From d53fee511f2d46fe3fd89f13248428276cec8ebf Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Mon, 17 Jun 2024 15:24:45 -0400 Subject: [PATCH] CI Cleanup: Remove cgroups v1 support With (esp. Debian) CI VM images built by https://github.com/containers/automation_images/ pull/338 CI no-longer tests with runc nor cgroups v1. Add logic to fail under these conditions. Prune back high-level YAML/script envars and logic formerly required to support these things. Signed-off-by: Chris Evich --- .cirrus.yml | 3 --- contrib/cirrus/lib.sh | 2 +- contrib/cirrus/logcollector.sh | 1 - contrib/cirrus/setup_environment.sh | 29 +++++------------------------ test/system/120-load.bats | 8 +++++--- test/system/252-quadlet.bats | 5 ----- 6 files changed, 11 insertions(+), 37 deletions(-) diff --git a/.cirrus.yml b/.cirrus.yml index 9ae5dd06d5dd..ee187042042a 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -103,7 +103,6 @@ build_task: # Not used here, is used in other tasks VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME} CTR_FQIN: ${FEDORA_CONTAINER_FQIN} - # ID for re-use of build output - env: DISTRO_NV: ${PRIOR_FEDORA_NAME} VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME} @@ -119,8 +118,6 @@ build_task: DISTRO_NV: ${DEBIAN_NAME} VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME} CI_DESIRED_NETWORK: netavark - # Ignore cgroups-v1 warnings on debian - PODMAN_IGNORE_CGROUPSV1_WARNING: true env: TEST_FLAVOR: build # NOTE: The default way Cirrus-CI clones is *NOT* compatible with diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 37759dba2b16..ac4b53af1ed1 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -94,7 +94,7 @@ EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA" # are consumed by the passthrough_envars() automation library function. # # List of envariables which must be EXACT matches -PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|PODMAN_IGNORE_CGROUPSV1_WARNING|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS|PODMAN_BATS_LEAK_CHECK' +PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS|PODMAN_BATS_LEAK_CHECK' # List of envariable patterns which must match AT THE BEGINNING of the name. # Consumed by the passthrough_envars() automation library function. diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index db5d056cb13b..1d4cee7d012c 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -46,7 +46,6 @@ case $1 in netavark passt podman - runc skopeo slirp4netns ) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index a281f10b288a..daea76f00f8a 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -74,24 +74,9 @@ cd "${GOSRC}/" mkdir -p /etc/containers/containers.conf.d -# Defined by lib.sh: Does the host support cgroups v1 or v2? Use runc or crun -# respectively. -# **IMPORTANT**: $OCI_RUNTIME is a fakeout! It is used only in e2e tests. -# For actual podman, as in system tests, we force runtime in containers.conf -showrun echo "conditional check: CG_FS_TYPE [=$CG_FS_TYPE]" -case "$CG_FS_TYPE" in - tmpfs) - if ((CONTAINER==0)); then - warn "Forcing testing with runc instead of crun" - echo "OCI_RUNTIME=runc" >> /etc/ci_environment - printf "[engine]\nruntime=\"runc\"\n" > /etc/containers/containers.conf.d/90-runtime.conf - fi - ;; - cgroup2fs) - # Nothing to do: podman defaults to crun - ;; - *) die_unknown CG_FS_TYPE -esac +# Only cgroups v2 is supported, die if anything else. +[[ "$CG_FS_TYPE" == "cgroup2fs" ]] || \ + die "Only cgroups v2 CI VMs are supported, not: '$CG_FS_TYPE'" # For testing boltdb without having to use --db-backend. # As of #20318 (2023-10-10) sqlite is the default, so do not create @@ -132,12 +117,7 @@ fi # Which distribution are we testing on. case "$OS_RELEASE_ID" in debian) - showrun echo "more conditional setup for debian" - # FIXME 2023-04-11: workaround for runc regression causing failure - # in system tests: "skipping device /dev/char/10:200 for systemd" - # (Checked on 2023-08-08 and it's still too old: 1.1.5) - # FIXME: please remove this once runc >= 1.2 makes it into debian. - showrun modprobe tun + showrun echo "No-op conditional setup for debian" ;; fedora) showrun echo "conditional setup for fedora" @@ -202,6 +182,7 @@ showrun echo "about to set up for TEST_ENVIRON [=$TEST_ENVIRON]" case "$TEST_ENVIRON" in host) # The e2e tests wrongly guess `--cgroup-manager` option + # under some runtime contexts like rootless. # shellcheck disable=SC2154 if [[ "$CG_FS_TYPE" == "cgroup2fs" ]] || [[ "$PRIV_NAME" == "root" ]] then diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 2f50657424bc..5cfed4417b34 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -89,9 +89,11 @@ verify_iid_and_name() { skip "impossible due to pitfalls in our SSH implementation" fi - # See https://github.com/containers/podman/pull/21431 - if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then - skip "impossible to test due to pitfalls in our SSH implementation" + # FIXME: Broken on debian SID systemd 256 <= rc3 + # See https://github.com/containers/podman/pull/23020#issuecomment-2179284640 + OS_RELEASE_ID="${OS_RELEASE_ID:-$(source /etc/os-release; echo $ID)}" + if [[ "$OS_RELEASE_ID" == "debian" ]]; then + skip "broken warning about cgroup-manager=systemd and enabling linger" fi # The testing is the same whether we're root or rootless; all that diff --git a/test/system/252-quadlet.bats b/test/system/252-quadlet.bats index a429454461bc..fbf55c441563 100644 --- a/test/system/252-quadlet.bats +++ b/test/system/252-quadlet.bats @@ -158,11 +158,6 @@ LogDriver=passthrough Network=none EOF - # FIXME: Temporary until podman fully removes cgroupsv1 support; see #21431 - if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then - skip "Way too complicated to test under cgroupsv1, and not worth the effort" - fi - run_quadlet "$quadlet_file" service_setup $QUADLET_SERVICE_NAME