Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update CI VM Images #19751

Closed
wants to merge 2 commits into from
Closed

Conversation

cevich
Copy link
Member

@cevich cevich commented Aug 25, 2023

The v4.3.1 version of the automation library defines a common
passthrough_envars() so it doesn't need to be duplicated in podman and
buildah CI. It also includes an update to build-push which should make
debugging easier.

Finally, these images include setting of the en_US.UTF-8 locale to enable
removal of a workaroud in a future commit.


This reverts commit ed1f514.

The en_US.UTF-8 locale is now added in the images at build time,
containers/automation_images#295

Does this PR introduce a user-facing change?

None

@openshift-ci openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/release-note-label-needed Enforce release-note requirement, even if just None labels Aug 25, 2023
@cevich
Copy link
Member Author

cevich commented Aug 25, 2023

@Luap99 commented:

@sbrivio-rh looks like fedora is working again but there is still a pasta issue on debian:

[+1329s] # [13:49:24.955653397] Error: pasta failed with exit code 1:
[+1329s] # Can't run AVX2 build, using non-AVX2 version: No such file or directory
[+1329s] # No external routable interface for IPv6
[+1329s] # Couldn't get any nameserver address
[+1329s] # Template interface: ens4 (IPv4)
[+1329s] # Namespace interface: myname
[+1329s] # MAC:
[+1329s] #     host: 42:01:0a:80:00:ed
[+1329s] # DHCP:
[+1329s] #     assign: 10.128.0.237
[+1329s] #     mask: 255.255.255.255
[+1329s] #     router: 10.128.0.1
[+1329s] # mount /: Permission denied
[+1329s] # Failed to sandbox process, exiting

@cevich
Copy link
Member Author

cevich commented Aug 25, 2023

Un-drafting this PR, though CI will most likely fail given Paul's comment (above).

@cevich cevich marked this pull request as ready for review August 25, 2023 15:31
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Aug 25, 2023
@rhatdan
Copy link
Member

rhatdan commented Aug 26, 2023

LGTM
/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Aug 26, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cevich, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 26, 2023
@openshift-ci openshift-ci bot added release-note-none and removed do-not-merge/release-note-label-needed Enforce release-note requirement, even if just None labels Sep 2, 2023
@sbrivio-rh
Copy link
Collaborator

Sorry for the delay, it took me a while to figure it out -- the new issue with pasta on Debian sid is fixed in 0.0~git20230908.05627dc-1.

@cevich
Copy link
Member Author

cevich commented Sep 13, 2023

No worries I was a little preoccupied for the last few weeks anyway 😱 Building fresh images now.

@cevich cevich force-pushed the update_ci_vm_images branch from 36ce7ff to 50fac03 Compare September 20, 2023 21:15
@Luap99
Copy link
Member

Luap99 commented Sep 21, 2023

rawhide failures look like containers/crun#1308

@cevich cevich force-pushed the update_ci_vm_images branch from 50fac03 to 144f087 Compare September 21, 2023 15:30
@cevich
Copy link
Member Author

cevich commented Sep 22, 2023

Thanks for taking a look Paul, that was both unexpected and appreciated 😀

cevich and others added 2 commits September 27, 2023 11:06
The `v4.3.1` version of the library defines a common
`passthrough_envars()` so it doesn't need to be duplicated in podman and
buildah CI.  It also includes an update to build-push which should make
debugging easier.

Finally, these images include setting of the en_US.UTF-8 locale to enable
removal of a workaroud in a future commit.

Signed-off-by: Chris Evich <[email protected]>
This reverts commit ed1f514.

The en_US.UTF-8 locale is now added in the images at build time,
containers/automation_images#295

Signed-off-by: Paul Holzinger <[email protected]>
@cevich cevich force-pushed the update_ci_vm_images branch from 144f087 to ef8d88c Compare September 27, 2023 15:06
@cevich
Copy link
Member Author

cevich commented Sep 27, 2023

crun 1.9-1 is in images built by containers/automation_images#307 Just realizing that's different from 1.9.1 recently built by Lokesh in Bodhi 😞

@cevich
Copy link
Member Author

cevich commented Sep 27, 2023

Uh oh, there are a bunch of "new to me" F38 failures:

  • Podman kube play should be able to run image where workdir is a symlink
    Error: failed to start 1 containers
  • Podman logs podman logs with non ASCII log tag fails without correct LANG
    Error: conmon failed: exit status 1
  • Podman run with volumes podman run with --mount flag
    Error: OCI runtime error: crun: chmod misc/tsget: Operation not supported

This was using images freshly built last night (EST on the 26th). @Luap99 or @edsantiago or @umohnani8 have you seen any of these?

FWIW, I'm planning a new set of image builds once the crun-1.9.1-3 is available or "a few days" whichever happens first 😄

@cevich
Copy link
Member Author

cevich commented Sep 27, 2023

@edsantiago
Copy link
Member

Need new crun. Why are we both spending effort on the same thing?

@cevich
Copy link
Member Author

cevich commented Sep 27, 2023

Need new crun. Why are we both spending effort on the same thing?

oh, I thought that was just for rawhide. At least it was only rawhide failing with slightly older VM images. I'll take your word for it though if you say that's what it is.

It's a bit of an unknown how long the F39 PR will take, that's why this one is open.
There's also the windows cross-build problem you hit, which (somehow?) isn't a problem here? 🤷‍♂️ If we reach a point where it definitely doesn't make sense, I'm fine with closing this.

@cevich
Copy link
Member Author

cevich commented Sep 28, 2023

Closing in favor of #20162

@cevich cevich closed this Sep 28, 2023
AkihiroSuda pushed a commit to AkihiroSuda/passt-mirror that referenced this pull request Nov 2, 2023
…stem

As a result of AppArmor commit d4b0fef10a4a ("parser: fix rule flag
generation change_mount type rules"), we can't expect anymore to
get permission to mount() / read-write, with MS_REC | MS_UNBINDABLE
("runbindable", in AppArmor terms), if we don't explicitly pass those
flags as options. It used to work by mistake.

Now, the reasonable expectation would be that we could just change the
existing rule into:

  mount options=(rw, runbindable) "" -> /,

...but this now fails to load too, I think as a result of AppArmor
commit 9d3f8c6cc05d ("parser: fix parsing of source as mount point
for propagation type flags"). It works with 'rw' alone, but
'runbindable' is indeed a propagation type flag.

Skip the source specification, it doesn't add anything meaningful to
the rule anyway.

Reported-by: Paul Holzinger <[email protected]>
Link: containers/podman#19751
Signed-off-by: Stefano Brivio <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Dec 28, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. release-note-none
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants