CI Cleanup: Remove cgroups v1 support

With (esp. Debian) CI VM images built by https://github.com/containers/automation_images/ pull/338 CI no-longer tests with runc nor cgroups v1. Add logic to fail under these conditions. Prune back high-level YAML/script envars and logic formerly required to support these things. Signed-off-by: Chris Evich <cevich@redhat.com>
2024-06-17 15:24:45 -04:00 · 2024-06-17 15:24:45 -04:00 · d53fee511f
parent 9ffac33178
commit d53fee511f
6 changed files with 11 additions and 37 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -103,7 +103,6 @@ build_task:
              # Not used here, is used in other tasks
              VM_IMAGE_NAME: ${FEDORA_CACHE_IMAGE_NAME}
              CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
-              # ID for re-use of build output
        - env:
              DISTRO_NV: ${PRIOR_FEDORA_NAME}
              VM_IMAGE_NAME: ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
@ -119,8 +118,6 @@ build_task:
              DISTRO_NV: ${DEBIAN_NAME}
              VM_IMAGE_NAME: ${DEBIAN_CACHE_IMAGE_NAME}
              CI_DESIRED_NETWORK: netavark
-              # Ignore cgroups-v1 warnings on debian
-              PODMAN_IGNORE_CGROUPSV1_WARNING: true
    env:
        TEST_FLAVOR: build
    # NOTE: The default way Cirrus-CI clones is *NOT* compatible with
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@ -94,7 +94,7 @@ EPOCH_TEST_COMMIT="$CIRRUS_BASE_SHA"
 # are consumed by the passthrough_envars() automation library function.
 #
 # List of envariables which must be EXACT matches
-PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|PODMAN_IGNORE_CGROUPSV1_WARNING|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS|PODMAN_BATS_LEAK_CHECK'
+PASSTHROUGH_ENV_EXACT='CGROUP_MANAGER|DEST_BRANCH|DISTRO_NV|GOCACHE|GOPATH|GOSRC|NETWORK_BACKEND|OCI_RUNTIME|ROOTLESS_USER|SCRIPT_BASE|SKIP_USERNS|EC2_INST_TYPE|PODMAN_DB|STORAGE_FS|PODMAN_BATS_LEAK_CHECK'

 # List of envariable patterns which must match AT THE BEGINNING of the name.
 # Consumed by the passthrough_envars() automation library function.
--- a/contrib/cirrus/logcollector.sh
+++ b/contrib/cirrus/logcollector.sh
@ -46,7 +46,6 @@ case $1 in
                    netavark
                    passt
                    podman
-                    runc
                    skopeo
                    slirp4netns
        )
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@ -74,24 +74,9 @@ cd "${GOSRC}/"

 mkdir -p /etc/containers/containers.conf.d

-# Defined by lib.sh: Does the host support cgroups v1 or v2? Use runc or crun
-# respectively.
-# **IMPORTANT**: $OCI_RUNTIME is a fakeout! It is used only in e2e tests.
-# For actual podman, as in system tests, we force runtime in containers.conf
-showrun echo "conditional check: CG_FS_TYPE [=$CG_FS_TYPE]"
-case "$CG_FS_TYPE" in
-    tmpfs)
-        if ((CONTAINER==0)); then
-            warn "Forcing testing with runc instead of crun"
-            echo "OCI_RUNTIME=runc" >> /etc/ci_environment
-            printf "[engine]\nruntime=\"runc\"\n" > /etc/containers/containers.conf.d/90-runtime.conf
-        fi
-        ;;
-    cgroup2fs)
-        # Nothing to do: podman defaults to crun
-        ;;
-    *) die_unknown CG_FS_TYPE
-esac
+# Only cgroups v2 is supported, die if anything else.
+[[ "$CG_FS_TYPE" == "cgroup2fs" ]] || \
+    die "Only cgroups v2 CI VMs are supported, not: '$CG_FS_TYPE'"

 # For testing boltdb without having to use --db-backend.
 # As of #20318 (2023-10-10) sqlite is the default, so do not create
@ -132,12 +117,7 @@ fi
 # Which distribution are we testing on.
 case "$OS_RELEASE_ID" in
    debian)
-        showrun echo "more conditional setup for debian"
-        # FIXME 2023-04-11: workaround for runc regression causing failure
-        # in system tests: "skipping device /dev/char/10:200 for systemd"
-        # (Checked on 2023-08-08 and it's still too old: 1.1.5)
-        # FIXME: please remove this once runc >= 1.2 makes it into debian.
-        showrun modprobe tun
+        showrun echo "No-op conditional setup for debian"
        ;;
    fedora)
        showrun echo "conditional setup for fedora"
@ -202,6 +182,7 @@ showrun echo "about to set up for TEST_ENVIRON [=$TEST_ENVIRON]"
 case "$TEST_ENVIRON" in
    host)
        # The e2e tests wrongly guess `--cgroup-manager` option
+        # under some runtime contexts like rootless.
        # shellcheck disable=SC2154
        if [[ "$CG_FS_TYPE" == "cgroup2fs" ]] || [[ "$PRIV_NAME" == "root" ]]
        then
--- a/test/system/120-load.bats
+++ b/test/system/120-load.bats
@ -89,9 +89,11 @@ verify_iid_and_name() {
        skip "impossible due to pitfalls in our SSH implementation"
    fi

-    # See https://github.com/containers/podman/pull/21431
-    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
-        skip "impossible to test due to pitfalls in our SSH implementation"
+    # FIXME: Broken on debian SID systemd 256 <= rc3
+    # See https://github.com/containers/podman/pull/23020#issuecomment-2179284640
+    OS_RELEASE_ID="${OS_RELEASE_ID:-$(source /etc/os-release; echo $ID)}"
+    if [[ "$OS_RELEASE_ID" == "debian" ]]; then
+        skip "broken warning about cgroup-manager=systemd and enabling linger"
    fi

    # The testing is the same whether we're root or rootless; all that
--- a/test/system/252-quadlet.bats
+++ b/test/system/252-quadlet.bats
@ -158,11 +158,6 @@ LogDriver=passthrough
 Network=none
 EOF

-    # FIXME: Temporary until podman fully removes cgroupsv1 support; see #21431
-    if [[ -n "$PODMAN_IGNORE_CGROUPSV1_WARNING" ]]; then
-        skip "Way too complicated to test under cgroupsv1, and not worth the effort"
-    fi
-
    run_quadlet "$quadlet_file"
    service_setup $QUADLET_SERVICE_NAME