Upgrade tests: reenable, but revamped #21535
Conversation
openshift-ci
bot
added
do-not-merge/work-in-progress
test/upgrade/test-upgrade.bats
Outdated
| run_podman network connect $MYTESTNETWORK myrunningcontainer | ||
| # FIXME: this fails with "netavark: iptables: No * by that name" | ||
| # ...and if we comment it out, curl fails (28, timeout), presumably | ||
| # because of the above network connect | ||
| run_podman network disconnect podman myrunningcontainer | ||
| run curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt | ||
| run -0 curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt | ||
| is "$output" "$RANDOM_STRING_1" "curl on container with second network connected" |
There was a problem hiding this comment.
CI seems to pass on that, did you mix CNI and netavark on your system again?
Or maybe mixing between iptables-legacy and iptables-nft?
There was a problem hiding this comment.
CNI was my first thought, of course. I'm 99% sure that's not it because there's no podmanX interface. It could be iptables? These are the packages on my laptop:
$ rpm -qa|sed -ne 's/^iptables-//' -e 's/-1.8.9-5.*$//p'|sort|fmt
compat legacy legacy-libs libs nft utilsSo, there's compat and legacy and nft. Presumably because of my long upgrade path. Is that not a supported configuration, and what should I do to fix it?
There was a problem hiding this comment.
Having both installed is fine, usually you have to switch via alternatives between them. Both should work with netavark.
You can just run iptables -V to check which one is active. What I was hinting at is that we first run in the old podman container with a potential different iptables, so if container has iptables-legacy while the host uses iptables-nft then an error with no rule/chain could make sense because they use different kernel backends and cannot see the rules from each other.
My understanding is that they should never be mixed on a running system as different rules can cause weird conflicts, so if one switches the iptables backend it is best to reboot first.
There was a problem hiding this comment.
iptables -V says nf_tables. That might explain the failure on my system, but it also raises questions about what exactly we're testing in the upgrade test. I have not yet had enough coffee to suss that out.
There was a problem hiding this comment.
yes the image uses legacy so this cannot work correctly in this combination
$ podman run --rm quay.io/podman/stable:v4.1.0 iptables -V
iptables v1.8.7 (legacy)
And it looks like the image has only legacy installed so the only way to run these tests successfully is to use iptables-legacy on the host or patch up the podman image to include and use iptables-nft but that seems harder.
test/upgrade/test-upgrade.bats
Outdated
| # FIXME: fails, exit code 28 (timeout) | ||
| run -0 curl --max-time 3 -s 127.0.0.1:$HOST_PORT/index.txt |
test/upgrade/test-upgrade.bats
Outdated
| # FIXME: fails: pod X cgroup is not set: internal libpod error | ||
| # run_podman run --pod=mypod --ipc=host --rm $IMAGE echo it works | ||
| # is "$output" ".*it works.*" "podman run --pod" |
edsantiago
force-pushed
the
upgrade_tests
branch
3 times, most recently
from
73d29ae to
6d28957
Compare
|
Cockpit tests failed for commit 6d28957bf0a19b2614359b9d49d40e3e434f1440. @martinpitt, @jelly, @mvollmer please check. |
|
Cockpit tests failed for commit 73d29ae12413bf8c8930465408c23a1634e74fdc. @martinpitt, @jelly, @mvollmer please check. |
|
All right team, how's this? Imperfect, but it would at least get us back into upgrade testing. |
edsantiago
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
No longer bother testing any 2.x or 3.x. Only 4.1 and above. Remove all CNI-related code. CNI is gone. Add DatabaseBackend tests, confirming that we can handle both boltdb and sqlite. Require BATS >= 1.8.0, and use "run -0" to do exit-status checks. Update docs. Signed-off-by: Ed Santiago <[email protected]>
edsantiago
force-pushed
the
upgrade_tests
branch
from
6d28957 to
e20b70c
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: edsantiago, Luap99 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@containers/podman-maintainers PTAL |
|
Sure |
openshift-merge-bot
bot
merged commit 4570ccb
into
containers:main
stale-locking-app
bot
added
the
locked - please file new issue/PR
No longer bother testing any 2.x or 3.x. Only 4.1 and above.
Remove all CNI-related code. CNI is gone.
Add DatabaseBackend tests, confirming that we can handle
both boltdb and sqlite.
Require BATS >= 1.8.0, and use "run -0" to do exit-status checks.
Update docs.
[ marked WIP because this is going to fail. I need help figuring out what to do.]
Signed-off-by: Ed Santiago [email protected]