Update images #10829
Update images #10829
Conversation
|
A quick scan and the changes look OK, but the test system is an ugly red.... |
Super-ugly actually...I wonder if the SELinux issue really isn't fixed yet. I think I'll let this PR sit until after the holiday week, then re-build VM images, cross my fingers, and hope. |
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
I'm back now, started fresh build of VM images for CI. |
|
@cevich Is this still valid? |
Yep, it would be nice for consistency sake. More importantly it's not good for us to continue w/ giuseppe's workaround (different Ubuntu vs Fedora images) long-term. I'll look at the failures tomorrow and see what's what (we were waiting on an update to container-selinux or some other selinux related packages in Fedora). |
cevich
force-pushed
the
update_images
branch
2 times, most recently
from
5ecaff7 to
61980c8
Compare
|
|
Error: open /dev/dma_heap: permission Looks like an out of date selinux policy? Failed to decode the keys ["secret" "secret.opts"] from "/usr/share/containers/containers.conf". Needs an updated containers-common. But this is not supposed to cause a failure. |
|
I am updating the containers-common package in f34 with the correct secrets config options. |
|
container-selinux-2.163.0-2.fc33 is needed to fix this. |
For F33, I don't have the policy package version at hand, but we're using |
|
Note: #10848 is now skipping "bud with --runtime and --runtime-flag" of the buildah-bud tests. Once the images are updated, we can revert that in test/buildah-bud/apply-podman-deltas. |
The `IgnorePlatform` options has been removed from the `LookupImageOptions` in libimage to properly support multi-arch images. Skip one buildah-bud test which requires updated CI images. This is currently being done in github.com/containers/pull/10829 but we need to unblock merging common and buildah into podman. [NO TESTS NEEDED] Signed-off-by: Valentin Rothberg <[email protected]>
Oh gosh, I will be the first one to completely forget to do that. Let me add a commit here to take care of it... |
|
Manual testing results:
|
|
@rhatdan would you mind poking me when the selinux-policy package update is ready for F33? I'm happy to test it / give bodhi karma. |
Ref: containers#10829 (comment) Signed-off-by: Chris Evich <[email protected]>
openshift-ci
bot
added
the
needs-rebase
|
In case it helps re: int podman ubuntu-2010 rootless host New (broken) run: |
|
Changes LGTM still, but needs a rebase. |
This reverts commit 404d5ed. The replacement (updated) images include a fix for: containers/common#631 Also minor update to an unrelated FIXME comment. Signed-off-by: Chris Evich <[email protected]>
Ref: containers#10829 (comment) Signed-off-by: Chris Evich <[email protected]>
This becomes a problem on hosts with upgraded policies. Ref: containers#10522 Also, made a small change to compose-test setup to reduce runtime. Signed-off-by: Chris Evich <[email protected]>
These tests were originally enabled in a situation where CI provided false-positive results. Now that has been corrected, these tests all fail under a CGv1 container environment with the error: ``` Error: unable to load cgroup at /machine.slice/libpod-e4f...086.scope/libpod_parent/libpod-fbd...425: cgroup deleted ``` This commit simply disables the tests under this specific environment. Signed-off-by: Chris Evich <[email protected]>
Signed-off-by: Chris Evich <[email protected]>
openshift-ci
bot
removed
the
needs-rebase
This appears to be a flake, as now the test has passed. Sadly, I don't think it's the last time we'll encounter it w/o further deep investigation 😞 |
| @@ -208,7 +222,7 @@ case "$TEST_FLAVOR" in | |||
| unit) ;; | |||
| apiv2) ;& # use next item | |||
| compose) | |||
| dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-docker* | |||
| rpm -ivh $PACKAGE_DOWNLOAD_DIR/podman-docker* | |||
There was a problem hiding this comment.
This is the only eyebrow-raiser I found: it could fail if a dependency of podman-docker is missing. I choose not to worry about it.
There was a problem hiding this comment.
This is accounted for when the packages are downloaded. This same 'install from cache' mechanism is used in CI for other containers repos, so we'll notice pretty quickly if there's a problem. I think it's fine to not worry about it.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich, edsantiago The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@cevich, is this still a WIP as the title claims? |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
finally, it passed with only 1 test re-run.
|
LGTM |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
Revert temporary workaround commit and update all VM images.
Depends on: #11164, #11166