When running from a central host, where multiple other playbooks may
also be executing, CPU time quickly becomes the scaleability bottleneck.
* Reduce the vars compression level at the cost of network utilization.
This assumes the number of vars being transfered back/forth remains
reasonably low, where there wouldn't be much advantage from higher
compression anyway.
Another enhancement ``ControlPersist`` (for ssh) is apt to fall
back to opening new connections (slow) for every request under some
conditions. This happens if the socket filename is too large (108
characters, including path) - a kernel limitation.
Unfortunately, in cloud environments, auto-assigned VM hostnames tend to
be rather large to avoid clashes. Worse, in a CI environment, the default
home-directory path also tends to be lengthy for the same reason.
* Address this by sticking persistent-connection, background socket files
in '/tmp/cri-o' (avoid %d). Also remove the username (%r) designation,
since this will almost always be the same user anyway. The tradeoff
here is clashes between jobs against the same host (unlikely) and
weakened security on the control host (less important for CI jobs).
Signed-off-by: Chris Evich <cevich@redhat.com>
Simplify use of play-level tagging on three separate plays (with one
task). Instead, make them all the same play, and apply the tags at
the task level instead.
Signed-off-by: Chris Evich <cevich@redhat.com>
There are so many ways/places they can change values on the host from
one moment to the next. Yet as written, the value of ansible_env.GOPATH
is really only fixed at "fact gathering" time. In other words, the
environment variable can change (even during a play), but won't be
noticed until possibly much later. This can cause very strange things
to happen which aren't easy to debug.
Fix this by using established facts (variables), and continuously
establishing them as environment variables. This way, if/when a task
fails, the value of the environment will be present w/in the failure
message instead of obscrured by the shell.
Signed-off-by: Chris Evich <cevich@redhat.com>
It's a severe anti-pattern for a playbook to assume execution always
on a specific host. The normal/expected pattern is to execute from a
"control host", against an inventory of (possibly-remote) subjects.
This doesn't preclude the inventory from only ever containing
'localhost', it simply means the plays and tasks should not assume
the inventory contents.
This concept is one of the central design-pillars of Ansible's,
and tantamount to it's usefulness and flexibility. However, in
practice (and by ``integration/readme.md``), plays
specify ``- hosts: all`` but assume inventory_hostname == 'localhost'
(always).
Fix both the playbooks and ``readme.md`` to remove this anti-pattern,
while also allowing the control-host to be the subject-host as needed.
This is accomplished by ensuring low-level Ansible dependencies are
always installed, and writing tasks for steps previously performed
externally (in the CI/automation machinery).
Also update ``readme.md`` to recommend execution occurs through
the ``venv-ansible-playbook.sh`` wrapper to ensure consistent, stable,
version-locked execution dependencies on the control-host.
Remove ``remote_user: root`` from main, since this is better left
to the inventory and command-line.
Signed-off-by: Chris Evich <cevich@redhat.com>
Every now and again, a host will be in an initial state that prevents
installing new packages due to existing packages having some script or
obsoletes problem. Avoid this by first updating all packages, then
installing new ones.
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a pair of variables to control whether or not SELinux
is enabled during particular tests. In all cases, make
sure it's re-enabled afterwards.
Signed-off-by: Chris Evich <cevich@redhat.com>
This puts back the better qualified Idempotent Swapping, but
adds two variables which control whether or not swapping is
enabled during testing. This addresses a short-term issue of
occasionally failing integration tests under some scenarios,
but not others.
The integration OOM-test isn't properly failing because
the cgroup memory control doesn't account for swap usage
(by design) in ``limit_in_bytes``.
Fixing this for the long-term requires repairing the
test to also set ``memory.memsw.limit_in_bytes=0``
(in addition to memory.limit_in_bytes=5m).
N/B: Normally these things are passed down from k8s,
which is why the same fix isn't currently needed
for the e2e tests - hence the new variable is ``True`` by
default.
Signed-off-by: Chris Evich <cevich@redhat.com>
These two should not be tightly-coupled. e.g. for RPM testing, the
packages will be built/installed, then e2e tests will run. Having k8s
secondarily built/installed will seriously screw with rpm-building and
testing.
Signed-off-by: Chris Evich <cevich@redhat.com>
Tests for kpod create and run were failing because the conmon
binary was being hardcoded. We added a --conmon global optioni
for kpod so we could pass in the conmon path from the helpers
file during tests
Signed-off-by: baude <bbaude@redhat.com>
Add the ability to run create a container with kpod. Also, be able to run
(create and start) a container. If the user asks for -it, be able to
attach a terminal to the container.
Signed-off-by: baude <bbaude@redhat.com>
Add kpod-run/kpod-create man page and command completions
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This patch implements the ability to create and run containers
using kpod
Signed-off-by: Matthew Heon <mheon@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name. If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had. If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The image's canonical reference is a name with a digest of the image's
manifest, so compute and return that value as the image's reference in
ImageStatus() and in ContainerStatus().
We don't auto-store a name based on the image digest when we pull one by
tag, but then CRI doesn't need us to do that.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Since we've got stable image IDs now, pushing an image from local
storage to local storage ends up attaching the both names to a single
image, so we need to update the test's expectations.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The updated containers/image and containers/storage don't require as
many workarounds to be able to push images.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Update to proposed changes in containers/image, and bump
containers/storage to 04ad0b827097209ca65e59b5fd768511f3b1ae91, which is
currently the tip of the master branch.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
