CI Cleanup: Remove cgroups v1 support

With (esp. Debian) CI VM images built by
https://github.com/containers/automation_images/ pull/338 CI no-longer
tests with runc nor cgroups v1.  Add logic to fail under these
conditions.  Prune back high-level YAML/script envars and logic formerly
required to support these things.

Signed-off-by: Chris Evich <cevich@redhat.com>

.cirrus.yml

@@ -103,7 +103,6 @@ build_task:
               # Not used here, is used in other tasks
               VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
               CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-              # ID for re-use of build output
         - env:
               DISTRO_NV: ${PRIOR_FEDORA_NAME}
               VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
@@ -119,8 +118,6 @@ build_task:
               DISTRO_NV: ${DEBIAN_NAME}
               VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
               CI_DESIRED_NETWORK: netavark
-              # Ignore cgroups-v1 warnings on debian
-              PODMAN_IGNORE_CGROUPSV1_WARNING: true
     env:
         TEST_FLAVOR: build
     # NOTE: The default way Cirrus-CI clones is *NOT* compatible with

contrib/cirrus/lib.sh

@@ -94,7 +94,7 @@ EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA"
 # are consumed by the passthrough_envars() automation library function.
 #
 # List of envariables which must be EXACT matches
-PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|PODMAN_IGNORE_CGROUPSV1_WARNING|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS'
+PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS'
 
 # List of envariable patterns which must match AT THE BEGINNING of the name.
 # Consumed by the passthrough_envars() automation library function.

contrib/cirrus/logcollector.sh

@@ -46,7 +46,6 @@ case $1 in
                     netavark
                     passt
                     podman
-                    runc
                     skopeo
                     slirp4netns
         )

contrib/cirrus/setup_environment.sh

@@ -74,24 +74,9 @@ cd "${GOSRC}/"
 
 mkdir -p /etc/containers/containers.conf.d
 
-# Defined by lib.sh: Does the host support cgroups v1 or v2? Use runc or crun
-# respectively.
-# **IMPORTANT**: $OCI_RUNTIME is a fakeout! It is used only in e2e tests.
-# For actual podman, as in system tests, we force runtime in containers.conf
-showrun echo "conditional check: CG_FS_TYPE [=$CG_FS_TYPE]"
-case "$CG_FS_TYPE" in
-    tmpfs)
-        if ((CONTAINER==0)); then
-            warn "Forcing testing with runc instead of crun"
-            echo "OCI_RUNTIME=runc" >> /etc/ci_environment
-            printf "[engine]\nruntime=\"runc\"\n" > /etc/containers/containers.conf.d/90-runtime.conf
-        fi
-        ;;
-    cgroup2fs)
-        # Nothing to do: podman defaults to crun
-        ;;
-    *) die_unknown CG_FS_TYPE
-esac
+# Only cgroups v2 is supported, die if anything else.
+[[ "$CG_FS_TYPE" == "cgroup2fs" ]] || \
+    die "Only cgroups v2 CI VMs are supported, not: '$CG_FS_TYPE'"
 
 # For testing boltdb without having to use --db-backend.
 # As of #20318 (2023-10-10) sqlite is the default, so do not create
@@ -130,25 +115,14 @@ if ((CONTAINER==0)); then  # Not yet running inside a container
 fi
 
 # Which distribution are we testing on.
-case "$OS_RELEASE_ID" in
-    debian)
-        showrun echo "more conditional setup for debian"
-        # FIXME 2023-04-11: workaround for runc regression causing failure
-        # in system tests: "skipping device /dev/char/10:200 for systemd"
-        # (Checked on 2023-08-08 and it's still too old: 1.1.5)
-        # FIXME: please remove this once runc >= 1.2 makes it into debian.
-        showrun modprobe tun
-        ;;
-    fedora)
-        showrun echo "conditional setup for fedora"
-        if ((CONTAINER==0)); then
-            # All SELinux distros need this for systemd-in-a-container
-            msg "Enabling container_manage_cgroup"
-            showrun setsebool container_manage_cgroup true
-        fi
-        ;;
-    *) die_unknown OS_RELEASE_ID
-esac
+if [[ "$OS_RELEASE_ID" == "fedora" ]]; then
+    showrun echo "conditional setup for fedora"
+    if ((CONTAINER==0)); then
+        # All SELinux distros need this for systemd-in-a-container
+        msg "Enabling container_manage_cgroup"
+        showrun setsebool container_manage_cgroup true
+    fi
+fi
 
 # Database: force SQLite or BoltDB as requested in .cirrus.yml.
 # If unset, will default to SQLite.
@@ -203,7 +177,7 @@ case "$TEST_ENVIRON" in
     host)
         # The e2e tests wrongly guess `--cgroup-manager` option
         # shellcheck disable=SC2154
-        if [[ "$CG_FS_TYPE" == "cgroup2fs" ]] || [[ "$PRIV_NAME" == "root" ]]
+        if [[ "$PRIV_NAME" == "root" ]]
         then
             warn "Forcing CGROUP_MANAGER=systemd"
             echo "CGROUP_MANAGER=systemd" >> /etc/ci_environment

test/system/120-load.bats

@@ -88,11 +88,6 @@ verify_iid_and_name() {
         skip "impossible due to pitfalls in our SSH implementation"
     fi
 
-    # See https://github.com/containers/podman/pull/21431
-    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
-        skip "impossible to test due to pitfalls in our SSH implementation"
-    fi
-
     # The testing is the same whether we're root or rootless; all that
     # differs is the destination (not-me) username.
     if is_rootless; then

test/system/252-quadlet.bats

@@ -158,11 +158,6 @@ LogDriver=passthrough
 Network=none
 EOF
 
-    # FIXME: Temporary until podman fully removes cgroupsv1 support; see #21431
-    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
-        skip "Way too complicated to test under cgroupsv1, and not worth the effort"
-    fi
-
     run_quadlet "$quadlet_file"
     service_setup $QUADLET_SERVICE_NAME