2, $Matches.1)
+            }
+
+            choco install -y --allow-downgrade --execution-timeout=300 $pkg
+            if ($LASTEXITCODE -eq 0) {
+                break
+            }
+            Write-Host "Error installing, waiting before retry..."
+            Start-Sleep -Seconds 6
+        }
+    }
+}

win_images/win-server-wsl.yml

@@ -17,19 +17,19 @@ builders:
       most_recent: true
       owners:
         - amazon
-    # While this image should run on metal, we can build it on smaller/cheaper systems 
+    # While this image should run on metal, we can build it on smaller/cheaper systems
     instance_type: t3.large
     force_deregister: true  # Remove AMI with same name if exists
     force_delete_snapshot: true  # Also remove snapshots of force-removed AMI
     # Note that we do not set shutdown_behavior to terminate, as a clean shutdown is required
     # for windows provisioning to complete successfully.
     communicator: winrm
-    winrm_username: Administrator # AWS provisions Administrator, unlike GCE 
+    winrm_username: Administrator # AWS provisions Administrator, unlike GCE
     winrm_insecure: true
     winrm_use_ssl: true
     winrm_timeout: 25m
     # Script that runs on server start, needed to prep and enable winrm
-    user_data_file: '{{template_dir}}/bootstrap.ps1' 
+    user_data_file: '{{template_dir}}/bootstrap.ps1'
     # Required for network access, must be the 'default' group used by Cirrus-CI
     security_group_id: "sg-042c75677872ef81c"
     ami_name: &ami_name '{{build_name}}-c{{user `IMG_SFX`}}'
@@ -53,18 +53,22 @@ builders:
 
 provisioners:
   - type: powershell
-    script: '{{template_dir}}/win_packaging.ps1'
-  - type: windows-restart
+    inline:
+      - '$ErrorActionPreference = "stop"'
+      - 'New-Item -Path "c:\" -Name "temp" -ItemType "directory" -Force'
+      - 'New-Item -Path "c:\temp" -Name "automation_images" -ItemType "directory" -Force'
+  - type: 'file'
+    source: '{{ pwd }}/'
+    destination: "c:\\temp\\automation_images\\"
   - type: powershell
     inline:
-      # Disable WinRM as a security precuation (cirrus launches an agent from user-data, so we don't need it)
-      - Set-Service winrm -StartupType Disabled
-      # Also disable RDP (can be enabled via user-data manually)
-      - Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1
-      - Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
-  # Setup Autologon and reset, must be last, due to pw change
+      - 'c:\temp\automation_images\win_images\win_packaging.ps1'
+  # Several installed items require a reboot, do that now in case it would
+  # cause a problem with final image preperations.
+  - type: windows-restart
   - type: powershell
-    script: '{{template_dir}}/auto_logon.ps1'
+    inline:
+      - 'c:\temp\automation_images\win_images\win_finalization.ps1'
 
 
 post-processors:
@@ -75,4 +79,3 @@ post-processors:
       IMG_SFX: '{{ user `IMG_SFX` }}'
       STAGE: cache
       TASK: '{{user `CIRRUS_TASK_ID`}}'
-

win_images/auto_logon.ps1 → win_images/win_finalization.ps1

@@ -1,6 +1,13 @@
-$ErrorActionPreference = "stop"
-$username = "Administrator"
 
+. $PSScriptRoot\win-lib.ps1
+
+# Disable WinRM as a security precuation (cirrus launches an agent from user-data, so we don't need it)
+Set-Service winrm -StartupType Disabled
+# Also disable RDP (can be enabled via user-data manually)
+Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1
+Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
+
+$username = "Administrator"
 # Temporary random password to allow autologon that will be replaced
 # before the instance is put into service.
 $syms = [char[]]([char]'a'..[char]'z'  `
@@ -15,8 +22,8 @@ $encPass = ConvertTo-SecureString $password -AsPlainText -Force
 Set-LocalUser -Name $username -Password $encPass
 
 $winLogon= "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"
-Set-ItemProperty $winLogon "AutoAdminLogon" -Value "1" -type String 
-Set-ItemProperty $winLogon "DefaultUsername" -Value $username -type String 
+Set-ItemProperty $winLogon "AutoAdminLogon" -Value "1" -type String
+Set-ItemProperty $winLogon "DefaultUsername" -Value $username -type String
 Set-ItemProperty $winLogon "DefaultPassword" -Value $password -type String
 
 # Lock the screen immediately, even though it's unattended, just in case
@@ -28,6 +35,6 @@ Set-ItemProperty `
 # NOTE: For now, we do not run sysprep, since initialization with reboots
 # are exceptionally slow on metal nodes, which these target to run. This
 # will lead to a duplicate machine id, which is not ideal, but allows
-# instances to start instantly. So, instead of sysprep, trigger a reset so
-# that the admin password reset, and activation rerun on boot
+# instances to start quickly. So, instead of sysprep, trigger a reset so
+# that the admin password reset, and activation rerun on boot.
 & 'C:\Program Files\Amazon\EC2Launch\ec2launch' reset --block

win_images/win_packaging.ps1

@@ -1,39 +1,32 @@
-function CheckExit {
-  param(
-    [parameter(ValueFromRemainingArguments = $true)]
-    [string[]] $codes = @(0)
-  )
-  if ($LASTEXITCODE -eq $null) {
-    return
-  }
-
-  foreach ($code in $codes) {
-    if ($LASTEXITCODE -eq $code) {
-      return
-    }
-  }
-
-  Exit $LASTEXITCODE
-}
 
+. $PSScriptRoot\win-lib.ps1
 
 # Disables runtime process virus scanning, which is not necessary
 Set-MpPreference -DisableRealtimeMonitoring 1
-$ErrorActionPreference = "stop"
 
-Set-ExecutionPolicy Bypass -Scope Process -Force
 [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
 iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
 
-# Install Git, BZ2 archive support, Go, and the MingW (GCC for Win) compiler for CGO support
-# Add pstools to workaorund sess 0 WSL bug
-choco install -y git mingw archiver psexec; CheckExit
-choco install golang --version 1.19.2 -y; CheckExit
+# Install basic required tooling.
+#   psexec needed to workaround session 0 WSL bug
+retryInstall git archiver psexec golang mingw; Check-Exit
+
+# Update service is required for dotnet
+Set-Service -Name wuauserv -StartupType "Manual"; Check-Exit
+
+# dotnet is required for wixtoolset
+# Allowing chocolaty to install dotnet breaks in an entirely
+# non-debuggable way.  Workaround this by installing it as
+# a server-feature first.
+Install-WindowsFeature -Name Net-Framework-Core; Check-Exit
+
+# Install wixtoolset for installer build & test.
+retryInstall wixtoolset; Check-Exit
 
 # Install Hyper-V
 Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart
 
 # Install WSL, and capture text output which is not normally visible
-$x = wsl --install; CheckExit 0 1 # wsl returns 1 on reboot required
-Write-Output $x
+$x = wsl --install; Check-Exit 0 1 # wsl returns 1 on reboot required
+Write-Host $x
 Exit 0