From 4876a1b2deeeddb903955bbdc9e273c5694ffd38 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 23 Mar 2022 12:10:31 -0400 Subject: [PATCH 1/2] Drop Fedora 35 runc/CGroupsV1, enable in Ubuntu Prior to this commit, Ubuntu VMs were setup with CGroupsV2 enabled. This supported (especially) podman testing to occur with `crun` instead of `runc` + CgroupsV1 which is the default. The opposite was then done for the Fedora N-1 (aka 'prior') VMs, CGroupsV1 was enabled + `runc`. With the change in F36 to a netavark/aardvark-dns network stack from CNI, testing matrices will become additionally complicated if this regime was maintained. Simplify the landscape by reverting the Ubuntu VM setup back to it's default of CGV1 + `runc`. At the same time, restore Fedora 35 to it's default of CGV2 + `crun` (along with Fedora 36). In other words, coverage will apply according to distribution defaults: * Latest Ubuntu: Use CGV1 + `runc` + CNI * Prior Fedora: Use CGV2 + `crun` + CNI * Latest Fedora: Use CGV2 + `crun` + netavark/aardvark-dns Signed-off-by: Chris Evich --- cache_images/fedora_setup.sh | 13 ------------- cache_images/ubuntu_setup.sh | 5 +---- 2 files changed, 1 insertion(+), 17 deletions(-) diff --git a/cache_images/fedora_setup.sh b/cache_images/fedora_setup.sh index b618d377..09b1fa6a 100644 --- a/cache_images/fedora_setup.sh +++ b/cache_images/fedora_setup.sh @@ -40,19 +40,6 @@ if ! ((CONTAINER)); then msg "Enabling cgroup management from containers" ooe.sh $SUDO setsebool -P container_manage_cgroup true fi - - if [[ "$PACKER_BUILD_NAME" =~ prior ]]; then - warn "Disabling CgroupsV2 kernel command-line option for systemd" - SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 systemd.unified_cgroup_hierarchy=0"/' - ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub - # This is always a symlink to the correct location under /boot/... - ooe.sh $SUDO grub2-mkconfig -o $($SUDO realpath --physical /etc/grub2.cfg) - # This is needed to update the /boot/loader/entries/... file to match grub - # config (bug?). Discovered Jul 28, 2021 on newly build F33 images. Never - # a problem before this point :( - ooe.sh $SUDO grubby --grub2 --update-kernel=$($SUDO grubby --default-kernel) \ - --args="systemd.unified_cgroup_hierarchy=0" - fi fi nm_ignore_cni diff --git a/cache_images/ubuntu_setup.sh b/cache_images/ubuntu_setup.sh index 35780773..37e4189e 100644 --- a/cache_images/ubuntu_setup.sh +++ b/cache_images/ubuntu_setup.sh @@ -23,10 +23,7 @@ bash $SCRIPT_DIRPATH/ubuntu_packaging.sh if ! ((CONTAINER)); then warn "Making Ubuntu kernel to enable cgroup swap accounting" - SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1' - warn "Enabling CgroupsV2 kernel command-line option for systemd" - SEDCMD="$SEDCMD systemd.unified_cgroup_hierarchy=1" - SEDCMD="$SEDCMD\"/" + SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1/' ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub.d/* ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub ooe.sh $SUDO update-grub From 77d5b2c495e47acc14946c5d9dd8a3b4c68723e3 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 17 Feb 2022 11:58:46 -0500 Subject: [PATCH 2/2] Update to Fedora 35 + 36 Signed-off-by: Chris Evich --- base_images/gce.yml | 8 ++++---- cache_images/fedora-netavark_packaging.sh | 1 - cache_images/fedora-podman-py_packaging.sh | 5 +---- cache_images/fedora_packaging.sh | 22 +++++++--------------- cache_images/podman_tooling.sh | 3 +++ cache_images/ubuntu_setup.sh | 2 +- podman/fedora_release | 2 +- podman/prior-fedora_release | 2 +- 8 files changed, 18 insertions(+), 27 deletions(-) diff --git a/base_images/gce.yml b/base_images/gce.yml index 7d9702af..3eb14ea6 100644 --- a/base_images/gce.yml +++ b/base_images/gce.yml @@ -29,12 +29,12 @@ variables: # Empty value means it must be passed in on command-line # N/B: There are Fedora-Cloud...GCP.tar.gz images available, however # as of this comment, they lack the cloud-init package which is # required by GCP for startup resizing of the rootfs. - FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-35-1.2-x86_64-CHECKSUM" - FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" + FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/36/Cloud/x86_64/images/Fedora-Cloud-36-x86_64-20220422.n.0-CHECKSUM" + FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/development/36/Cloud/x86_64/images/Fedora-Cloud-Base-36-20220422.n.0.x86_64.qcow2" # Prior Fedora release - PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-34-1.2-x86_64-CHECKSUM" - PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/34/Cloud/x86_64/images/Fedora-Cloud-Base-34-1.2.x86_64.qcow2" + PRIOR_FEDORA_CSUM_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-35-1.2-x86_64-CHECKSUM" + PRIOR_FEDORA_IMAGE_URL: "https://dl.fedoraproject.org/pub/fedora/linux/releases/35/Cloud/x86_64/images/Fedora-Cloud-Base-35-1.2.x86_64.qcow2" # Don't leak sensitive values in error messages / output diff --git a/cache_images/fedora-netavark_packaging.sh b/cache_images/fedora-netavark_packaging.sh index 4b822108..2d310189 100644 --- a/cache_images/fedora-netavark_packaging.sh +++ b/cache_images/fedora-netavark_packaging.sh @@ -61,7 +61,6 @@ INSTALL_PACKAGES=(\ zip ) -# TODO: Remove this when all CI should test with Netavark/Aardvark by default EXARG="--exclude=netavark --exclude=aardvark-dns --exclude=cargo --exclude=rust" msg "Installing general build/test dependencies" diff --git a/cache_images/fedora-podman-py_packaging.sh b/cache_images/fedora-podman-py_packaging.sh index e92af726..b45e76c2 100644 --- a/cache_images/fedora-podman-py_packaging.sh +++ b/cache_images/fedora-podman-py_packaging.sh @@ -86,11 +86,8 @@ INSTALL_PACKAGES=(\ zstd ) -# TODO: Remove this when all CI should test with Netavark/Aardvark by default -EXARG="--exclude=netavark --exclude=aardvark-dns" - echo "Installing general build/test dependencies" -bigto $SUDO dnf install -y $EXARG "${INSTALL_PACKAGES[@]}" +bigto $SUDO dnf install -y "${INSTALL_PACKAGES[@]}" # It was observed in F33, dnf install doesn't always get you the latest/greatest lilto $SUDO dnf update -y diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh index 3ab2622f..f3195e25 100644 --- a/cache_images/fedora_packaging.sh +++ b/cache_images/fedora_packaging.sh @@ -107,6 +107,7 @@ INSTALL_PACKAGES=(\ ostree-devel pandoc parallel + perl-FindBin pkgconfig podman procps-ng @@ -117,6 +118,7 @@ INSTALL_PACKAGES=(\ python-pip-wheel python-setuptools-wheel python-wheel-wheel + python-toml python2 python3-PyYAML python3-coverage @@ -153,17 +155,11 @@ INSTALL_PACKAGES=(\ zstd ) -# Perl module packaging changes between F32 and F33 -case "$OS_RELEASE_VER" in - 32) INSTALL_PACKAGES+=( python3-pytoml ) ;; - 33) ;& - 34) ;& - 35) INSTALL_PACKAGES+=( perl-FindBin python-toml ) ;; - *) die "Unknown/Unsupported \$OS_REL_VER '$OS_REL_VER'" ;; -esac - -# TODO: Remove this when all CI should test with Netavark/Aardvark by default -EXARG="--exclude=netavark --exclude=aardvark-dns" +# test with CNI in F35 and lower +EXARG="" +if [[ "$OS_RELEASE_VER" -le 35 ]]; then + EXARG="--exclude=netavark --exclude=aardvark-dns" +fi # When installing during a container-build, having this present # will seriously screw up future dnf operations in very non-obvious ways. @@ -174,10 +170,6 @@ if ! ((CONTAINER)); then selinux-policy-devel policycoreutils ) -else - if [[ "$OS_RELEASE_VER" -lt 35 ]]; then - EXARG="$EXARG --exclude=selinux*" - fi fi diff --git a/cache_images/podman_tooling.sh b/cache_images/podman_tooling.sh index 53dd4aae..41f248f5 100644 --- a/cache_images/podman_tooling.sh +++ b/cache_images/podman_tooling.sh @@ -27,6 +27,9 @@ else # Fedora $SUDO curl --fail -s -o /usr/local/bin/swagger -L'#' "$download_url" $SUDO chmod +x /usr/local/bin/swagger /usr/local/bin/swagger version + + # This is needed for rootless testing + $SUDO make install.modules-load fi # Make pristine for other runtime usage/expectations also save a bit diff --git a/cache_images/ubuntu_setup.sh b/cache_images/ubuntu_setup.sh index 37e4189e..34dedfd8 100644 --- a/cache_images/ubuntu_setup.sh +++ b/cache_images/ubuntu_setup.sh @@ -23,7 +23,7 @@ bash $SCRIPT_DIRPATH/ubuntu_packaging.sh if ! ((CONTAINER)); then warn "Making Ubuntu kernel to enable cgroup swap accounting" - SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1/' + SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/' ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub.d/* ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub ooe.sh $SUDO update-grub diff --git a/podman/fedora_release b/podman/fedora_release index 8f92bfdd..7facc899 100644 --- a/podman/fedora_release +++ b/podman/fedora_release @@ -1 +1 @@ -35 +36 diff --git a/podman/prior-fedora_release b/podman/prior-fedora_release index a7873645..8f92bfdd 100644 --- a/podman/prior-fedora_release +++ b/podman/prior-fedora_release @@ -1 +1 @@ -34 +35