Skip to content

Commit

Permalink
Revert /tmp to tmpfs
Browse files Browse the repository at this point in the history
Podman *really* needs /tmp to be tmpfs, to detect and
handle reboots. Although there are (at this time) no
reboots involved in CI testing, it's still important
for CI hosts to reflect something close to a real-world
environment. And, there is work underway to check /tmp:

  containers/podman#22141

This PR removes special-case Fedora code that was
disabling a tmpfs /tmp mount. History dates back to
PR containers#30 back in 2020.

Some of the image-build code in this repo performs
reboots and relies on persistent tmp files, so you'll
note a flurry of /tmp -> /var/tmp changes.

And, as a drive-by, document the Windows Chocolatey
install command. Link to Best Practices, and explain
why we disregard some of those.

Signed-off-by: Ed Santiago <[email protected]>
  • Loading branch information
edsantiago committed Apr 8, 2024
1 parent 619c79f commit 433d1b4
Show file tree
Hide file tree
Showing 9 changed files with 21 additions and 23 deletions.
2 changes: 1 addition & 1 deletion .cirrus.yml
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ container_images_task: &container_images
REG_PASSWORD: ENCRYPTED[255ec05057707c20237a6c7d15b213422779c534f74fe019b8ca565f635dba0e11035a034e533a6f39e146e7435d87b5]
script: ci/make_container_images.sh;
package_cache: &package_cache
folder: "/tmp/automation_images_tmp/.cache/**"
folder: "/var/tmp/automation_images_tmp/.cache/**"
fingerprint_key: "${TARGET_NAME}-cache-version-1"


Expand Down
2 changes: 1 addition & 1 deletion IMG_SFX
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20240404t205314z-f39f38d13
20240408t134645z-f39f38d13
8 changes: 4 additions & 4 deletions base_images/cloud.yml
Original file line number Diff line number Diff line change
Expand Up @@ -187,23 +187,23 @@ provisioners: # Debian images come bundled with GCE integrations provisioned
- type: 'shell'
inline:
- 'set -e'
- 'mkdir -p /tmp/automation_images'
- 'mkdir -p /var/tmp/automation_images'

- type: 'file'
source: '{{ pwd }}/'
destination: '/tmp/automation_images/'
destination: '/var/tmp/automation_images/'

- except: ['debian']
type: 'shell'
inline:
- 'set -e'
- '/bin/bash /tmp/automation_images/base_images/fedora_base-setup.sh'
- '/bin/bash /var/tmp/automation_images/base_images/fedora_base-setup.sh'

- only: ['debian']
type: 'shell'
inline:
- 'set -e'
- 'env DEBIAN_FRONTEND=noninteractive /bin/bash /tmp/automation_images/base_images/debian_base-setup.sh'
- 'env DEBIAN_FRONTEND=noninteractive /bin/bash /var/tmp/automation_images/base_images/debian_base-setup.sh'

post-processors:
# Must be double-nested to guarantee execution order
Expand Down
6 changes: 0 additions & 6 deletions base_images/fedora_base-setup.sh
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,4 @@ if ! ((CONTAINER)); then
/lib/$METADATA_SERVICE_PATH | $SUDO tee -a /etc/$METADATA_SERVICE_PATH
fi

if [[ "$OS_RELEASE_ID" == "fedora" ]] && ((OS_RELEASE_VER>=33)); then
# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783509
echo "Disabling automatic /tmp (tmpfs) mount"
$SUDO systemctl mask tmp.mount
fi

finalize
10 changes: 5 additions & 5 deletions cache_images/cloud.yml
Original file line number Diff line number Diff line change
Expand Up @@ -183,30 +183,30 @@ provisioners:
- type: 'shell'
inline:
- 'set -e'
- 'mkdir -p /tmp/automation_images'
- 'mkdir -p /var/tmp/automation_images'

- type: 'file'
source: '{{ pwd }}/'
destination: "/tmp/automation_images"
destination: "/var/tmp/automation_images"

- only: ['rawhide']
type: 'shell'
expect_disconnect: true # VM will be rebooted at end of script
inline:
- 'set -e'
- '/bin/bash /tmp/automation_images/cache_images/rawhide_setup.sh'
- '/bin/bash /var/tmp/automation_images/cache_images/rawhide_setup.sh'

- except: ['debian']
type: 'shell'
inline:
- 'set -e'
- '/bin/bash /tmp/automation_images/cache_images/fedora_setup.sh'
- '/bin/bash /var/tmp/automation_images/cache_images/fedora_setup.sh'

- only: ['debian']
type: 'shell'
inline:
- 'set -e'
- 'env DEBIAN_FRONTEND=noninteractive /bin/bash /tmp/automation_images/cache_images/debian_setup.sh'
- 'env DEBIAN_FRONTEND=noninteractive /bin/bash /var/tmp/automation_images/cache_images/debian_setup.sh'

post-processors:
# This is critical for human-interaction. Copntents will be used
Expand Down
2 changes: 1 addition & 1 deletion ci/Containerfile
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ FROM registry.fedoraproject.org/fedora:${FEDORA_RELEASE}
ARG PACKER_VERSION
MAINTAINER https://github.com/containers/automation_images/ci

ENV CIRRUS_WORKING_DIR=/tmp/automation_images \
ENV CIRRUS_WORKING_DIR=/var/tmp/automation_images \
PACKER_INSTALL_DIR=/usr/local/bin \
PACKER_VERSION=$PACKER_VERSION \
CONTAINER=1
Expand Down
6 changes: 3 additions & 3 deletions image_builder/gce.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,16 +45,16 @@ provisioners:
- type: 'shell'
inline:
- 'set -e'
- 'mkdir -p /tmp/automation_images'
- 'mkdir -p /var/tmp/automation_images'

- type: 'file'
source: '{{ pwd }}/'
destination: '/tmp/automation_images/'
destination: '/var/tmp/automation_images/'

- type: 'shell'
inline:
- 'set -e'
- '/bin/bash /tmp/automation_images/image_builder/setup.sh'
- '/bin/bash /var/tmp/automation_images/image_builder/setup.sh'

post-processors:
# Must be double-nested to guarantee execution order
Expand Down
2 changes: 1 addition & 1 deletion lib.sh
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@ common_finalize() {
$SUDO rm -rf /var/lib/cloud/instanc*
$SUDO rm -rf /root/.ssh/*
$SUDO rm -rf /etc/ssh/*key*
$SUDO rm -rf /tmp/*
$SUDO rm -rf /tmp/* /var/tmp/automation_images
$SUDO rm -rf /tmp/.??*
echo -n "" | $SUDO tee /etc/machine-id
$SUDO sync
Expand Down
6 changes: 5 additions & 1 deletion win_images/win-lib.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,11 @@ function retryInstall {
$pkg = @("--version", $Matches.2, $Matches.1)
}

choco install -y --allow-downgrade --execution-timeout=300 $pkg
# Chocolatey best practices as of 2024-04:
# https://docs.chocolatey.org/en-us/choco/commands/#scripting-integration-best-practices-style-guide
# Some of those are suboptimal, e.g., using "upgrade" to mean "install",
# hardcoding a specific API URL. We choose to reject those.
choco install $pkg -y --allow-downgrade --execution-timeout=300
if ($LASTEXITCODE -eq 0) {
break
}
Expand Down

0 comments on commit 433d1b4

Please sign in to comment.