Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

USHIFT-4336: Implement embedded container build support in bootc tests #3921

Merged
merged 5 commits into from
Sep 23, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 13 additions & 2 deletions test/bin/pyutils/build_bootc_images.py
Original file line number Diff line number Diff line change
Expand Up @@ -135,10 +135,18 @@ def set_rpm_version_info_vars():
SOURCE_VERSION = common.run_command_in_shell(f"rpm -q --queryformat '%{{version}}-%{{release}}' {release_info_rpm}")
SOURCE_VERSION_BASE = common.run_command_in_shell(f"rpm -q --queryformat '%{{version}}-%{{release}}' {release_info_rpm_base}")

# The source images are used in selected container image builds
global SOURCE_IMAGES

src_img_cmd = f"rpm2cpio {release_info_rpm}"
src_img_cmd += f' | cpio -i --to-stdout "*release-{UNAME_M}.json" 2>/dev/null'
src_img_cmd += ' | jq -r \'[ .images[] ] | join(",")\''
SOURCE_IMAGES = common.run_command_in_shell(src_img_cmd)

# Update the source version environment variables based on the global variables.
# These are used for templating container files and images.
rpmver_globals_vars = [
'SOURCE_VERSION', 'SOURCE_VERSION_BASE'
'SOURCE_VERSION', 'SOURCE_VERSION_BASE', 'SOURCE_IMAGES'
]
for var in rpmver_globals_vars:
value = globals().get(var)
Expand Down Expand Up @@ -230,10 +238,13 @@ def process_containerfile(groupdir, containerfile, dry_run):
try:
# Redirect the output to the log file
with open(cf_logfile, 'w') as logfile:
# Run the container build command
# Run the container build command.
# Note: The pull secret is necessary in some builds for pulling embedded
# container images specified by SOURCE_IMAGES environment variable.
build_args = [
"sudo", "podman", "build",
"--authfile", PULL_SECRET,
"--secret", f"id=pullsecret,src={PULL_SECRET}",
"-t", cf_outname, "-f", cf_outfile,
IMAGEDIR
]
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
FROM localhost/cos9-bootc-source:latest

# SOURCE_IMAGES contains a comma-separated list of container image references.
# Split the variable and pull each image in a separate layer.
#
# Note: Gomplate blocks are commented out to avoid hadolint warnings.
# {{ range (.Env.SOURCE_IMAGES | strings.Split ",") }}
RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
GOMAXPROCS=8 skopeo copy \
--retry-times 3 \
--authfile /run/secrets/pull-secret.json \
"docker://{{ . }}" \
dir:/var/lib/containers/storage-preloaded
# {{ end }}

# Edit the container storage configuration file to include the new path
RUN sed -i '/^additionalimagestores.*/a\ "/var/lib/containers/storage-preloaded",' /etc/containers/storage.conf

# Apply a workaround to set the SELinux context on the new storage directory and
# also restore 'NET_BIND_SERVICE' capability that is currently lost when including
# images in the container.
#
# Note: This requires setting the additional image stores path to a read-write
# location on the file system. The images will still be treated as read-only by
# the container subsystem.
# See https://github.com/ostreedev/ostree-rs-ext/issues/654
COPY --chmod=755 ./bootc-images/microshift-imagestore-config.sh /usr/bin/microshift-imagestore-config
RUN printf '[Unit]\n\
Description=Configure the image store directory for MicroShift\n\
Before=microshift.service\n\
[Service]\n\
Type=oneshot\n\
ExecStart=/usr/bin/microshift-imagestore-config /var/lib/containers/storage /var/lib/containers/storage-preloaded\n\
[Install]\n\
WantedBy=multi-user.target\n' > /etc/systemd/system/microshift-imagestore-config.service && \
systemctl enable microshift-imagestore-config.service
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
#!/bin/bash
set -euo pipefail

if [ $# -ne 2 ] ; then
echo "Usage: $(basename "$0") </default/image/store/path> </new/image/store/path>"
exit 1
fi

if [ "$(id -u)" != 0 ] ; then
echo "This script should be executed with root permissions"
exit 1
fi

DEF_IMGPATH="$1"
NEW_IMGPATH="$2"

semanage fcontext -a -e "${DEF_IMGPATH}" "${NEW_IMGPATH}"
restorecon -R "${NEW_IMGPATH}"

find "${NEW_IMGPATH}" -type f -path "*/usr/sbin/haproxy" -exec setcap "cap_net_bind_service=+ep" {} \;
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
FROM localhost/rhel94-bootc-source:latest

# SOURCE_IMAGES contains a comma-separated list of container image references.
# Split the variable and pull each image in a separate layer.
#
# Note: Gomplate blocks are commented out to avoid hadolint warnings.
# {{ range (.Env.SOURCE_IMAGES | strings.Split ",") }}
RUN --mount=type=secret,id=pullsecret,dst=/run/secrets/pull-secret.json \
GOMAXPROCS=8 skopeo copy \
--retry-times 3 \
--authfile /run/secrets/pull-secret.json \
"docker://{{ . }}" \
dir:/var/lib/containers/storage-preloaded
# {{ end }}

# Edit the container storage configuration file to include the new path
RUN sed -i '/^additionalimagestores.*/a\ "/var/lib/containers/storage-preloaded",' /etc/containers/storage.conf

# Apply a workaround to set the SELinux context on the new storage directory and
# also restore 'NET_BIND_SERVICE' capability that is currently lost when including
# images in the container.
#
# Note: This requires setting the additional image stores path to a read-write
# location on the file system. The images will still be treated as read-only by
# the container subsystem.
# See https://github.com/ostreedev/ostree-rs-ext/issues/654
COPY --chmod=755 ./bootc-images/microshift-imagestore-config.sh /usr/bin/microshift-imagestore-config
RUN printf '[Unit]\n\
Description=Configure the image store directory for MicroShift\n\
Before=microshift.service\n\
[Service]\n\
Type=oneshot\n\
ExecStart=/usr/bin/microshift-imagestore-config /var/lib/containers/storage /var/lib/containers/storage-preloaded\n\
[Install]\n\
WantedBy=multi-user.target\n' > /etc/systemd/system/microshift-imagestore-config.service && \
systemctl enable microshift-imagestore-config.service
22 changes: 22 additions & 0 deletions test/scenarios-bootc/periodics/[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/bash

# Sourced from scenario.sh and uses functions defined there.

# Redefine network-related settings to use the isolated network bridge
VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_ISOLATED_NETWORK}")"
# shellcheck disable=SC2034 # used elsewhere
BOOTC_REGISTRY_URL="${VM_BRIDGE_IP}:5000"

scenario_create_vms() {
prepare_kickstart host1 kickstart-bootc.ks.template cos9-bootc-source-isolated
# Use the isolated network when creating a VM
launch_vm --boot_blueprint centos9-bootc --network_name "${VM_ISOLATED_NETWORK}" --bootc
}

scenario_remove_vms() {
remove_vm host1
}

scenario_run_tests() {
run_tests host1 suites/network/isolated-network.robot
}
22 changes: 22 additions & 0 deletions test/scenarios-bootc/periodics/[email protected]
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
#!/bin/bash

# Sourced from scenario.sh and uses functions defined there.

# Redefine network-related settings to use the isolated network bridge
VM_BRIDGE_IP="$(get_vm_bridge_ip "${VM_ISOLATED_NETWORK}")"
# shellcheck disable=SC2034 # used elsewhere
BOOTC_REGISTRY_URL="${VM_BRIDGE_IP}:5000"

scenario_create_vms() {
prepare_kickstart host1 kickstart-bootc.ks.template rhel94-bootc-source-isolated
# Use the isolated network when creating a VM
launch_vm --boot_blueprint rhel94-bootc --network_name "${VM_ISOLATED_NETWORK}" --bootc
}

scenario_remove_vms() {
remove_vm host1
}

scenario_run_tests() {
run_tests host1 suites/network/isolated-network.robot
}