Merge pull request #3607 from cevich/cgroup2_vm

Add another Fedora VM with cgroups v2 enabled

.cirrus.yml

@@ -28,11 +28,13 @@ env:
     TIMESTAMP: "awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk"
 
     ####
-    #### Cache-image names to test with
+    #### Cache-image names to test with (double-quotes around names are critical)
     ###
-    FEDORA_CACHE_IMAGE_NAME: "fedora-30-libpod-5789386598252544"
-    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5789386598252544"
-    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5789386598252544"
+    _BUILT_IMAGE_SUFFIX: "libpod-5751722641719296"
+    FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}"
+    PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-${_BUILT_IMAGE_SUFFIX}"
+    SPECIAL_FEDORA_CACHE_IMAGE_NAME: "xfedora-30-${_BUILT_IMAGE_SUFFIX}"
+    UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}"
 
     ####
     #### Variables for composing new cache-images (used in PR testing) from
@@ -262,6 +264,7 @@ meta_task:
         IMGNAMES: >-
             ${FEDORA_CACHE_IMAGE_NAME}
             ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
+            ${SPECIAL_FEDORA_CACHE_IMAGE_NAME}
             ${UBUNTU_CACHE_IMAGE_NAME}
             ${IMAGE_BUILDER_CACHE_IMAGE_NAME}
         BUILDID: "${CIRRUS_BUILD_ID}"
@@ -404,7 +407,6 @@ special_testing_rootless_task:
     env:
         ADD_SECOND_PARTITION: true
         SPECIALMODE: 'rootless'  # See docs
-
         matrix:
             TEST_REMOTE_CLIENT: true
             TEST_REMOTE_CLIENT: false
@@ -472,6 +474,36 @@ special_testing_cross_task:
         failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
 
 
+special_testing_cgroupv2_task:
+
+    depends_on:
+        - "gating"
+        - "varlink_api"
+        - "vendor"
+
+    only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*'
+
+    gce_instance:
+        image_name: "${SPECIAL_FEDORA_CACHE_IMAGE_NAME}"
+
+    env:
+        SPECIALMODE: 'cgroupv2'  # See docs
+        matrix:
+            TEST_REMOTE_CLIENT: true
+            TEST_REMOTE_CLIENT: false
+
+    timeout_in: 20m
+
+    setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
+    integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
+
+    on_failure:
+        failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh'
+
+    always:
+        <<: *standardlogs
+
+
 # Test building of new cache-images for future PR testing, in this PR.
 test_build_cache_images_task:
 
@@ -521,25 +553,35 @@ verify_test_built_images_task:
         - "test_build_cache_images"
 
     gce_instance:
-        matrix:
-            # Images are generated separately, from build_images_task (below)
-            image_name: "fedora-29${BUILT_IMAGE_SUFFIX}"
-            image_name: "fedora-30${BUILT_IMAGE_SUFFIX}"
-            image_name: "ubuntu-18${BUILT_IMAGE_SUFFIX}"
+        # Images generated by test_build_cache_images_task (above)
+        image_name: "${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
 
     env:
         ADD_SECOND_PARTITION: true
         matrix:
             TEST_REMOTE_CLIENT: true
             TEST_REMOTE_CLIENT: false
+        matrix:
+            # Required env. var. by check_image_script
+            PACKER_BUILDER_NAME: "fedora-29"
+            PACKER_BUILDER_NAME: "fedora-30"
+            PACKER_BUILDER_NAME: "xfedora-30"
+            PACKER_BUILDER_NAME: "ubuntu-18"
 
+    environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
+    # Verify expectations once per image
+    check_image_script: >-
+        [[ "$TEST_REMOTE_CLIENT" == "false" ]] || \
+            $SCRIPT_BASE/check_image.sh |& ${TIMESTAMP}
     # Note: A truncated form of normal testing. It only needs to confirm new images
     # "probably" work.  A full round of testing will happen again after $*_CACHE_IMAGE_NAME
     # are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***').
-    environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}'
-    check_image_script: '$SCRIPT_BASE/check_image.sh'
-    integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}'
-    system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}'
+    integration_test_script: >-
+        [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
+            $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}
+    system_test_script: >-
+        [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \
+            $SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}
 
     always:
         <<: *standardlogs
@@ -564,6 +606,7 @@ success_task:
         - "testing_crun"
         - "special_testing_rootless"
         - "special_testing_in_podman"
+        - "special_testing_cgroupv2"
         - "special_testing_cross"
         - "test_build_cache_images"
         - "verify_test_built_images"
@@ -603,6 +646,7 @@ release_task:
         - "testing_crun"
         - "special_testing_rootless"
         - "special_testing_in_podman"
+        - "special_testing_cgroupv2"
         - "special_testing_cross"
         - "test_build_cache_images"
         - "verify_test_built_images"

contrib/cirrus/README.md

@@ -69,6 +69,13 @@ Confirm that cross-compile of podman-remote functions for both `windows`
 and `darwin` targets.
 
 
+### ``special_testing_cgroupv2`` Task
+
+Use the latest Fedora release with the required kernel options pre-set for
+exercising cgroups v2 with podman integration tests.  Also depends on
+having `SPECIALMODE` set to 'cgroupv2`
+
+
 ### ``test_build_cache_images_task`` Task
 
 Modifying the contents of cache-images is tested by making changes to
@@ -266,5 +273,6 @@ values follows:
               and utilized for testing.
 * `in_podman`: Causes testing to occur within a container executed by
                podman on the host.
+* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups
 * `windows`: See **darwin**
 * `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client.

contrib/cirrus/check_image.sh

@@ -4,6 +4,8 @@ set -eo pipefail
 
 source $(dirname $0)/lib.sh
 
+req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID
+
 NFAILS=0
 echo "Validating VM image"
 
@@ -49,5 +51,16 @@ then
     item_test "On ubuntu /usr/bin/runc is /usr/lib/cri-o-runc/sbin/runc" "$SAMESAME" -eq "0" || let "NFAILS+=1"
 fi
 
+echo "Checking items specific to ${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}"
+case "$PACKER_BUILDER_NAME" in
+    xfedora*)
+        echo "Kernel Command-line: $(cat /proc/cmdline)"
+        item_test \
+            "On ${PACKER_BUILDER_NAME} images, the /sys/fs/cgroup/unified directory does NOT exist" \
+            "!" "-d" "/sys/fs/cgroup/unified" || let "NFAILS+=1"
+        ;;
+    *) echo "No vm-image specific items to check"
+esac
+
 echo "Total failed tests: $NFAILS"
 exit $NFAILS

contrib/cirrus/integration_test.sh

@@ -36,6 +36,13 @@ case "$SPECIALMODE" in
                 -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \
                 -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE}
         ;;
+    cgroupv2)
+        make
+        make install PREFIX=/usr ETCDIR=/etc
+        make test-binaries
+        echo "WARNING: Integration tests not yet ready for cgroups V2"
+        #TODO: make local${TESTSUITE}
+        ;;
     none)
         make
         make install PREFIX=/usr ETCDIR=/etc
@@ -52,5 +59,5 @@ case "$SPECIALMODE" in
         warn '' "No $SPECIALMODE remote client integration tests configured"
         ;;
     *)
-        die 110 "Unsupported \$SPECIAL_MODE: $SPECIALMODE"
+        die 110 "Unsupported \$SPECIALMODE: $SPECIALMODE"
 esac

contrib/cirrus/lib.sh

@@ -55,9 +55,9 @@ PACKER_VER="1.3.5"
 # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json)
 
 # Base-images rarely change, define them here so they're out of the way.
-export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}"
+export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,xfedora-30,fedora-29}"
 # Google-maintained base-image names
-export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a"
+export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a"
 # Manually produced base-image names (see $SCRIPT_BASE/README.md)
 export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849"
 export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849"

contrib/cirrus/packer/fedora_setup.sh

@@ -8,7 +8,7 @@ set -e
 # Load in library (copied by packer, before this script was run)
 source /tmp/libpod/$SCRIPT_BASE/lib.sh
 
-req_env_var SCRIPT_BASE
+req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC
 
 install_ooe
 
@@ -85,6 +85,17 @@ systemd_banish
 
 sudo /tmp/libpod/hack/install_catatonit.sh
 
+# Same script is used for several related contexts
+case "$PACKER_BUILDER_NAME" in
+    xfedora*)
+        echo "Configuring CGroups v2 enabled on next boot"
+        sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1"
+        ;&  # continue to next matching item
+    *)
+        echo "Finalizing $PACKER_BUILDER_NAME VM image"
+        ;;
+esac
+
 rh_finalize
 
 echo "SUCCESS!"

contrib/cirrus/packer/libpod_images.yml

@@ -47,6 +47,10 @@ builders:
       name: 'fedora-30'
       source_image: '{{user `FEDORA_BASE_IMAGE`}}'
 
+    - <<: *gce_hosted_image
+      name: 'xfedora-30'
+      source_image: '{{user `FEDORA_BASE_IMAGE`}}'
+
     - <<: *gce_hosted_image
       name: 'fedora-29'
       source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}'
@@ -60,6 +64,7 @@ provisioners:
     - type: 'shell'
       script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh'
       environment_vars:
+          - 'PACKER_BUILDER_NAME={{build_name}}'
           - 'GOSRC=/tmp/libpod'
           - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}'
 

contrib/cirrus/packer/ubuntu_setup.sh

@@ -15,6 +15,9 @@ install_ooe
 export GOPATH="$(mktemp -d)"
 trap "sudo rm -rf $GOPATH" EXIT
 
+# Ensure there are no disruptive periodic services enabled by default in image
+systemd_banish
+
 echo "Updating/configuring package repositories."
 $LILTO $SUDOAPTGET update
 $LILTO $SUDOAPTGET install software-properties-common
@@ -100,9 +103,6 @@ ooe.sh sudo update-grub
 sudo /tmp/libpod/hack/install_catatonit.sh
 ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo
 
-# Ensure there are no disruptive periodic services enabled by default in image
-systemd_banish
-
 ubuntu_finalize
 
 echo "SUCCESS!"

contrib/cirrus/packer/xfedora_setup.sh

@@ -0,0 +1 @@
+fedora_setup.sh

contrib/cirrus/setup_environment.sh

@@ -67,9 +67,12 @@ install_test_configs
 make install.tools
 
 case "$SPECIALMODE" in
-    none)
+    cgroupv2)
         remove_packaged_podman_files  # we're building from source
         ;;
+    none)
+        remove_packaged_podman_files
+        ;;
     rootless)
         # Only do this once, even if ROOTLESS_USER (somehow) changes
         if ! grep -q 'ROOTLESS_USER' /etc/environment
@@ -90,5 +93,5 @@ case "$SPECIALMODE" in
     windows) ;&  # for podman-remote building only
     darwin) ;;
     *)
-        die 111 "Unsupported \$SPECIAL_MODE: $SPECIALMODE"
+        die 111 "Unsupported \$SPECIALMODE: $SPECIALMODE"
 esac

hack/get_ci_vm.sh

@@ -68,9 +68,10 @@ delvm() {
 }
 
 image_hints() {
+    _BIS=$(egrep -m 1 '_BUILT_IMAGE_SUFFIX:[[:space:]+"[[:print:]]+"' "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]')
     egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \
         "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \
-        grep -v 'notready' | sort -u
+        sed -r -e "s/\\\$[{]_BUILT_IMAGE_SUFFIX[}]/$_BIS/" | sort -u
 }
 
 show_usage() {