containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14801 from lsm5/ec2-aarch64 

Cirrus: enable Fedora 36 aarch64 tasks on EC2
This commit is contained in:
OpenShift Merge Robot 2022-07-28 11:33:31 +02:00 committed by GitHub
parent c0d9ecd299 da98c88778
commit e1238ceb89
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 168 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
.cirrus.yml
View File

@ -28,12 +28,14 @@ env:
#### Comment out fedora-35 for podman 4.x branches.
####
FEDORA_NAME: "fedora-36"
FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
#PRIOR_FEDORA_NAME: "fedora-35"
UBUNTU_NAME: "ubuntu-2204"
# Image identifiers
IMAGE_SUFFIX: "c6013173500215296"
FEDORA_AMI_ID: "ami-0f116746f31965e41"
IMAGE_SUFFIX: "c5495735033528320"
FEDORA_AMI_ID: "ami-0df5df528071f1052" # matches c5495735033528320
FEDORA_AARCH64_AMI_ID: "ami-02ee8b3a782a78791" # matches c5495735033528320
# Complete image names
FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
#PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
@ -139,8 +141,8 @@ automation_task:
always: *runner_stats
# N/B: This task is critical. It builds all binaries for all supported
# OS platforms and versions. On success, the contents of the repository
# N/B: The two following tasks are critical. They build all binaries for all supported
# OS platforms and versions on x86_64 and aarch64. On success, the contents of the repository
# are preserved as an artifact. This saves most subsequent tasks about
# 3 minutes of otherwise duplicative effort. It also ensures that the
# exact same binaries used throughout CI testing, are available for
@ -194,6 +196,36 @@ build_task:
always: *runner_stats
build_aarch64_task:
alias: 'build_aarch64'
name: 'Build for $DISTRO_NV'
# Multiarch doesn't depend on buildability in this automation context
# Docs: ./contrib/cirrus/CIModes.md
only_if: "$CIRRUS_CRON != 'multiarch'"
ec2_instance: &standard_build_ec2_aarch64
image: ${VM_IMAGE_NAME}
type: t4g.xlarge
region: us-east-1
architecture: arm64 # CAUTION: This has to be "arm64", not "aarch64".
env: &stdenvars_aarch64
DISTRO_NV: ${FEDORA_AARCH64_NAME}
VM_IMAGE_NAME: ${FEDORA_AARCH64_AMI_ID}
CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
CI_DESIRED_RUNTIME: crun
TEST_FLAVOR: build
clone_script: *full_clone
setup_script: *setup
main_script: *main
# Cirrus-CI is very slow uploading one file at time, and the repo contains
# thousands of files. Speed this up by archiving into tarball first.
repo_prep_script: &repo_prep_aarch64 >-
tar cjf /tmp/repo.tbz -C $GOSRC . && mv /tmp/repo.tbz $GOSRC/
repo_artifacts: &repo_artifacts_aarch64
path: ./repo.tbz
type: application/octet-stream
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
@ -218,6 +250,7 @@ validate_task:
memory: "16Gb"
env:
<<: *stdenvars
DISTRO_NV: ${FEDORA_NAME}
TEST_FLAVOR: validate
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc |
@ -230,6 +263,40 @@ validate_task:
always: *runner_stats
# Confirm the result of building on at least one platform appears sane.
# This confirms the binaries can be executed, checks --help vs docs, and
# other essential post-build validation checks.
validate_aarch64_task:
name: "Validate $DISTRO_NV Build"
alias: validate_aarch64
# This task is primarily intended to catch human-errors early on, in a
# PR. Skip it for branch-push, branch-create, and tag-push to improve
# automation reliability/speed in those contexts. Any missed errors due
# to nonsequential PR merging practices, will be caught on a future PR,
# build or test task failures.
# Docs: ./contrib/cirrus/CIModes.md
only_if: *is_pr
depends_on:
- ext_svc_check
- automation
- build_aarch64
# golangci-lint is a very, very hungry beast.
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: validate
DISTRO_NV: ${FEDORA_AARCH64_NAME}
# N/B: This script depends on ${DISTRO_NV} being defined for the task.
clone_script: &get_gosrc_aarch64 |
cd /tmp
echo "$ARTCURL/build_aarch64/repo/repo.tbz"
time $ARTCURL/build_aarch64/repo/repo.tbz
time tar xjf /tmp/repo.tbz -C $GOSRC
setup_script: *setup
main_script: *main
always: *runner_stats
# Exercise the "libpod" API with a small set of common
# operations to ensure they are functional.
bindings_task:
@ -317,6 +384,28 @@ consistency_task:
always: *runner_stats
# Check that all included go modules from other sources match
# what is expected in `vendor/modules.txt` vs `go.mod`. Also
# make sure that the generated bindings in pkg/bindings/...
# are in sync with the code.
consistency_aarch64_task:
name: "Test Code Consistency (aarch64)"
alias: consistency_aarch64
# Docs: ./contrib/cirrus/CIModes.md
only_if: *is_pr
depends_on:
- build_aarch64
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: consistency
TEST_ENVIRON: container
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *runner_stats
# There are several other important variations of podman which
# must always build successfully. Most of them are handled in
# this task, though a few need dedicated tasks which follow.
@ -646,6 +735,26 @@ local_system_test_task: &local_system_test_task
always: *logs_artifacts
local_system_test_aarch64_task: &local_system_test_task_aarch64
name: *std_name_fmt
alias: local_system_test_aarch64
# Don't create task for tags, or if using [CI:DOCS], [CI:BUILD], multiarch
# Docs: ./contrib/cirrus/CIModes.md
only_if: *not_tag_build_docs_multiarch
depends_on:
- build_aarch64
- local_integration_test
ec2_instance: *standard_build_ec2_aarch64
env:
<<: *stdenvars_aarch64
TEST_FLAVOR: sys
DISTRO_NV: ${FEDORA_AARCH64_NAME}
clone_script: *get_gosrc_aarch64
setup_script: *setup
main_script: *main
always: *logs_artifacts
remote_system_test_task:
<<: *local_system_test_task
alias: remote_system_test
@ -657,6 +766,17 @@ remote_system_test_task:
PODBIN_NAME: remote
remote_system_test_aarch64_task:
<<: *local_system_test_task_aarch64
alias: remote_system_test_aarch64
depends_on:
- build_aarch64
- remote_integration_test
env:
TEST_FLAVOR: sys
PODBIN_NAME: remote
rootless_remote_system_test_task:
matrix:
# Minimal sanity testing: only the latest Fedora
@ -871,10 +991,13 @@ success_task:
- ext_svc_check
- automation
- build
- build_aarch64
- validate
- validate_aarch64
- bindings
- swagger
- consistency
- consistency_aarch64
- alt_build
- osx_alt_build
- docker-py_test
@ -889,7 +1012,9 @@ success_task:
# AND bypass in contrib/cirrus/cirrus_yaml_test.py for this name.
# - podman_machine
- local_system_test
- local_system_test_aarch64
- remote_system_test
- remote_system_test_aarch64
- rootless_system_test
- rootless_remote_system_test
- buildah_bud_test

4
contrib/cirrus/runner.sh
View File

@ -35,6 +35,10 @@ function _run_automation() {
}
function _run_validate() {
# TODO: aarch64 images need python3-devel installed
# https://github.com/containers/automation_images/issues/159
bigto ooe.sh dnf install -y python3-devel
# git-validation tool fails if $EPOCH_TEST_COMMIT is empty
# shellcheck disable=SC2154
if [[ -n "$EPOCH_TEST_COMMIT" ]]; then

16
test/e2e/config_arm64.go Normal file
View File

@ -0,0 +1,16 @@
package integration
var (
STORAGE_FS = "vfs" //nolint:revive,stylecheck
STORAGE_OPTIONS = "--storage-driver vfs" //nolint:revive,stylecheck
ROOTLESS_STORAGE_FS = "vfs" //nolint:revive,stylecheck
ROOTLESS_STORAGE_OPTIONS = "--storage-driver vfs" //nolint:revive,stylecheck
CACHE_IMAGES = []string{ALPINE, BB, fedoraMinimal, NGINX_IMAGE, REDIS_IMAGE, REGISTRY_IMAGE, INFRA_IMAGE, LABELS_IMAGE, HEALTHCHECK_IMAGE, UBI_INIT, UBI_MINIMAL, fedoraToolbox} //nolint:revive,stylecheck
NGINX_IMAGE = "quay.io/lsm5/alpine_nginx-aarch64:latest" //nolint:revive,stylecheck
BB_GLIBC = "docker.io/library/busybox:glibc" //nolint:revive,stylecheck
REGISTRY_IMAGE = "quay.io/libpod/registry:2.6" //nolint:revive,stylecheck
LABELS_IMAGE = "quay.io/libpod/alpine_labels:latest" //nolint:revive,stylecheck
UBI_MINIMAL = "registry.access.redhat.com/ubi8-minimal" //nolint:revive,stylecheck
UBI_INIT = "registry.access.redhat.com/ubi8-init" //nolint:revive,stylecheck
CIRROS_IMAGE = "quay.io/libpod/cirros:latest" //nolint:revive,stylecheck
)

1
test/system/030-run.bats
View File

@ -3,6 +3,7 @@
load helpers
@test "podman run - basic tests" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64"
rand=$(random_string 30)
err_no_such_cmd="Error:.*/no/such/command.*[Nn]o such file or directory"

2
test/system/075-exec.bats
View File

@ -6,6 +6,8 @@
load helpers
@test "podman exec - basic test" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64"
rand_filename=$(random_string 20)
rand_content=$(random_string 50)

2
test/system/150-login.bats
View File

@ -52,7 +52,7 @@ function setup() {
mkdir -p $AUTHDIR
# Registry image; copy of docker.io, but on our own registry
local REGISTRY_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/registry:2.7"
local REGISTRY_IMAGE="$PODMAN_TEST_IMAGE_REGISTRY/$PODMAN_TEST_IMAGE_USER/registry:2.8"
# Pull registry image, but into a separate container storage
mkdir -p ${PODMAN_LOGIN_WORKDIR}/root

1
test/system/200-pod.bats
View File

@ -478,6 +478,7 @@ spec:
}
@test "pod resource limits" {
# FIXME: #15074 - possible flake on aarch64
skip_if_remote "resource limits only implemented on non-remote"
skip_if_rootless "resource limits only work with root"
skip_if_cgroupsv1 "resource limits only meaningful on cgroups V2"

1
test/system/260-sdnotify.bats
View File

@ -132,6 +132,7 @@ READY=1" "sdnotify sent MAINPID and READY"
# These tests can fail in dev. environment because of SELinux.
# quick fix: chcon -t container_runtime_exec_t ./bin/podman
@test "sdnotify : container" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64 non-remote"
# Sigh... we need to pull a humongous image because it has systemd-notify.
# (IMPORTANT: fedora:32 and above silently removed systemd-notify; this
# caused CI to hang. That's why we explicitly require fedora:31)

3
test/system/410-selinux.bats
View File

@ -39,10 +39,12 @@ function check_label() {
}
@test "podman selinux: container with label=disable" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64"
check_label "--security-opt label=disable" "spc_t"
}
@test "podman selinux: privileged container" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64"
check_label "--privileged --userns=host" "spc_t"
}
@ -63,6 +65,7 @@ function check_label() {
}
@test "podman selinux: pid=host" {
skip_if_aarch64 "FIXME: #15074 - fails on aarch64"
# FIXME this test fails when run rootless with runc:
# Error: container_linux.go:367: starting container process caused: process_linux.go:495: container init caused: readonly path /proc/asound: operation not permitted: OCI permission denied
if is_rootless; then

10
test/system/helpers.bash
View File

@ -379,6 +379,10 @@ function is_netavark() {
return 1
}
function is_aarch64() {
[ "$(uname -m)" == "aarch64" ]
}
# Returns the OCI runtime *basename* (typically crun or runc). Much as we'd
# love to cache this result, we probably shouldn't.
function podman_runtime() {
@ -546,6 +550,12 @@ function skip_if_root_ubuntu {
fi
}
function skip_if_aarch64 {
if is_aarch64; then
skip "${msg:-Cannot run this test on aarch64 systems}"
fi
}
#########
# die # Abort with helpful message
#########