Update to F36 CI VM Images + Testing netavark/aardvark-dns #13376
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
cevich
changed the title
cevich
changed the title
|
@rhatdan @mheon @vrothberg The F36 VM is failing in validate. Is this a [1] Note: At a higher-level, this command is coming from the |
|
It's a Go thing, yes. In order for it to pass, we need to apply all the changes suggested by the linter. |
I'm fine with that. Can you confirm that won't impact folks running |
Yes, we're already using that in c/image and probably more parts of the stack. |
|
Great, thanks. I'll add a dedicated commit for it. |
cevich
force-pushed
the
f36_update
branch
2 times, most recently
from
ee40752 to
3f8e16c
Compare
|
@vrothberg have you seen these golang |
|
Update: I tried |
|
foirce-push: Temporarily bypass |
|
Well All the F35 failures make me worried - it's currently setup for |
|
I am fine with dropping testing for runc on Fedora as long as we are testing it somewhere. |
|
@cevich, I fear the only way forward is to disable I feel comfortable skipping it in F36 since we're still running the checks on F35. |
I can temporarily switch the Validate task to use the F35 image, then we can just revert that commit later. Presumably the Fedora people think 1.18 will release before F36 releases? |
|
Force-push: Added Cirrus: Temporarily validate in F35 |
cevich
force-pushed
the
f36_update
branch
2 times, most recently
from
342f937 to
92ccebf
Compare
|
Force-push: Enable |
openshift-ci
bot
added
the
needs-rebase
openshift-ci
bot
added
needs-rebase
|
One question that could be addressed later. Otherwise LGTM. @edsantiago if you could take a deep dive, I'd appreciate it. |
This reverts commit 7b55ab4. Signed-off-by: Chris Evich <[email protected]>
Signed-off-by: Chris Evich <[email protected]>
Now that netavark and aardvark are packaged and default in F36, support CNI-based testing in F35 and Ubuntu. * Remove the temporary/special `$TEST_ENVIRON=host-netavark` construct. * Remove dedicated/special integration and system testing tasks. * Update test-config setup to properly handle CNI vs netavark/aardvark environments. * Update package-version logging to operate based on installed packages (along with some other minor script cleanups). * Update global environment setup to force `$NETWORK_BACKEND=netavark` in F36 and later. Except when `upgrade_test` task runs. * Discontinue installing netavark and aardvark-dns binaries from upstream build artifacts. * Drop CGV1-vs-2 policy check. Ubuntu VMs now exclusively test CGv1, Fedora VMs test CGv2, with F35 testing CNI and F36 testing Netavark. Signed-off-by: Chris Evich <[email protected]>
Normally installing/updating packages at test runtime is highly discouraged for reliability and efficiency reasons. However, in this specific case, development work of these packages is still fairly hot. As a compromise to support podman test development, temporarily update these two specific packages at runtime. At a future date, when updates are less frequent, this commit can/should be safely reverted. At that point, the versions installed at VM image build time will persist. Signed-off-by: Chris Evich <[email protected]>
Ref: containers#13931 Signed-off-by: Chris Evich <[email protected]>
Newer versions of git are much more pedantic about who owns the
repository files. When setting up to run rootless, prior to this
commit, the repo. ownership was changed from root. This causes
all subsequent git-operations as root to fail:
```
fatal: unsafe repository ('<$GOSRC>' is owned by someone else)
```
Fix this by re-ordering operations, such that the change in ownership is
done immediately before executing as a user. Also disable the
git-ownership check on the source repository assuming the CI environment
is disposable.
Signed-off-by: Chris Evich <[email protected]>
|
force-push: Rebased, and tweaked two comments. |
|
@cevich is this ready for review? |
Yes please. Edit: If you think it will make reviewing easier, I can probably split off the Cirrus: Fix ownership of repos. to keep git happy commit into a separate PR. The other 5 commits need to stay here though. |
| # TODO: Remove this when netavark/aardvark-dns development slows down | ||
| warn "Updating netavark/aardvark-dns to avoid frequent VM image rebuilds" | ||
| # N/B: This is coming from updates-testing repo in F36 | ||
| lilto dnf update -y netavark aardvark-dns |
There was a problem hiding this comment.
Should these be installed from updates-testing?
There was a problem hiding this comment.
The comment suggests that they are, but the string updates.test does not appear anywhere else (relevantly) in this repo, nor in containers-automation, nor in containers-image, so I have this question too
There was a problem hiding this comment.
Code that does it is here: https://github.com/containers/automation_images/pull/115/files#diff-66757a985486a838bd165fde75e7f0d50de7281ceab5e044cd7625979956e65cR28-R34
log of it being done is here: https://cirrus-ci.com/task/5514692318724096?logs=main#L41
There was a problem hiding this comment.
So updates-testing repo is enabled.
|
LGTM with one question |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
I have quibbles, but nothing that warrants yet another re-push on this two-month saga. Thanks for your hard work on this @cevich /hold cancel |
openshift-ci
bot
removed
the
do-not-merge/hold
|
Should probably start working on f37 now. :^( |
|
New Cirrus task map now on wiki |
Thanks for the help reviewing and fixing all the issues this raised along the way. This one was especially difficult due to the netavark/aardvark switchup. Though, now we can all sleep better at night, knowing the test-coverage of the new networking stack has been vastly expanded. Next up is actually Ubuntu 22.04 😢 |
github-actions
bot
added
the
locked - please file new issue/PR
Update to F36 CI VM Images + Testing netavark/aardvark-dns on F36+
Depends on: