AWS boot testing for all supported image types #217
Conversation
achilleas-k
changed the title
achilleas-k
force-pushed
the
boot-test/ec2
branch
from
530aa63 to
97ae07c
Compare
|
Awesome :) |
|
EC2 images are created compressed (xz) and should be decompressed before pushing to boot. |
achilleas-k
force-pushed
the
boot-test/ec2
branch
2 times, most recently
from
2aa2fbd to
9cc47a3
Compare
I've been thinking about how to test these (while working on other stuff) and I guess the only way is to add a user to the image BP. I really wanted to have an empty baseline test for everything, but I guess there's no way to automate initial-setup (at least not the way we configure it?). We'll need to do the same with the installers as well anyway. |
achilleas-k
force-pushed
the
boot-test/ec2
branch
2 times, most recently
from
031121c to
0717f77
Compare
achilleas-k
force-pushed
the
boot-test/ec2
branch
2 times, most recently
from
5f7f868 to
624113f
Compare
|
Alright, we are booting and... failing on ARM for some reason: EDIT: this is good right? we're catching bugs 🐛 |
|
FWIW in coreos and derivatives https://github.com/coreos/fedora-coreos-config/blob/6b1b56baab105ffac5cb290d5083f75e23437d2e/manifests/ignition-and-ostree.yaml#L25 |
We don't add It's also strange that it only fails on aarch64 (and consistently). |
We deliberately did not add it since that would mean adding the RPM to every image using the same |
But we can't add packages just to the ami. The build just deploys the commit and creates the image and doesn't support layering packages on top. Is that something we should consider? There's also the (IMO better) alternative that I want to do eventually but might take some time: Build the image directly without pulling in an ostree commit and export both the image and the commit tarball. That way we could build an |
|
Also of course, adding it would require it being in the commit, I don't know why I thought it would be included in the @7flying do you know if adding |
Good point, I meant to say, "to the commit that is just going to be used for the AMI". But I'll double check with docs to make that point clear. Yes, ideally we would want a single edge commit to have all the packages that all the possible edge images would need, and then, depending on the image that you want to build some of them would be "disabled/removed", or we could use layers, but regardless, there shouldn't be more configuration burden for the user, if possible.
Yes, having a single command-line spell that builds it all in one go would be the best solution. |
@achilleas-k no sorry, I did not test that |
I think I'll add this as part of our test configs: Build an edge commit with cloud-init installed and use it as the base image for an edge-ami and then boot test it with cloud-init. But I'll leave that for a follow-up PR. Thanks for the input! |
|
I modified the edge-ami image type to include all the kernel options that we add to other EC2/AMI image types. |
|
One failure left: https://gitlab.com/redhat/services/products/image-builder/ci/images/-/pipelines/1055416885 (ec2-sap on RHEL 8.4). |
Most likely it's an issue with just being slower to start: The keyscan, which we use to wait for the system, quits after 10 tries with 10 second intervals. EDIT: Though it also failed to start |
Enables boot testing on AWS for all supported image types.
If an image is an xz compressed file, unxz it before boot testing and delete the uncompressed image when done to avoid pushing it to the build cache.
jq . --sort-keys the whole file for cleaner edits.
The config isn't used by any image type currently. The private SSH key is set in the GitLab CI variables.
Add two new configs for image types that pull an ostree commit and add a user customization to the configuration. Same key that was added to the user-customizations config. The new configs are used for edge-ami so we can boot test with a predefined user and SSH key.
Doesn't make sense for our boot testing binary.
If the CI_PRIV_SSH_KEY env var exists, use that instead of generating a new key pair. This is used for boot testing images that have a key configured in the build config, for cases where user creation isn't possible at first boot.
Update the test README to mention that: - Images are boot tested when supported. - Images are uploaded to the S3 bucket as well as the manifest, not just the build info. A minor change is also made to both the test/README.md and the HACKING.md about building the `cmd/build` binary without sudo and putting it in `./bin/build` before running it with sudo.
Add instructions for how to use the boot-aws command.
In the boot test script, we don't need to use sudo to run systemctl is-system-running For the edge-ami boot test, we can't set passwordless sudo right now, so if it's not required, we can just run it as a regular user.
Environments don't yet support kernel arguments so doing this now would make the current patch set much bigger than we want it to be. Add a note to do it another time.
Add kernel options to the image type for edge images (raw, ami, and vsphere) and handle them in the edgeRawImage() function. Move the 'modprobe.blacklist=vc4' option, which was used to be set in the image function, to the image types instead.
achilleas-k
force-pushed
the
boot-test/ec2
branch
from
b4c4053 to
f08e0b5
Compare
So the timeout increase worked and the test script ran but like I saw in my local test, the This is only an issue on RHEL 8.4 SAP. EDIT: Known issue: https://issues.redhat.com/browse/RHEL-14096 |
- Create an empty config specifically for ec2-sap for all distros except RHEL 8.4. - Create a config for ec2-sap for RHEL 8.4 only that disables lm_sensors.service Related: RHEL-14096
achilleas-k
force-pushed
the
boot-test/ec2
branch
from
5aa8720 to
4eae71f
Compare
|
Absolutely love it. |
Enables boot testing on AWS for all supported image types.
The following changes were made to image definitions and tests:
edge-amiimage uses the kernel options that are applied to all other EC2/AMI images.boot-awscommand were modified.ec2-sapimage for RHEL 8.4 is built with thelm_sensors.servicedisabled (in CI) because of a known issue.