From fd312ae30a8f23dd9fb26d2e72aa0b548b9f8453 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 30 Jul 2019 11:06:11 -0400 Subject: [PATCH 1/4] Cirrus: Minor, use newer Ubuntu base image Signed-off-by: Chris Evich --- contrib/cirrus/lib.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index ffb7cd45be..f2a668caf9 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -57,7 +57,7 @@ PACKER_VER="1.3.5" # Base-images rarely change, define them here so they're out of the way. export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}" # Google-maintained base-image names -export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20181203a" +export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a" # Manually produced base-image names (see $SCRIPT_BASE/README.md) export FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1559164849" export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-29-1-2-1559164849" From 7508179ed973a1ad0d26754d39180be8066c7df4 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Fri, 19 Jul 2019 10:46:36 -0400 Subject: [PATCH 2/4] Cirrus: Add experimental fedora VM image & test Signed-off-by: Chris Evich --- .cirrus.yml | 52 +++++++++++++++++++++---- contrib/cirrus/README.md | 8 ++++ contrib/cirrus/integration_test.sh | 9 ++++- contrib/cirrus/lib.sh | 2 +- contrib/cirrus/packer/fedora_setup.sh | 13 ++++++- contrib/cirrus/packer/libpod_images.yml | 5 +++ contrib/cirrus/packer/ubuntu_setup.sh | 6 +-- contrib/cirrus/packer/xfedora_setup.sh | 1 + contrib/cirrus/setup_environment.sh | 7 +++- 9 files changed, 88 insertions(+), 15 deletions(-) create mode 120000 contrib/cirrus/packer/xfedora_setup.sh diff --git a/.cirrus.yml b/.cirrus.yml index 204feb2fd4..86c4232f53 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -30,9 +30,11 @@ env: #### #### Cache-image names to test with ### - FEDORA_CACHE_IMAGE_NAME: "fedora-30-libpod-5789386598252544" - PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-libpod-5789386598252544" - UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-libpod-5789386598252544" + _BUILT_IMAGE_SUFFIX: "libpod-5751722641719296" + FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" + PRIOR_FEDORA_CACHE_IMAGE_NAME: "fedora-29-${_BUILT_IMAGE_SUFFIX}" + SPECIAL_FEDORA_CACHE_IMAGE_NAME: "xfedora-30-${_BUILT_IMAGE_SUFFIX}" + UBUNTU_CACHE_IMAGE_NAME: "ubuntu-18-${_BUILT_IMAGE_SUFFIX}" #### #### Variables for composing new cache-images (used in PR testing) from @@ -262,6 +264,7 @@ meta_task: IMGNAMES: >- ${FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + ${SPECIAL_FEDORA_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME} ${IMAGE_BUILDER_CACHE_IMAGE_NAME} BUILDID: "${CIRRUS_BUILD_ID}" @@ -429,6 +432,33 @@ special_testing_cross_task: failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' +special_testing_cgroupv2_task: + + depends_on: + - "gating" + - "varlink_api" + - "vendor" + + only_if: $CIRRUS_CHANGE_MESSAGE !=~ '.*\*\*\*\s*CIRRUS:\s*TEST\s*IMAGES\s*\*\*\*.*' + + gce_instance: + image_name: "${SPECIAL_FEDORA_CACHE_IMAGE_NAME}" + + env: + SPECIALMODE: 'cgroupv2' # See docs + + timeout_in: 20m + + setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' + integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' + + on_failure: + failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' + + always: + <<: *standardlogs + + # Test building of new cache-images for future PR testing, in this PR. test_build_cache_images_task: @@ -482,6 +512,7 @@ verify_test_built_images_task: # Images are generated separately, from build_images_task (below) image_name: "fedora-29${BUILT_IMAGE_SUFFIX}" image_name: "fedora-30${BUILT_IMAGE_SUFFIX}" + image_name: "xfedora-30${BUILT_IMAGE_SUFFIX}" image_name: "ubuntu-18${BUILT_IMAGE_SUFFIX}" env: @@ -490,13 +521,20 @@ verify_test_built_images_task: TEST_REMOTE_CLIENT: true TEST_REMOTE_CLIENT: false + environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' + # Verify expectations once per image + check_image_script: >- + [[ "$TEST_REMOTE_CLIENT" == "false" ]] || \ + $SCRIPT_BASE/check_image.sh |& ${TIMESTAMP} # Note: A truncated form of normal testing. It only needs to confirm new images # "probably" work. A full round of testing will happen again after $*_CACHE_IMAGE_NAME # are updated in this or another PR (w/o '***CIRRUS: TEST IMAGES***'). - environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' - check_image_script: '$SCRIPT_BASE/check_image.sh' - integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP}' - system_test_script: '$SCRIPT_BASE/system_test.sh |& ${TIMESTAMP}' + integration_test_script: >- + [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \ + $SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP} + system_test_script: >- + [[ "$PACKER_BUILDER_NAME" == "xfedora-30" ]] || \ + $SCRIPT_BASE/system_test.sh |& ${TIMESTAMP} always: <<: *standardlogs diff --git a/contrib/cirrus/README.md b/contrib/cirrus/README.md index 18ef3e7f77..ada362d95a 100644 --- a/contrib/cirrus/README.md +++ b/contrib/cirrus/README.md @@ -69,6 +69,13 @@ Confirm that cross-compile of podman-remote functions for both `windows` and `darwin` targets. +### ``special_testing_cgroupv2`` Task + +Use the latest Fedora release with the required kernel options pre-set for +exercising cgroups v2 with podman integration tests. Also depends on +having `SPECIALMODE` set to 'cgroupv2` + + ### ``test_build_cache_images_task`` Task Modifying the contents of cache-images is tested by making changes to @@ -266,5 +273,6 @@ values follows: and utilized for testing. * `in_podman`: Causes testing to occur within a container executed by podman on the host. +* `cgroupv2`: The kernel on this VM was prepared with options to enable v2 cgroups * `windows`: See **darwin** * `darwin`: Signals the ``special_testing_cross`` task to cross-compile the remote client. diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index cfaf33b856..8a43176e4a 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -36,6 +36,13 @@ case "$SPECIALMODE" in -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \ -o CheckHostIP=no $GOSRC/$SCRIPT_BASE/rootless_test.sh ${TESTSUITE} ;; + cgroupv2) + make + make install PREFIX=/usr ETCDIR=/etc + make test-binaries + echo "WARNING: Integration tests not yet ready for cgroups V2" + #TODO: make local${TESTSUITE} + ;; none) make make install PREFIX=/usr ETCDIR=/etc @@ -52,5 +59,5 @@ case "$SPECIALMODE" in warn '' "No $SPECIALMODE remote client integration tests configured" ;; *) - die 110 "Unsupported \$SPECIAL_MODE: $SPECIALMODE" + die 110 "Unsupported \$SPECIALMODE: $SPECIALMODE" esac diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index f2a668caf9..a20ee5a620 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -55,7 +55,7 @@ PACKER_VER="1.3.5" # CSV of cache-image names to build (see $PACKER_BASE/libpod_images.json) # Base-images rarely change, define them here so they're out of the way. -export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,fedora-29}" +export PACKER_BUILDS="${PACKER_BUILDS:-ubuntu-18,fedora-30,xfedora-30,fedora-29}" # Google-maintained base-image names export UBUNTU_BASE_IMAGE="ubuntu-1804-bionic-v20190722a" # Manually produced base-image names (see $SCRIPT_BASE/README.md) diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index e9b145391a..f73df41829 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -8,7 +8,7 @@ set -e # Load in library (copied by packer, before this script was run) source /tmp/libpod/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE +req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC install_ooe @@ -85,6 +85,17 @@ systemd_banish sudo /tmp/libpod/hack/install_catatonit.sh +# Same script is used for several related contexts +case "$PACKER_BUILDER_NAME" in + xfedora*) + echo "Configuring CGroups v2 enabled on next boot" + sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=1" + ;& # continue to next matching item + *) + echo "Finalizing $PACKER_BUILDER_NAME VM image" + ;; +esac + rh_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/packer/libpod_images.yml b/contrib/cirrus/packer/libpod_images.yml index 2e2b21426c..cae5d4138a 100644 --- a/contrib/cirrus/packer/libpod_images.yml +++ b/contrib/cirrus/packer/libpod_images.yml @@ -47,6 +47,10 @@ builders: name: 'fedora-30' source_image: '{{user `FEDORA_BASE_IMAGE`}}' + - <<: *gce_hosted_image + name: 'xfedora-30' + source_image: '{{user `FEDORA_BASE_IMAGE`}}' + - <<: *gce_hosted_image name: 'fedora-29' source_image: '{{user `PRIOR_FEDORA_BASE_IMAGE`}}' @@ -60,6 +64,7 @@ provisioners: - type: 'shell' script: '{{user `GOSRC`}}/{{user `PACKER_BASE`}}/{{split build_name "-" 0}}_setup.sh' environment_vars: + - 'PACKER_BUILDER_NAME={{build_name}}' - 'GOSRC=/tmp/libpod' - 'SCRIPT_BASE={{user `SCRIPT_BASE`}}' diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index dba191ad2d..4b50d6dc34 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -15,6 +15,9 @@ install_ooe export GOPATH="$(mktemp -d)" trap "sudo rm -rf $GOPATH" EXIT +# Ensure there are no disruptive periodic services enabled by default in image +systemd_banish + echo "Updating/configuring package repositories." $LILTO $SUDOAPTGET update $LILTO $SUDOAPTGET install software-properties-common @@ -100,9 +103,6 @@ ooe.sh sudo update-grub sudo /tmp/libpod/hack/install_catatonit.sh ooe.sh sudo make -C /tmp/libpod install.libseccomp.sudo -# Ensure there are no disruptive periodic services enabled by default in image -systemd_banish - ubuntu_finalize echo "SUCCESS!" diff --git a/contrib/cirrus/packer/xfedora_setup.sh b/contrib/cirrus/packer/xfedora_setup.sh new file mode 120000 index 0000000000..5e9f1ec77f --- /dev/null +++ b/contrib/cirrus/packer/xfedora_setup.sh @@ -0,0 +1 @@ +fedora_setup.sh \ No newline at end of file diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 5d350263ee..7b6765f8a3 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -62,9 +62,12 @@ install_test_configs make install.tools case "$SPECIALMODE" in - none) + cgroupv2) remove_packaged_podman_files # we're building from source ;; + none) + remove_packaged_podman_files + ;; rootless) # Only do this once, even if ROOTLESS_USER (somehow) changes if ! grep -q 'ROOTLESS_USER' /etc/environment @@ -85,5 +88,5 @@ case "$SPECIALMODE" in windows) ;& # for podman-remote building only darwin) ;; *) - die 111 "Unsupported \$SPECIAL_MODE: $SPECIALMODE" + die 111 "Unsupported \$SPECIALMODE: $SPECIALMODE" esac From 5f99703594414039b9e7e1b615687d009f21d7c4 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 30 Jul 2019 08:46:13 -0400 Subject: [PATCH 3/4] Cirrus: Add verification for cgroupv2 image Signed-off-by: Chris Evich --- .cirrus.yml | 20 +++++++++++++------- contrib/cirrus/check_image.sh | 13 +++++++++++++ 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 86c4232f53..79c411a092 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -364,7 +364,6 @@ special_testing_rootless_task: env: ADD_SECOND_PARTITION: true SPECIALMODE: 'rootless' # See docs - matrix: TEST_REMOTE_CLIENT: true TEST_REMOTE_CLIENT: false @@ -446,6 +445,9 @@ special_testing_cgroupv2_task: env: SPECIALMODE: 'cgroupv2' # See docs + matrix: + TEST_REMOTE_CLIENT: true + TEST_REMOTE_CLIENT: false timeout_in: 20m @@ -508,18 +510,20 @@ verify_test_built_images_task: - "test_build_cache_images" gce_instance: - matrix: - # Images are generated separately, from build_images_task (below) - image_name: "fedora-29${BUILT_IMAGE_SUFFIX}" - image_name: "fedora-30${BUILT_IMAGE_SUFFIX}" - image_name: "xfedora-30${BUILT_IMAGE_SUFFIX}" - image_name: "ubuntu-18${BUILT_IMAGE_SUFFIX}" + # Images generated by test_build_cache_images_task (above) + image_name: "${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}" env: ADD_SECOND_PARTITION: true matrix: TEST_REMOTE_CLIENT: true TEST_REMOTE_CLIENT: false + matrix: + # Required env. var. by check_image_script + PACKER_BUILDER_NAME: "fedora-29" + PACKER_BUILDER_NAME: "fedora-30" + PACKER_BUILDER_NAME: "xfedora-30" + PACKER_BUILDER_NAME: "ubuntu-18" environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' # Verify expectations once per image @@ -558,6 +562,7 @@ success_task: - "testing" - "special_testing_rootless" - "special_testing_in_podman" + - "special_testing_cgroupv2" - "special_testing_cross" - "test_build_cache_images" - "verify_test_built_images" @@ -596,6 +601,7 @@ release_task: - "testing" - "special_testing_rootless" - "special_testing_in_podman" + - "special_testing_cgroupv2" - "special_testing_cross" - "test_build_cache_images" - "verify_test_built_images" diff --git a/contrib/cirrus/check_image.sh b/contrib/cirrus/check_image.sh index 8a9fbae1d9..c8e8c4c633 100755 --- a/contrib/cirrus/check_image.sh +++ b/contrib/cirrus/check_image.sh @@ -4,6 +4,8 @@ set -eo pipefail source $(dirname $0)/lib.sh +req_env_var PACKER_BUILDER_NAME TEST_REMOTE_CLIENT EVIL_UNITS OS_RELEASE_ID + NFAILS=0 echo "Validating VM image" @@ -49,5 +51,16 @@ then item_test "On ubuntu /usr/bin/runc is /usr/lib/cri-o-runc/sbin/runc" "$SAMESAME" -eq "0" || let "NFAILS+=1" fi +echo "Checking items specific to ${PACKER_BUILDER_NAME}${BUILT_IMAGE_SUFFIX}" +case "$PACKER_BUILDER_NAME" in + xfedora*) + echo "Kernel Command-line: $(cat /proc/cmdline)" + item_test \ + "On ${PACKER_BUILDER_NAME} images, the /sys/fs/cgroup/unified directory does NOT exist" \ + "!" "-d" "/sys/fs/cgroup/unified" || let "NFAILS+=1" + ;; + *) echo "No vm-image specific items to check" +esac + echo "Total failed tests: $NFAILS" exit $NFAILS From b843804d51ec3fb747670201b6178896d9a4580d Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 7 Aug 2019 10:39:05 -0400 Subject: [PATCH 4/4] Adjust get_ci_vm.sh for substitution Signed-off-by: Chris Evich --- .cirrus.yml | 2 +- hack/get_ci_vm.sh | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 79c411a092..69e7d0d556 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -28,7 +28,7 @@ env: TIMESTAMP: "awk --file ${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/timestamp.awk" #### - #### Cache-image names to test with + #### Cache-image names to test with (double-quotes around names are critical) ### _BUILT_IMAGE_SUFFIX: "libpod-5751722641719296" FEDORA_CACHE_IMAGE_NAME: "fedora-30-${_BUILT_IMAGE_SUFFIX}" diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh index 90e3aea8e2..e1588d5709 100755 --- a/hack/get_ci_vm.sh +++ b/hack/get_ci_vm.sh @@ -68,9 +68,10 @@ delvm() { } image_hints() { + _BIS=$(egrep -m 1 '_BUILT_IMAGE_SUFFIX:[[:space:]+"[[:print:]]+"' "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]') egrep '[[:space:]]+[[:alnum:]].+_CACHE_IMAGE_NAME:[[:space:]+"[[:print:]]+"' \ "$LIBPODROOT/.cirrus.yml" | cut -d: -f 2 | tr -d '"[:blank:]' | \ - grep -v 'notready' | sort -u + sed -r -e "s/\\\$[{]_BUILT_IMAGE_SUFFIX[}]/$_BIS/" | sort -u } show_usage() {