diff --git a/.cirrus.yml b/.cirrus.yml new file mode 100644 index 000000000000..7e68b01edd5b --- /dev/null +++ b/.cirrus.yml @@ -0,0 +1,77 @@ +# While Cirrus CI gives open-source projects free 16.0 CPUs, +# we use only 2 CPUs x 3 tasks = 6 CPUs since the tests here aren't fully +# utilizing multiple CPUs. +# https://cirrus-ci.org/faq/#are-there-any-limits +# +# Undocumented constraints; +# - The maximum memory limit is 4G times the number of CPUs. +# - The number of CPUs should be multiple of 2. + +task: + name: Vagrant + + compute_engine_instance: + image_project: cirrus-images + image: family/docker-kvm + platform: linux + nested_virtualization: true + cpu: 2 + memory: 8G + + env: + GOTEST: gotestsum -- + # By default, Cirrus CI doesn't have HOME defined + HOME: /root + matrix: + BOX: fedora/35-cloud-base + BOX: rockylinux/8 + install_libvirt_vagrant_script: | + apt-get update + apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt + systemctl enable --now libvirtd + + vagrant_cache: + folder: /root/.vagrant.d + fingerprint_script: uname -a; cat Vagrantfile + + vagrant_up_script: | + vagrant up --no-tty + + integration_script: | + vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration + + cri_test_script: | + vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri + +task: + name: CGroupsV2 - rootless CRI test + + env: + HOME: /root + + compute_engine_instance: + image_project: cirrus-images + image: family/docker-kvm + platform: linux + nested_virtualization: true + cpu: 2 + memory: 8G + + install_libvirt_vagrant_script: | + apt-get update + apt-get install -y libvirt-daemon libvirt-daemon-system vagrant vagrant-libvirt + systemctl enable --now libvirtd + + vagrant_cache: + folder: /root/.vagrant.d + fingerprint_script: uname -a; cat Vagrantfile + + vagrant_up_script: | + vagrant up --provision-with=install-rootless-podman --no-tty + + podman_build_script: | + # Execute rootless podman to create the UserNS env + vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant + + test_script: | + vagrant ssh -- podman run --rm --privileged cri-in-userns diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b9c58c8e3eca..53f073963b4d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -508,106 +508,3 @@ jobs: name: TestResults MacOS path: | *-junit.xml - - vagrant: - name: Vagrant - # nested virtualization is only available on macOS hosts - runs-on: macos-10.15 - timeout-minutes: 45 - needs: [project, linters, protos, man] - strategy: - fail-fast: false - matrix: - # Currently crun is disabled to decrease CI flakiness. - # We can enable crun again when we get a better CI infra. - runc: [runc] - # Fedora is for testing cgroup v2 functionality, Rocky Linux is for testing on an enterprise-grade environment - box: ["fedora/35-cloud-base", "rockylinux/8"] - env: - GOTEST: gotestsum -- - steps: - - uses: actions/checkout@v2 - - - name: "Cache ~/.vagrant.d/boxes" - uses: actions/cache@v2 - with: - path: ~/.vagrant.d/boxes - key: vagrant-${{ hashFiles('Vagrantfile*') }} - - - name: Vagrant start - env: - BOX: ${{ matrix.box }} - run: | - if [ "$BOX" = "rockylinux/8" ]; then - # The latest version 5.0.0 seems 404 (as of March 30, 2022) - export BOX_VERSION="4.0.0" - fi - # Retry if it fails (download.fedoraproject.org returns 404 sometimes) - vagrant up || vagrant up - - - name: Integration - env: - RUNC_FLAVOR: ${{ matrix.runc }} - SELINUX: Enforcing - GOTESTSUM_JUNITFILE: /tmp/test-integration-junit.xml - run: vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-integration - - - name: CRI test - env: - RUNC_FLAVOR: ${{ matrix.runc }} - SELINUX: Enforcing - REPORT_DIR: /tmp/critestreport - run: vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri - - - name: Collect the VM's IP address for Docker Hub's throttling issue - if: failure() - run: vagrant ssh -- curl https://api64.ipify.org/ - - - name: Get test reports - if: always() - run: | - set -e - vagrant plugin install vagrant-vbguest - vagrant plugin install vagrant-scp - vagrant scp :/tmp/test-integration-junit.xml "${{ github.workspace }}/" - vagrant scp :/tmp/critestreport "${{ github.workspace }}/critestreport" - - uses: actions/upload-artifact@v2 - if: always() - with: - # ${{ matrix.box }} cannot be used here due to character limitation - name: TestResults vagrant ${{ github.run_id }} ${{ matrix.runtime }} ${{matrix.runc}} - path: | - ${{github.workspace}}/*-junit.xml - ${{github.workspace}}/critestreport/* - - cgroup2-misc: - name: CGroupsV2 - rootless CRI test - # nested virtualization is only available on macOS hosts - runs-on: macos-10.15 - timeout-minutes: 45 - needs: [project, linters, protos, man] - steps: - - uses: actions/checkout@v2 - - - name: "Cache ~/.vagrant.d/boxes" - uses: actions/cache@v2 - with: - path: ~/.vagrant.d/boxes - key: vagrant-${{ hashFiles('Vagrantfile*') }} - - - name: Vagrant start - run: | - # Retry if it fails (download.fedoraproject.org returns 404 sometimes) - vagrant up || vagrant up - - # slow, so separated from the regular cgroup2 task - - name: CRI-in-UserNS test with Rootless Podman - run: | - vagrant up --provision-with=install-rootless-podman - # Execute rootless podman to create the UserNS env - vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant - vagrant ssh -- podman run --rm --privileged cri-in-userns - - - name: Collect the VM's IP address for Docker Hub's throttling issue - if: failure() - run: vagrant ssh -- curl https://api64.ipify.org/ diff --git a/Vagrantfile b/Vagrantfile index be57cb26a6e1..8e3e13f68448 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -19,17 +19,23 @@ Vagrant.configure("2") do |config| config.vm.box = ENV["BOX"] || "fedora/35-cloud-base" config.vm.box_version = ENV["BOX_VERSION"] + memory = 4096 cpus = 2 + disk_size = 60 config.vm.provider :virtualbox do |v| v.memory = memory v.cpus = cpus + v.disk :disk, size: "#{disk_size}GB", primary: true end config.vm.provider :libvirt do |v| v.memory = memory v.cpus = cpus + v.machine_virtual_size = disk_size end + config.vm.provision 'shell', path: 'script/resize-vagrant-root.sh' + # Disabled by default. To run: # vagrant up --provision-with=upgrade-packages # To upgrade only specific packages: diff --git a/script/resize-vagrant-root.sh b/script/resize-vagrant-root.sh new file mode 100755 index 000000000000..ba9afcd186a7 --- /dev/null +++ b/script/resize-vagrant-root.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash + +# Copyright The containerd Authors. + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu -o pipefail + +# Rocky Linux doesn't have growpart by default. +(growpart -h > /dev/null) || dnf -y install cloud-utils-growpart + +df_line=$(df -T / | grep '^/dev/') +if [[ "$df_line" =~ ^/dev/([a-z]+)([0-9+]) ]]; then + dev="${BASH_REMATCH[1]}" + part="${BASH_REMATCH[2]}" + growpart "/dev/$dev" "$part" + + fstype=$(echo "$df_line" | awk '{print $2}') + if [[ "$fstype" = 'btrfs' ]]; then + btrfs filesystem resize max / + elif [[ "$fstype" = 'xfs' ]]; then + xfs_growfs -d / + else + echo "Unknown filesystem: $df_line" + exit 1 + fi +else + echo "Failed to parse: $df_line" + exit 1 +fi