We want the remote tests for our distributions to be tested in a
different VM than the local tests. This allows for faster CI runs and
easier debug as well as seperation of flakes.
Signed-off-by: baude <bbaude@redhat.com>
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
Also rename `master_script` -> `failed_master_script` to clarify it's
"place in the line" when viewing (Cirrus WebUI)
Signed-off-by: Chris Evich <cevich@redhat.com>
The build_each_commit task builds each commit in a pull request
to verify that we have a (at least minimally) functional Podman
at every point, to aid in bisecting.
This task is, right now, extremely slow, taking around 1m40s to
build each commit - which quickly grows unreasonable as PRs grow
to 10+ commits.
Upping resources available to the task should decrease time spent
in CI and reduce the risk of hitting timeouts.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Previously libpod CI was fairly straight-forward, run unit and
integration tests in a standard set of 3 VMs. Off on the side was a
single special case of running tests as an ordinary user. There is a
desire to stop using the PAPR system to support testing inside of a
container.
Since having two special cases potentially invites more
down the road, make provisions to handle them more gracefully. This
commit introduces an environment variable: ``$SPECIALMODE``. It's
value has the following meanings within the CI scripts:
Mode 'none': Nothing special, business as usual (default)
Mode 'rootless': Rootless testing
Mode 'in_podman': Build container, run integration tests in it.
This will make adding additional special-cases later easier, as well as
extending the special cases in a Matrix across multiple OS's.
Signed-off-by: Chris Evich <cevich@redhat.com>
This task is heavily network bound, and takes way too long to include
along with the gating task. Separate it out and run it in parallel
to everything else. Also add some reasonable timeouts.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Randomize the user's UID and GID
* Simplify `setup_environment.sh`
* Support new "-r" option for `hack/get_ci_vm.sh` setting up rootless
* Connect as $ROOTLESS_USER when using "-r" with `hack/get_ci_vm.sh`
Signed-off-by: Chris Evich <cevich@redhat.com>
Since `on_failure` notification is working, and IRC activity
is picking up, these messages mostly just get in the way.
Leave the PR-testing success messages in place for now,
since they're helpful when someone's waiting.
Signed-off-by: Chris Evich <cevich@redhat.com>
Until recently it was very difficult to execute any scripts if part of a
task failed. A new feature in Cirrus-CI makes this easy. Use it to
post a notice on IRC when any task fails.
Also: Add quotes around yaml-string values for consistency and
syntax-highlighting correctness.
Signed-off-by: Chris Evich <cevich@redhat.com>
to protect against regressions, we need to add a few gating tasks:
* build with varlink
* build podman-remote
* build podman-remote-darwin
we already have a gating task for building without varlink
Signed-off-by: baude <bbaude@redhat.com>
Make use of the built imgts container image to track
VM image usage statistics for every automation run.
Also update and add small check to the gate test
that verifies expected formatting/content of the
`.cirrus.yml` file WRT VM Image names.
Signed-off-by: Chris Evich <cevich@redhat.com>
Certain integration tests require execution as a regular user.
This is acomplished by `PodmanTest.PodmanAsUserBase()` wrapping a
specialized execution environment, in `test/utils/utils.go`. However,
doing this requires passing through python, which vastly increases the
complexity of debugging low-level problems.
This commit introduces a new parallel task, run as a regular user on the
VM as set by three environment variables. All commands executed in the
``rootless_test.sh`` script, will occur as a real user with a name and
home directory, just as `$DIETY` intended. All env. vars established
during `environment_setup.sh` (for root) are available. The PR source
in `$GOSRC` and `$GOPATH` are owned by this user, and ready for use.
Signed-off-by: Chris Evich <cevich@redhat.com>
It was found that after updating the cache-image for RHEL 7.6,
unpredictable integration tests start failing with 'permission denied'
errors. Much effort was spent trying to diagnose this, as all other
platforms pass.
Since running the latest/greatest podman on RHEL, will never be
officially supported (by Red Hat - must use RPM podman) this matrix-item
is of questionable value. Therefor, this commit disables RHEL testing.
Signed-off-by: Chris Evich <cevich@redhat.com>
We had a regression on master where we broke the build for
non-Varlink builds. Catch this in CI in the future.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
There is no native package for this, so the packaged version must also
be installed, otherwise all the support/dependencies would be removed
also (like go-md2man). Fix this by installing from the google released
tarball, into /usr/local/go and set $GOROOT to point there.
Also, include a small fix for hack/get_ci_vm.sh not installing
testing dependencies because of an old assumption.
***CIRRUS: REBUILD IMAGES***
Signed-off-by: Chris Evich <cevich@redhat.com>
* Make sure that all vendored dependencies are in sync with the code and
the vendor.conf by running `make vendor` with a follow-up status check
of the git tree.
* Vendor ginkgo and gomega to include the test dependencies.
Signed-off-by: Chris Evic <cevich@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add necessary tweaks to base-image build/import process so that image
can successfully boot with networking enabled. Build the base image and
update ``.cirrus.yml`` accordingly.
Also make a minor improvement to cache-image building to help save space in
GCP image storage. Namely, instead of storing every produced image, export
them into google storage buckets w/ life-cycle enabled. For production use,
they may be converted back into GCE images, otherwise they will expire after
a time.
Signed-off-by: Chris Evich <cevich@redhat.com>
Once built, this container can be utilized by automation to help keep
track of VM images. All parameters are passed in via env. vars.
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously it was not possible to specify keys from the ``env`` section
in the various GCE sections. Now that features is added, consolidate
all the cache image definitions into a single place, reducing
maintenance burden.
This also results in the names passing through into the VMs. This is
useful, e.g. for future tracking of image usage statistics.
Update get_ci_vm script hints for new image name definition format
Signed-off-by: Chris Evich <cevich@redhat.com>
The limit of build_each_commit seems to be 17 commits - any more
and it times out. Give it a bit more time to work with.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Fixes:
git rebase origin/ -x make
fatal: Needed a single revision
invalid upstream 'origin/'
make: *** [Makefile:351: build-all-new-commits] Error 1
By not running this test post-merge.
Signed-off-by: Chris Evich <cevich@redhat.com>
The podbot messages are becoming obnoxious as more distributions are
tested. Only call the `success.sh` script once, after all testing was
successful. Also make update the message to include more helpful text
and url.
Signed-off-by: Chris Evich <cevich@redhat.com>
Frequently debugging of CI-related problems requires going hands-on
within the environment. However, reproducing the environment by hand is
very tedious and error prone. This script permits authorized users to
produce VM's based on any available cache-image, and automatically remove
them upon logout.
Also: Bump up VM disk sizes to 200GB due to performance reasons
Signed-off-by: Chris Evich <cevich@redhat.com>
Since the most recent TWO versions of Fedora are officially supported
upstream, both need to be tested. Implement the concept of a 'prior'
Fedora release in both base-image and cache-image production. Utilize
the produced cache-image to test libpod. Remove F28 testing from PAPR.
Much thanks to @baude @giuseppe for help with this.
Signed-off-by: Chris Evich <cevich@redhat.com>
A number of images required for future testing are not present in GCE.
Importing them is a long proscribed process prone to errors and
complications.
Improve this situation by documenting, and encoding the majority of the
steps required. Due to the required complexity, these are clearly
identified as 'semi-automated'. This means a discerning eye is
sometimes needed to address unforeseen problems (networking issues,
format or packaging changes, etc).
Nevertheless, having these steps in writing, will reduce current and
future maintenance burden while supporting future testing needs of
RHEL, Fedora and Fedora Atomic Host.
Also:
* Add necessary configuration, scripts, and Makefile updates needed to
prepare RHEL, Fedora, & FAH cloud images for use in GCE. This
is a complex, multi-step process where the cloud image is booted
un a local user-mod qemu-kvm instance, where it can be modified.
From there, it's converted into a specific format, and imported into
GCE. Lastly, the imported raw disk data is made available as a GCE
VM image.
Note: As of this commit, the RHEL base-image builds (CentOS has native
image), however neither RHEL or CentOS cache-images build correctly.
* Left testing on FAH disabled, the GCE/Cirrus integration needs needs more
work. Specifically, the python3-based google startup script service
throws a permission-denied (as root) when trying to create a temp.
directory. Did not investigate further, though manually running the
startup script does allow the libpod tests to start running.
* Enabled Fedora 29 image to execute tests and general use.
* Utilize the standardized F28-based container image for gating
of more the intensive unit and integration testing. Update
documentation to reflect this as the standard platform for
these checks. Rename tasks with shorter names and to better
reflect their purpose.
* Cirrus: Trim unnecessary env vars before testing since the vast
majority are only required for orchestration purposes. Since most
are defined within `.cirrus.yml`, it's a good place to store the
list of undesirables. Since each of the cirrus-scripts runs in
it's own shell, unsetting these near the end will have no
consequence. Also trim down the number of calls to show_env_vars()
Signed-off-by: Chris Evich <cevich@redhat.com>
The packer tool takes JSON as input for the details of producing VM
images to be used for PR CI-testing. JSON is not a very human-friendly
format, without support for comments and frequently containing lots of
duplicate data.
Fix this by using a Makefile + simple python one-liner to convert
from a human-friendly YAML format into packer-native JSON. This allows
use of anchors/aliases to reduce duplication, and allows inline comments
for easier maintainability. This also allows separating the 'test'
action from the 'build' action, for earlier and better syntax problem
detection.
Lastly, there are some minor ``lib.sh`` and ``integration_test.sh``
updates to support future work, and slightly improve the build and
test environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
the regression we noticed in runc was fixed upstream:
https://github.com/opencontainers/runc/pull/1943
so we can use again runc from master.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
