From 29c4d890c89c2c8e05015cba9ccb311c3e4b5ea5 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 20 Sep 2017 15:15:08 -0400 Subject: [PATCH 1/4] Faster venv-ansible-playbook.sh If running a playbook more than once, there's no need to re-bootstrap the virtual environment. Assume if the verified crio directory already exists, it should be used (after re-asserting hashes of requirements). Signed-off-by: Chris Evich --- contrib/test/venv-ansible-playbook.sh | 42 ++++++++++++++------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/contrib/test/venv-ansible-playbook.sh b/contrib/test/venv-ansible-playbook.sh index 06acab35..a60357b2 100755 --- a/contrib/test/venv-ansible-playbook.sh +++ b/contrib/test/venv-ansible-playbook.sh @@ -56,27 +56,29 @@ echo ( set -x cd "$WORKSPACE" - # N/B: local system's virtualenv binary - uncontrolled version fixed below - virtualenv --no-site-packages --python=python2.7 ./.venvbootstrap - # Set up paths to install/operate out of $WORKSPACE/.venvbootstrap - source ./.venvbootstrap/bin/activate - # N/B: local system's pip binary - uncontrolled version fixed below - # pip may not support --cache-dir, force it's location into $WORKSPACE the ugly-way - OLD_HOME="$HOME" - export HOME="$WORKSPACE" - export PIPCACHE="$WORKSPACE/.cache/pip" - pip install --force-reinstall --upgrade pip==9.0.1 - # Undo --cache-dir workaround - export HOME="$OLD_HOME" - # Install fixed, trusted, hashed versions of all requirements (including pip and virtualenv) - pip --cache-dir="$PIPCACHE" install --require-hashes \ - --requirement "$SCRIPT_PATH/requirements.txt" - - # Setup trusted virtualenv using hashed binary from requirements.txt - ./.venvbootstrap/bin/virtualenv --no-site-packages --python=python2.7 ./.cri-o_venv - # Exit untrusted virtualenv - deactivate + # When running more than once, make it fast by skipping the bootstrap + if [ ! -d "./.cri-o_venv" ]; then + # N/B: local system's virtualenv binary - uncontrolled version fixed below + virtualenv --no-site-packages --python=python2.7 ./.venvbootstrap + # Set up paths to install/operate out of $WORKSPACE/.venvbootstrap + source ./.venvbootstrap/bin/activate + # N/B: local system's pip binary - uncontrolled version fixed below + # pip may not support --cache-dir, force it's location into $WORKSPACE the ugly-way + OLD_HOME="$HOME" + export HOME="$WORKSPACE" + export PIPCACHE="$WORKSPACE/.cache/pip" + pip install --force-reinstall --upgrade pip==9.0.1 + # Undo --cache-dir workaround + export HOME="$OLD_HOME" + # Install fixed, trusted, hashed versions of all requirements (including pip and virtualenv) + pip --cache-dir="$PIPCACHE" install --require-hashes \ + --requirement "$SCRIPT_PATH/requirements.txt" + # Setup trusted virtualenv using hashed binary from requirements.txt + ./.venvbootstrap/bin/virtualenv --no-site-packages --python=python2.7 ./.cri-o_venv + # Exit untrusted virtualenv + deactivate + fi # Enter trusted virtualenv source ./.cri-o_venv/bin/activate # Re-install from cache From e6b5fc7d537455c603e9c6735254ab617b62eaa7 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 19 Sep 2017 19:57:11 -0400 Subject: [PATCH 2/4] integration-playbook: Add hidden dependencies Previously, an internal playbook installed many extra necessary/unnecessary packages before this playbook even started. Since this is a terrible design, move all dependencies here so that nothing is unwritten. This includes installing some deps. for ansible itself (which must be done as a raw command). Signed-off-by: Chris Evich --- contrib/test/crio-integration-playbook.yaml | 95 +++++++++++++++++---- 1 file changed, 77 insertions(+), 18 deletions(-) diff --git a/contrib/test/crio-integration-playbook.yaml b/contrib/test/crio-integration-playbook.yaml index 0ba7beaf..9d6d4833 100644 --- a/contrib/test/crio-integration-playbook.yaml +++ b/contrib/test/crio-integration-playbook.yaml @@ -3,10 +3,37 @@ ## --skip-tags pr - hosts: all remote_user: root + gather_facts: False # Ansible dependencies need installing first vars: xunit: false cni_commit: dcf7368eeab15e2affc6256f0bb1e84dd46a34de + pre_tasks: + # Assumes subscription stuff won't get in the way + - name: Install pre-requesites for ansible on all platforms + raw: $(type -P dnf || type -P yum) install -y python libselinux-python yum-utils python3-pycurl + # Gather facts + - setup: + # Just one more thing... + - name: Install special ansible deps. for fedora + raw: dnf install -y python2-dnf python3-dnf + when: ansible_distribution == 'Fedora' tasks: + - name: Enable EPEL on RHEL & CentOS + yum_repository: + name: epel + description: "Extra Packages for Enterprise Linux" + baseurl: "http://dl.fedoraproject.org/pub/epel/7/$basearch" + metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch" + gpgcheck: True + gpgcakey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7Server" + when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') + - name: import EPEL GPG keys on RHEL & CentOS + command: 'rpm --import {{ item }}' + with_items: + - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7Server + - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 + - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL + when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') - name: Update all packages yum: name: '*' @@ -27,28 +54,57 @@ name: "{{ item }}" state: latest with_items: - - wget - - git - - make - - gcc - - tar - - libseccomp-devel - - golang - - glib2-devel - - glibc-static - - container-selinux - btrfs-progs-devel - - device-mapper-devel - - ostree-devel - - glibc-devel - - gpgme-devel - - libassuan-devel - - libgpg-error-devel - - pkgconfig + - container-selinux - skopeo-containers - - oci-systemd-hook + - curl + - device-mapper-devel + - expect + - findutils + - gcc + - git + - glib2-devel + - glibc-devel + - glibc-static + - golang + - gpgme-devel + - hostname + - iproute + - iptables + - krb5-workstation + - libassuan-devel + - libffi-devel + - libgpg-error-devel + - libguestfs-tools + - libseccomp-devel + - libvirt-client + - libvirt-python + - libxml2-devel + - libxslt-devel + - make + - mlocate + - nfs-utils + - nmap-ncat + - npm - oci-register-machine + - oci-systemd-hook - oci-umount + - openssl + - openssl-devel + - ostree-devel + - pkgconfig + - python + - python2-boto + - python2-crypto + - python2-mock + - python-click + - python-devel + - python-virtualenv + - PyYAML + - redhat-rpm-config + - rpcbind + - rsync + - sed - socat async: 600 poll: 10 @@ -58,6 +114,8 @@ name: "{{ item }}" state: latest with_items: + - nmap-ncat + - iptables - wget - git - make @@ -264,6 +322,7 @@ regexp: 'export PATH=/usr/local/go/bin:$PATH' state: present when: ansible_distribution == 'Fedora' or ansible_distribution == 'RedHat' + # dest dir depends on skopeo-containers package - name: Copy redhat sigstore file to test host copy: remote_src: yes From 78c400ccd3ea5f6b1e4f4983c22656119f7af0ae Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 20 Sep 2017 16:34:03 -0400 Subject: [PATCH 3/4] integration-playbook: Increase test timeout Depending on circumstances out of our control, the 'integration tests' may take longer than an hour (3600 seconds). Since the maximum time is referenced in several places, define a variable with a larger value then reference it from the affected tasks. Signed-off-by: Chris Evich --- contrib/test/crio-integration-playbook.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/contrib/test/crio-integration-playbook.yaml b/contrib/test/crio-integration-playbook.yaml index 9d6d4833..4190dcbf 100644 --- a/contrib/test/crio-integration-playbook.yaml +++ b/contrib/test/crio-integration-playbook.yaml @@ -7,6 +7,7 @@ vars: xunit: false cni_commit: dcf7368eeab15e2affc6256f0bb1e84dd46a34de + integration_timeout_seconds: "{{ 60 * 60 * 2 }}" pre_tasks: # Assumes subscription stuff won't get in the way - name: Install pre-requesites for ansible on all platforms @@ -337,7 +338,7 @@ shell: 'CGROUP_MANAGER=cgroupfs STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration 2>&1 > testout.txt' args: chdir: /root/src/github.com/kubernetes-incubator/cri-o - async: 3600 + async: "{{ integration_timeout_seconds | int }}" poll: 10 ignore_errors: yes when: ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS' @@ -345,7 +346,7 @@ shell: 'CGROUP_MANAGER=cgroupfs STORAGE_OPTS="--storage-driver=overlay2 --storage-opt overlay2.override_kernel_check=1" make localintegration' args: chdir: /root/src/github.com/kubernetes-incubator/cri-o - async: 3600 + async: "{{ integration_timeout_seconds | int }}" poll: 10 ignore_errors: yes when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') and xunit @@ -353,7 +354,7 @@ shell: 'CGROUP_MANAGER=cgroupfs STORAGE_OPTS="--storage-driver=overlay2" make localintegration 2>&1 > testout.txt' args: chdir: /root/src/github.com/kubernetes-incubator/cri-o - async: 3600 + async: "{{ integration_timeout_seconds | int }}" poll: 10 ignore_errors: yes when: ansible_distribution == 'Fedora' @@ -361,7 +362,7 @@ shell: 'CGROUP_MANAGER=cgroupfs STORAGE_OPTS="--storage-driver=overlay2" make localintegration' args: chdir: /root/src/github.com/kubernetes-incubator/cri-o - async: 3600 + async: "{{ integration_timeout_seconds | int }}" poll: 10 ignore_errors: yes when: (ansible_distribution == 'Fedora' and xunit) From bedf75dcfc44fc421532755884d375a89f4cbc3e Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Wed, 20 Sep 2017 17:23:56 -0400 Subject: [PATCH 4/4] integration-playbook: Require RHEL repos. Both the base and extras repos are required. Rather than try to fuss around with subscription manager, require two variables be defined pointing to the baseurl's to use. Assert that these variables are set and non-empty. Signed-off-by: Chris Evich --- contrib/test/crio-integration-playbook.yaml | 31 +++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/contrib/test/crio-integration-playbook.yaml b/contrib/test/crio-integration-playbook.yaml index 4190dcbf..c097f523 100644 --- a/contrib/test/crio-integration-playbook.yaml +++ b/contrib/test/crio-integration-playbook.yaml @@ -1,6 +1,8 @@ ## This playbook expects --extra-vars "commit=" ## and either --extra-vars "pullrequest=" or -## --skip-tags pr +## --skip-tags pr. +## +## Required: --extra-vars extras_repo_baseurl= - hosts: all remote_user: root gather_facts: False # Ansible dependencies need installing first @@ -9,7 +11,11 @@ cni_commit: dcf7368eeab15e2affc6256f0bb1e84dd46a34de integration_timeout_seconds: "{{ 60 * 60 * 2 }}" pre_tasks: - # Assumes subscription stuff won't get in the way + # Assert subscription stuff won't get in the way + - assert: + that: + - 'extras_repo_baseurl | default(False)' + - 'server_repo_baseurl | default(False)' - name: Install pre-requesites for ansible on all platforms raw: $(type -P dnf || type -P yum) install -y python libselinux-python yum-utils python3-pycurl # Gather facts @@ -25,6 +31,7 @@ description: "Extra Packages for Enterprise Linux" baseurl: "http://dl.fedoraproject.org/pub/epel/7/$basearch" metalink: "https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch" + enabled: True gpgcheck: True gpgcakey: "https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7Server" when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') @@ -35,6 +42,26 @@ - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7 - https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL when: (ansible_distribution == 'RedHat' or ansible_distribution == 'CentOS') + - name: Enable required RHEL repositories + yum_repository: + name: "{{ item.key }}" + description: Required repo. for RHEL + baseurl: "{{ item.value }}" + gpgcheck: False + enabled: True + with_dict: + extras: '{{ extras_repo_baseurl | mandatory }}' + server: '{{ server_repo_baseurl | mandatory }}' + when: (ansible_distribution == 'RedHat') + - name: Don't let old cache interfere with new efforts + shell: $(type -P dnf || type -P yum) clean all && rm -rf /var/cache/{yum,dnf} + - name: disable redhat yum plugin + ini_file: + path: "/etc/yum/pluginconf.d/subscription-manager.conf" + section: main + option: enabled + value: 0 + when: (ansible_distribution == 'RedHat') - name: Update all packages yum: name: '*'