From ecd1927b4c27c123a502f4fb1d655d45bfc13806 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 15 Sep 2022 11:35:50 -0400 Subject: [PATCH 1/3] Cirrus: Update to F37beta Signed-off-by: Chris Evich --- .cirrus.yml | 31 +++++++++++++++-------------- contrib/cirrus/lib.sh | 1 + contrib/cirrus/setup_environment.sh | 14 ++++++------- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index be32c95fff..c732dd50ae 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -27,23 +27,23 @@ env: #### Cache-image names to test with (double-quotes around names are critical) #### Comment out fedora-35 for podman 4.x branches. #### - FEDORA_NAME: "fedora-36" + FEDORA_NAME: "fedora-37" FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64" - #PRIOR_FEDORA_NAME: "fedora-35" + PRIOR_FEDORA_NAME: "fedora-36" UBUNTU_NAME: "ubuntu-2204" # Image identifiers - IMAGE_SUFFIX: "c4678746211876864" + IMAGE_SUFFIX: "c5178639502278656" # EC2 images FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}" FEDORA_AARCH64_AMI: "fedora-podman-aws-arm64-${IMAGE_SUFFIX}" # GCP Images FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" - #PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" + PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" # Container FQIN's FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" - #PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" + PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}" WINDOWS_AMI: "win-server-wsl-c5138587457421312" # Replace with IMAGE_SUFFIX when aligned #### @@ -104,11 +104,11 @@ build_task: CTR_FQIN: ${FEDORA_CONTAINER_FQIN} # ID for re-use of build output CI_DESIRED_RUNTIME: crun - #- env: &priorfedora_envvars - # DISTRO_NV: ${PRIOR_FEDORA_NAME} - # VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - # CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} - # CI_DESIRED_RUNTIME: crun + - env: &priorfedora_envvars + DISTRO_NV: ${PRIOR_FEDORA_NAME} + VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} + CI_DESIRED_RUNTIME: crun - env: &ubuntu_envvars DISTRO_NV: ${UBUNTU_NAME} VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} @@ -592,10 +592,11 @@ container_integration_test_task: VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} CTR_FQIN: ${FEDORA_CONTAINER_FQIN} CI_DESIRED_RUNTIME: crun - #- env: - # DISTRO_NV: ${PRIOR_FEDORA_NAME} - # VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - # CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} + - env: + DISTRO_NV: ${PRIOR_FEDORA_NAME} + VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} + CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} + CI_DESIRED_RUNTIME: crun gce_instance: *standardvm timeout_in: 90m env: @@ -949,9 +950,9 @@ meta_task: image: quay.io/libpod/imgts:latest env: # Space-separated list of images used by this repository state - # Disabled ${PRIOR_FEDORA_CACHE_IMAGE_NAME} for Fedora 35 IMGNAMES: >- ${FEDORA_CACHE_IMAGE_NAME} + ${PRIOR_FEDORA_CACHE_IMAGE_NAME} ${UBUNTU_CACHE_IMAGE_NAME} build-push-${IMAGE_SUFFIX} EC2IMGNAMES: >- diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index b03a3da3ec..004c3446bb 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -208,6 +208,7 @@ use_cni() { export -n NETWORK_BACKEND unset NETWORK_BACKEND msg "Installing default CNI configuration" + dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-plugins* cd $GOSRC || exit 1 rm -rvf /etc/cni/net.d mkdir -p /etc/cni/net.d diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 9c01aec6fe..ccd5d41fe3 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -126,19 +126,19 @@ case "$OS_RELEASE_ID" in setsebool container_manage_cgroup true fi - # For release 36 and later, netavark/aardvark is the default - # networking stack for podman. All previous releases only have - # CNI networking available. Upgrading from one to the other is - # not supported at this time. Support execution of the upgrade - # tests in F36 and later, by disabling Netavark and enabling CNI. + # For the latest Fedora CI VM images, netavark/aardvark is the + # intended networking stack for podman. All previous VM images + # should use CNI networking. Upgrading from one to the other is + # not supported at this time. The only exception in CI is + # the "upgrade tests" which must always use CNI. # # OS_RELEASE_VER is defined by automation-library # shellcheck disable=SC2154 - if [[ "$OS_RELEASE_VER" -ge 36 ]] && \ + if [[ "$DISTRO_NV" != "$PRIOR_FEDORA_NAME" ]] && \ [[ "$TEST_FLAVOR" != "upgrade_test" ]]; then use_netavark - else # Fedora < 36, or upgrade testing. + else # Fedora N-1 or upgrade testing. use_cni fi ;; From fd9de876f144630921693fbe3d72867c4e4a9be7 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 13 Oct 2022 16:02:25 -0400 Subject: [PATCH 2/3] Cirrus: temp. disable all Ubuntu testing Building Ubuntu VM images is temporarily broken due to dependency problems on (missing) netavaro for the (required) podman package. Signed-off-by: Chris Evich --- .cirrus.yml | 70 ++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index c732dd50ae..7be64aba4f 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -40,11 +40,10 @@ env: # GCP Images FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}" PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}" - UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" + #UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}" # Container FQIN's FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}" PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}" - UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}" WINDOWS_AMI: "win-server-wsl-c5138587457421312" # Replace with IMAGE_SUFFIX when aligned #### #### Control variables that determine what to run and how to run it. @@ -109,11 +108,11 @@ build_task: VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} CTR_FQIN: ${PRIOR_FEDORA_CONTAINER_FQIN} CI_DESIRED_RUNTIME: crun - - env: &ubuntu_envvars - DISTRO_NV: ${UBUNTU_NAME} - VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} - CTR_FQIN: ${UBUNTU_CONTAINER_FQIN} - CI_DESIRED_RUNTIME: runc + #- env: &ubuntu_envvars + # DISTRO_NV: ${UBUNTU_NAME} + # VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME} + # CTR_FQIN: ${UBUNTU_CONTAINER_FQIN} + # CI_DESIRED_RUNTIME: runc env: TEST_FLAVOR: build # NOTE: The default way Cirrus-CI clones is *NOT* compatible with @@ -836,32 +835,32 @@ buildah_bud_test_task: always: *int_logs_artifacts -rootless_gitlab_test_task: - name: *std_name_fmt - alias: rootless_gitlab_test - # Docs: ./contrib/cirrus/CIModes.md - only_if: &cirrus_cron "${CIRRUS_CRON} == 'main'" - # Community-maintained downstream test may fail unexpectedly. - # Ref. repository: https://gitlab.com/gitlab-org/gitlab-runner - # If necessary, uncomment the next line and file issue(s) with details. - # allow_failures: $CI == $CI - depends_on: - - build - - rootless_integration_test - gce_instance: *standardvm - env: - <<: *ubuntu_envvars - TEST_FLAVOR: 'gitlab' - PRIV_NAME: rootless - clone_script: *get_gosrc - setup_script: *setup - main_script: *main - always: - <<: *logs_artifacts - junit_artifacts: - path: gitlab-runner-podman.xml - type: text/xml - format: junit +#rootless_gitlab_test_task: +# name: *std_name_fmt +# alias: rootless_gitlab_test +# # Docs: ./contrib/cirrus/CIModes.md +# only_if: &cirrus_cron "${CIRRUS_CRON} == 'main'" +# # Community-maintained downstream test may fail unexpectedly. +# # Ref. repository: https://gitlab.com/gitlab-org/gitlab-runner +# # If necessary, uncomment the next line and file issue(s) with details. +# # allow_failures: $CI == $CI +# depends_on: +# - build +# - rootless_integration_test +# gce_instance: *standardvm +# env: +# <<: *ubuntu_envvars +# TEST_FLAVOR: 'gitlab' +# PRIV_NAME: rootless +# clone_script: *get_gosrc +# setup_script: *setup +# main_script: *main +# always: +# <<: *logs_artifacts +# junit_artifacts: +# path: gitlab-runner-podman.xml +# type: text/xml +# format: junit upgrade_test_task: @@ -950,10 +949,11 @@ meta_task: image: quay.io/libpod/imgts:latest env: # Space-separated list of images used by this repository state + # DISABLED: + # ${UBUNTU_CACHE_IMAGE_NAME} IMGNAMES: >- ${FEDORA_CACHE_IMAGE_NAME} ${PRIOR_FEDORA_CACHE_IMAGE_NAME} - ${UBUNTU_CACHE_IMAGE_NAME} build-push-${IMAGE_SUFFIX} EC2IMGNAMES: >- ${FEDORA_AARCH64_AMI} @@ -1004,7 +1004,7 @@ success_task: - rootless_remote_system_test - minikube_test - buildah_bud_test - - rootless_gitlab_test + #- rootless_gitlab_test - upgrade_test - image_build - meta From 853072455515f25727f8f1a10ae1dc8c7e79bf5a Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 2 Nov 2022 13:37:49 -0400 Subject: [PATCH 3/3] Cirrus: Guarantee CNI testing w/o nv/av present Comments added to code for clarity. Signed-off-by: Chris Evich --- contrib/cirrus/lib.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 004c3446bb..9f36389d41 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -207,6 +207,14 @@ use_cni() { echo "unset NETWORK_BACKEND" >> /etc/ci_environment export -n NETWORK_BACKEND unset NETWORK_BACKEND + # While it's possible a user may want both installed, for CNI CI testing + # purposes we only care about backward-compatibility, not forward. + # If both CNI & netavark are present, in some situations where --root + # is used it's possible for podman to pick the "wrong" networking stack. + msg "Force-removing netavark and aardvark-dns" + # Other packages depend on nv/av, but we're testing with podman + # binaries built from source, so it's safe to ignore these deps. + rpm -e --nodeps netavark aardvark-dns msg "Installing default CNI configuration" dnf install -y $PACKAGE_DOWNLOAD_DIR/podman-plugins* cd $GOSRC || exit 1 @@ -228,6 +236,9 @@ use_netavark() { export NETWORK_BACKEND=netavark # needed for install_test_configs() msg "Removing any/all CNI configuration" rm -rvf /etc/cni/net.d/* + # N/B: The netavark/aardvark-dns packages are still installed and + # available. This is on purpose, since CI needs to verify the + # selection mechanisms are functional when both are available. } # Remove all files provided by the distro version of podman.