A number of images required for future testing are not present in GCE.
Importing them is a long proscribed process prone to errors and
complications.
Improve this situation by documenting, and encoding the majority of the
steps required. Due to the required complexity, these are clearly
identified as 'semi-automated'. This means a discerning eye is
sometimes needed to address unforeseen problems (networking issues,
format or packaging changes, etc).
Nevertheless, having these steps in writing, will reduce current and
future maintenance burden while supporting future testing needs of
RHEL, Fedora and Fedora Atomic Host.
Also:
* Add necessary configuration, scripts, and Makefile updates needed to
prepare RHEL, Fedora, & FAH cloud images for use in GCE. This
is a complex, multi-step process where the cloud image is booted
un a local user-mod qemu-kvm instance, where it can be modified.
From there, it's converted into a specific format, and imported into
GCE. Lastly, the imported raw disk data is made available as a GCE
VM image.
Note: As of this commit, the RHEL base-image builds (CentOS has native
image), however neither RHEL or CentOS cache-images build correctly.
* Left testing on FAH disabled, the GCE/Cirrus integration needs needs more
work. Specifically, the python3-based google startup script service
throws a permission-denied (as root) when trying to create a temp.
directory. Did not investigate further, though manually running the
startup script does allow the libpod tests to start running.
* Enabled Fedora 29 image to execute tests and general use.
* Utilize the standardized F28-based container image for gating
of more the intensive unit and integration testing. Update
documentation to reflect this as the standard platform for
these checks. Rename tasks with shorter names and to better
reflect their purpose.
* Cirrus: Trim unnecessary env vars before testing since the vast
majority are only required for orchestration purposes. Since most
are defined within `.cirrus.yml`, it's a good place to store the
list of undesirables. Since each of the cirrus-scripts runs in
it's own shell, unsetting these near the end will have no
consequence. Also trim down the number of calls to show_env_vars()
Signed-off-by: Chris Evich <cevich@redhat.com>
The packer tool takes JSON as input for the details of producing VM
images to be used for PR CI-testing. JSON is not a very human-friendly
format, without support for comments and frequently containing lots of
duplicate data.
Fix this by using a Makefile + simple python one-liner to convert
from a human-friendly YAML format into packer-native JSON. This allows
use of anchors/aliases to reduce duplication, and allows inline comments
for easier maintainability. This also allows separating the 'test'
action from the 'build' action, for earlier and better syntax problem
detection.
Lastly, there are some minor ``lib.sh`` and ``integration_test.sh``
updates to support future work, and slightly improve the build and
test environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
the regression we noticed in runc was fixed upstream:
https://github.com/opencontainers/runc/pull/1943
so we can use again runc from master.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
we need to inherit this change from runc.
commit 869add33186caff4a22e3e11a7472a2d48d77889:
rootless: fix running with /proc/self/setgroups set to deny
This is a regression from 06f789cf26774dd64cb2a9cc0b3c6a6ff832733b
when the user namespace was configured without a privileged helper.
To allow a single mapping in an user namespace, it is necessary to set
/proc/self/setgroups to "deny".
For a simple reproducer, the user namespace can be created with
"unshare -r".
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Previously it was required to call the verify, unit, and integration
scripts in order to build/install dependencies, and libpod. This
wastes time during the (optional) system-testing, since the
actual unit/integration testing is also happening in parallel.
Consolidate only the distribution-specific build steps into the
system-testing script. This way, only the required steps are performed
in their respective (parallel) tasks.
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously, several magic strings were in place to affect cirrus-ci
operations. Two were buried within scripts. One to optionally
execute system-tests within a PR. Another to avoid re-building
cache-images upon every merge.
Move these magic strings out into the open, buy locating their
logic up-front in the ``.cirrus.yml`` file. This improves
readability and reduces surprise/astonishment at runtime.
Signed-off-by: Chris Evich <cevich@redhat.com>
Normally, we would not run system-tests as part of PR-level CI, they're
simply too heavy-weight and complex. However, in some instances it may
be desirable to provide a quick feedback loop, prior to release packaging
and official testing. Enable this by executing the system-tests when
a magic string is present in the PR description:
``***CIRRUS: SYSTEM TEST***``
Signed-off-by: Chris Evich <cevich@redhat.com>
Normally cirrus will abort jobs if another push is made to a branch.
However, with image builds, other VMs are created/managed by packer.
Therefor if cirrus aborts a task, it's possible some packer managed VMs
will be left behind. Disable this behavior for image-building only.
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously this was disabled as some package was breaking networking on
GCE after updating + rebooting. This is fixed now, so we should update
packages when building the fedora test VM image.
https://pagure.io/cloud-sig/issue/292
Signed-off-by: Chris Evich <cevich@redhat.com>
Use image ubuntu-1804-bionic-v20180911-libpod-63a86a18 which was built
with RUNC_COMMIT 78ef28e63bec2ee4c139b5e3e0d691eb9bdc748d.
Signed-off-by: Chris Evich <cevich@redhat.com>
An invalid GCE value is being passed to packer, preventing it from
building VM images. Fix this, and centralize the definition of the
image name suffix by setting it at ``setup_environment.sh`` call-time,
rather encoding inside packer's `libpod_images.json`. This makes
the value available for use by other scripts.
Also, switch the unique component of the name, to be based on the
commit-sha being tested. This will improve traceability, since the git
history is more permanent than the `CIRRUS_BUILD_ID` env. var. The
later is subject to log-rotation, destroying evidence of the images
source state.
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a naive python script that's able to connect to IRC and send a
single line of text to the #podman channel. Wrap this in a new
library function to ensure nick-name collisions are unlikely.
Signed-off-by: Chris Evich <cevich@redhat.com>
There have been some python-podman flakes observed across multiple CI
systems. Support capturing a VM for further investigation in the
event of a non-zero exit. This is done by printing a warning message
and delaying script-exit for a long time. Hopefully a human will notice
and have an opportunity to enable deletion-protection on the VM.
Signed-off-by: Chris Evich <cevich@redhat.com>
Don't waste GCE VM resources for 30-min of testing,
when verify would fail after 3-minutes. This is
the simpelest mechanism to save cloud CPU-time
while GCE is under trial-status (can not set quotas).
Signed-off-by: Chris Evich <cevich@redhat.com>
These can increase again, once we have more control over setting quotas
in GCE. At the moment it's limited because of trial-account status.
Signed-off-by: Chris Evich <cevich@redhat.com>
Testing podman requires exercising on a full-blown VM. The current
containerized-approach is complicated, and mostly a band-aid over
shortcomings in the other CI systems. Namely, we want:
* To pre-build environments with dependencies to reduce the
setup time needed for testing.
* The ability to verify the pre-built environments are working
before utilizing them for further testing.
* A simple, single set of flexible automation instructions to
reduce maintenance burden.
* Ease of environment reproduction across clouds or locally, for
debugging failures.
This change leverages Cirrus-CI + Packer + collection of shell scripts
to realize all of the above.
Signed-off-by: Chris Evich <cevich@redhat.com>
