commit
2ce6c2e9df
@ -0,0 +1,2 @@
|
|||||||
|
artifacts
|
||||||
|
tests/packages
|
@ -0,0 +1,131 @@
|
|||||||
|
---
|
||||||
|
document: modulemd
|
||||||
|
version: 2
|
||||||
|
data:
|
||||||
|
name: container-tools
|
||||||
|
stream: 4.0
|
||||||
|
summary: >-
|
||||||
|
Stable versions of podman 4.0, buildah 1.24, skopeo 1.6, runc, conmon, CRIU,
|
||||||
|
Udica, etc as well as dependencies such as container-selinux built and tested
|
||||||
|
together, and supported as documented on the Application Stream lifecycle page.
|
||||||
|
description: >-
|
||||||
|
Stable versions of podman 4.0, buildah 1.24, skopeo 1.6, runc, conmon, CRIU,
|
||||||
|
Udica, etc as well as dependencies such as container-selinux built and tested
|
||||||
|
together. Released with RHEL 8.6 and supported for 24 months. During the
|
||||||
|
support lifecycle, back ports of important, critical vulnerabilities (CVEs,
|
||||||
|
RHSAs) and bug fixes (RHBAs) are provided to this stream, and versions do not
|
||||||
|
move forward. For more information see:
|
||||||
|
https://access.redhat.com/support/policy/updates/containertools
|
||||||
|
license:
|
||||||
|
module:
|
||||||
|
- MIT
|
||||||
|
dependencies:
|
||||||
|
- buildrequires:
|
||||||
|
go-toolset: [rhel8]
|
||||||
|
golang-ecosystem: [1.0]
|
||||||
|
platform: [el8]
|
||||||
|
requires:
|
||||||
|
platform: [el8]
|
||||||
|
references:
|
||||||
|
community: https://github.com/projectatomic
|
||||||
|
documentation: https://projectatomic.io
|
||||||
|
tracker: https://github.com/projectatomic
|
||||||
|
profiles:
|
||||||
|
common:
|
||||||
|
rpms:
|
||||||
|
- buildah
|
||||||
|
- cockpit-podman
|
||||||
|
- conmon
|
||||||
|
- container-selinux
|
||||||
|
- containernetworking-plugins
|
||||||
|
- containers-common
|
||||||
|
- criu
|
||||||
|
- crun
|
||||||
|
- fuse-overlayfs
|
||||||
|
- libslirp
|
||||||
|
- podman
|
||||||
|
- python3-podman
|
||||||
|
- runc
|
||||||
|
- skopeo
|
||||||
|
- slirp4netns
|
||||||
|
- toolbox
|
||||||
|
- udica
|
||||||
|
api:
|
||||||
|
rpms:
|
||||||
|
- buildah
|
||||||
|
- conmon
|
||||||
|
- container-selinux
|
||||||
|
- containernetworking-plugins
|
||||||
|
- containers-common
|
||||||
|
- fuse-overlayfs
|
||||||
|
- libslirp
|
||||||
|
- podman
|
||||||
|
- podman-docker
|
||||||
|
- podman-manpages
|
||||||
|
- podman-remote
|
||||||
|
- python3-podman
|
||||||
|
- runc
|
||||||
|
- skopeo
|
||||||
|
- slirp4netns
|
||||||
|
buildopts:
|
||||||
|
rpms:
|
||||||
|
macros: |
|
||||||
|
%_with_ignore_tests 1
|
||||||
|
components:
|
||||||
|
rpms:
|
||||||
|
buildah:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
cockpit-podman:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
conmon:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
container-selinux:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
containernetworking-plugins:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
containers-common:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
criu:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
crun:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
fuse-overlayfs:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
libslirp:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
buildorder: -1
|
||||||
|
oci-seccomp-bpf-hook:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
podman:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
python-podman:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
runc:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
skopeo:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
slirp4netns:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
toolbox:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
udica:
|
||||||
|
rationale: Primary component of this module
|
||||||
|
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||||
|
...
|
@ -0,0 +1,8 @@
|
|||||||
|
# recipients: jnovy, santiago, lsm5
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate_modules
|
||||||
|
subject_type: redhat-module
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
|
@ -0,0 +1,12 @@
|
|||||||
|
---
|
||||||
|
# Sigh; RHEL8 doesn't have BATS
|
||||||
|
- name: bats | fetch and unpack tarball
|
||||||
|
unarchive:
|
||||||
|
src: https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
|
||||||
|
dest: /root
|
||||||
|
remote_src: true
|
||||||
|
|
||||||
|
- name: bats | install
|
||||||
|
command: ./install.sh /usr/local
|
||||||
|
args:
|
||||||
|
chdir: /root/bats-core-1.1.0
|
@ -0,0 +1,36 @@
|
|||||||
|
# standard role for fetching a package dist-git into the Ansible controller for running its tests
|
||||||
|
# variables:
|
||||||
|
# - package: dist-git source package name
|
||||||
|
# - modulemd: file name of module metadata description, for getting correct branch name
|
||||||
|
---
|
||||||
|
- name: Install git
|
||||||
|
dnf: name=git state=installed
|
||||||
|
|
||||||
|
- name: Clone package dist-git
|
||||||
|
git:
|
||||||
|
repo: git://pkgs.devel.redhat.com/rpms/{{ package }}
|
||||||
|
# read package branch from module md file
|
||||||
|
version: "{{ (lookup('file', modulemd) | from_yaml)['data']['components']['rpms'][package]['ref'] }}"
|
||||||
|
dest: "/tmp/packages/{{ package }}"
|
||||||
|
|
||||||
|
# fetch can only get a single file, so we have to do this in a loop
|
||||||
|
- name: Get package test file list
|
||||||
|
find:
|
||||||
|
paths: "/tmp/packages/{{ package }}/tests"
|
||||||
|
recurse: yes
|
||||||
|
register: test_files_to_fetch
|
||||||
|
|
||||||
|
- name: Copy package test files to controller
|
||||||
|
fetch:
|
||||||
|
src: "{{ item.path }}"
|
||||||
|
# strip off /tmp/ prefix
|
||||||
|
dest: "{{ playbook_dir }}/{{ item.path[5:] }}"
|
||||||
|
flat: yes
|
||||||
|
with_items: "{{ test_files_to_fetch.files }}"
|
||||||
|
|
||||||
|
- name: Copy package files
|
||||||
|
fetch:
|
||||||
|
src: "/tmp/packages/{{ package }}/{{ item }}"
|
||||||
|
dest: "{{ playbook_dir }}/packages/{{ package }}/"
|
||||||
|
flat: yes
|
||||||
|
with_items: ["{{ package }}.spec", "sources"]
|
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
- name: create nonroot user
|
||||||
|
user:
|
||||||
|
name: testuser
|
||||||
|
shell: /bin/bash
|
||||||
|
- name: enable linger
|
||||||
|
command: loginctl enable-linger testuser
|
@ -0,0 +1,38 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# setup and teardown helpers for buildah test
|
||||||
|
#
|
||||||
|
|
||||||
|
function setup() {
|
||||||
|
REGISTRY_FQIN=quay.io/libpod/registry:2
|
||||||
|
|
||||||
|
AUTHDIR=/tmp/buildah-tests-auth.$$
|
||||||
|
mkdir -p $AUTHDIR
|
||||||
|
|
||||||
|
CERT=$AUTHDIR/domain.crt
|
||||||
|
if [ ! -e $CERT ]; then
|
||||||
|
openssl req -newkey rsa:4096 -nodes -sha256 \
|
||||||
|
-keyout $AUTHDIR/domain.key -x509 -days 2 \
|
||||||
|
-out $AUTHDIR/domain.crt \
|
||||||
|
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
|
||||||
|
-addext subjectAltName=DNS:localhost
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e $AUTHDIR/htpasswd ]; then
|
||||||
|
htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd
|
||||||
|
fi
|
||||||
|
|
||||||
|
podman run -d -p 5000:5000 \
|
||||||
|
--name registry \
|
||||||
|
-v $AUTHDIR:/auth:Z \
|
||||||
|
-e "REGISTRY_AUTH=htpasswd" \
|
||||||
|
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||||
|
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
||||||
|
-e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
|
||||||
|
-e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
|
||||||
|
$REGISTRY_FQIN
|
||||||
|
}
|
||||||
|
|
||||||
|
function teardown() {
|
||||||
|
podman rm -f registry
|
||||||
|
}
|
@ -0,0 +1,103 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
|
||||||
|
#
|
||||||
|
# This is invoked by the 'run_bats_tests' role; we assume that
|
||||||
|
# the package foo has a foo-tests subpackage which provides the
|
||||||
|
# directory /usr/share/foo/test/system, containing one or more .bats
|
||||||
|
# test files.
|
||||||
|
#
|
||||||
|
|
||||||
|
export PATH=/usr/local/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
# Keep all logs in /tmp/artifacts - this seems to be an undocumented
|
||||||
|
# (and therefore dangerous and unreliable) convention of the Standard
|
||||||
|
# Test Roles package. As of 2020-05 we have to coexist with cockpit
|
||||||
|
# which uses standard-test-basic, which means we need to conform to
|
||||||
|
# its conventions.
|
||||||
|
# We rely on our parent playbook to create /tmp/artifacts and make it
|
||||||
|
# world-writable so nonroot tests can use it.
|
||||||
|
TEST_LOG_TXT=/tmp/artifacts/test.log
|
||||||
|
TEST_LOG_YML=/tmp/artifacts/results.yml
|
||||||
|
|
||||||
|
# "podman root" -> "podman-root"
|
||||||
|
testname_oneword=${TEST_NAME// /-}
|
||||||
|
|
||||||
|
FULL_LOG=/tmp/artifacts/test.${testname_oneword}.debug.log
|
||||||
|
BATS_LOG=/tmp/artifacts/test.${testname_oneword}.bats.log
|
||||||
|
rm -f $FULL_LOG $BATS_LOG
|
||||||
|
touch $FULL_LOG $BATS_LOG
|
||||||
|
|
||||||
|
exec &> $FULL_LOG
|
||||||
|
|
||||||
|
# Log program versions
|
||||||
|
echo "Packages:"
|
||||||
|
(
|
||||||
|
uname -r
|
||||||
|
rpm -qa |\
|
||||||
|
egrep 'buildah|conmon|container|crun|iptable|podman|runc|skopeo|slirp|systemd' |\
|
||||||
|
sort
|
||||||
|
) | sed -e 's/^/ /'
|
||||||
|
|
||||||
|
echo "------------------------------"
|
||||||
|
printenv | sort
|
||||||
|
|
||||||
|
testdir=/usr/share/${TEST_PACKAGE}/test/system
|
||||||
|
|
||||||
|
if ! cd $testdir; then
|
||||||
|
echo "FAIL ${TEST_NAME} : cd $testdir" >> $TEST_LOG_TXT
|
||||||
|
echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -e /tmp/helper.sh ]; then
|
||||||
|
echo "------------------------------"
|
||||||
|
echo ". /tmp/helper.sh"
|
||||||
|
. /tmp/helper.sh
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$(type -t setup)" = "function" ]; then
|
||||||
|
echo "------------------------------"
|
||||||
|
echo "\$ setup"
|
||||||
|
setup
|
||||||
|
if [ $? -ne 0 ]; then
|
||||||
|
echo "FAIL ${TEST_NAME} : setup" >> $TEST_LOG_TXT
|
||||||
|
echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "------------------------------"
|
||||||
|
echo "\$ bats ."
|
||||||
|
bats . &> $BATS_LOG
|
||||||
|
rc=$?
|
||||||
|
|
||||||
|
echo "------------------------------"
|
||||||
|
echo "bats completed with status $rc"
|
||||||
|
|
||||||
|
status=PASS
|
||||||
|
if [ $rc -ne 0 ]; then
|
||||||
|
status=FAIL
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "${status} ${TEST_NAME}" >> $TEST_LOG_TXT
|
||||||
|
|
||||||
|
# Append a stanza to results.yml
|
||||||
|
(
|
||||||
|
echo "- test: ${TEST_NAME}"
|
||||||
|
# pass/fail - the ',,' (comma comma) converts to lower-case
|
||||||
|
echo " result: ${status,,}"
|
||||||
|
echo " logs:"
|
||||||
|
echo " - $(basename $BATS_LOG)"
|
||||||
|
echo " - $(basename $FULL_LOG)"
|
||||||
|
) >> $TEST_LOG_YML
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$(type -t teardown)" = "function" ]; then
|
||||||
|
echo "------------------------------"
|
||||||
|
echo "\$ teardown"
|
||||||
|
teardown
|
||||||
|
fi
|
||||||
|
|
||||||
|
# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
|
||||||
|
exit 0
|
@ -0,0 +1,50 @@
|
|||||||
|
---
|
||||||
|
# Create a directory for artifacts on remote host
|
||||||
|
- name: create remote artifacts directory
|
||||||
|
file:
|
||||||
|
path: /tmp/artifacts
|
||||||
|
state: directory
|
||||||
|
mode: 0777
|
||||||
|
|
||||||
|
# Create empty results file, world-writable so rootless test can log to it
|
||||||
|
- name: initialize test.log file
|
||||||
|
copy: dest=/tmp/artifacts/test.log content='' force=yes mode=0666
|
||||||
|
|
||||||
|
# Same with results.yml file
|
||||||
|
- name: initialize results.yml file
|
||||||
|
copy: dest=/tmp/artifacts/results.yml content='results:\n' force=yes mode=0666
|
||||||
|
|
||||||
|
- name: execute tests
|
||||||
|
include: run_one_test.yml
|
||||||
|
with_items: "{{ tests }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: test
|
||||||
|
|
||||||
|
- name: pull test.log and results.yml
|
||||||
|
fetch:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: "{{ artifacts }}/"
|
||||||
|
flat: yes
|
||||||
|
with_items:
|
||||||
|
- /tmp/artifacts/test.log
|
||||||
|
- /tmp/artifacts/results.yml
|
||||||
|
|
||||||
|
# Copied from standard-test-basic
|
||||||
|
- name: check results
|
||||||
|
shell: grep "^FAIL" /tmp/artifacts/test.log
|
||||||
|
register: test_fails
|
||||||
|
# Never fail at this step. Just store result of tests.
|
||||||
|
failed_when: False
|
||||||
|
|
||||||
|
- name: preserve results
|
||||||
|
set_fact:
|
||||||
|
role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
|
||||||
|
role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
|
||||||
|
|
||||||
|
- name: display results
|
||||||
|
vars:
|
||||||
|
msg: |
|
||||||
|
Tests failed: {{ role_result_failed|d('Undefined') }}
|
||||||
|
Tests msg: {{ role_result_msg|d('None') }}
|
||||||
|
debug:
|
||||||
|
msg: "{{ msg.split('\n') }}"
|
@ -0,0 +1,52 @@
|
|||||||
|
---
|
||||||
|
- name: "{{ test.name }} | install test packages"
|
||||||
|
dnf: name="{{ test.package }}-tests" state=installed
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | define helper variables"
|
||||||
|
set_fact:
|
||||||
|
test_name_oneword: "{{ test.name | replace(' ','-') }}"
|
||||||
|
|
||||||
|
# UGH. This is necessary because our caller sets some environment variables
|
||||||
|
# and we need to set a few more based on other caller variables; then we
|
||||||
|
# need to combine the two dicts when running the test. This seems to be
|
||||||
|
# the only way to do it in ansible.
|
||||||
|
- name: "{{ test.name }} | define local environment"
|
||||||
|
set_fact:
|
||||||
|
local_environment:
|
||||||
|
TEST_NAME: "{{ test.name }}"
|
||||||
|
TEST_PACKAGE: "{{ test.package }}"
|
||||||
|
TEST_ENV: "{{ test.environment }}"
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | setup/teardown helper | see if exists"
|
||||||
|
local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
|
||||||
|
register: helper
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | setup/teardown helper | install"
|
||||||
|
copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
|
||||||
|
when: helper.stat.exists
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | run test"
|
||||||
|
script: ./run_bats_tests.sh
|
||||||
|
args:
|
||||||
|
chdir: /usr/share/{{ test.package }}/test/system
|
||||||
|
become: "{{ true if test.become is defined else false }}"
|
||||||
|
become_user: testuser
|
||||||
|
environment: "{{ local_environment | combine(test.environment) }}"
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | pull logs"
|
||||||
|
fetch:
|
||||||
|
src: "/tmp/artifacts/test.{{ test_name_oneword }}.{{ item }}.log"
|
||||||
|
dest: "{{ artifacts }}/"
|
||||||
|
flat: yes
|
||||||
|
with_items:
|
||||||
|
- bats
|
||||||
|
- debug
|
||||||
|
|
||||||
|
- name: "{{ test.name }} | remove remote logs and helpers"
|
||||||
|
file:
|
||||||
|
dest=/tmp/{{ item }}
|
||||||
|
state=absent
|
||||||
|
with_items:
|
||||||
|
- artifacts/test.{{ test_name_oneword }}.bats.log
|
||||||
|
- artifacts/test.{{ test_name_oneword }}.debug.log
|
||||||
|
- helper.sh
|
@ -0,0 +1,48 @@
|
|||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
tags: classic
|
||||||
|
vars:
|
||||||
|
- artifacts: ./artifacts
|
||||||
|
roles:
|
||||||
|
- role: bats_installed
|
||||||
|
- role: nonroot_user
|
||||||
|
- role: run_bats_tests
|
||||||
|
tests:
|
||||||
|
- name: podman root
|
||||||
|
package: podman
|
||||||
|
environment:
|
||||||
|
PODMAN: /usr/bin/podman
|
||||||
|
|
||||||
|
- name: podman nonroot
|
||||||
|
package: podman
|
||||||
|
environment:
|
||||||
|
PODMAN: /usr/bin/podman
|
||||||
|
become: true
|
||||||
|
|
||||||
|
#- name: podman-remote root
|
||||||
|
#package: podman
|
||||||
|
#environment:
|
||||||
|
# PODMAN: /usr/bin/podman-remote
|
||||||
|
|
||||||
|
- name: buildah root
|
||||||
|
package: buildah
|
||||||
|
environment:
|
||||||
|
BUILDAH_BINARY: /usr/bin/buildah
|
||||||
|
IMGTYPE_BINARY: /usr/bin/buildah-imgtype
|
||||||
|
COPY_BINARY: /usr/bin/buildah-copy
|
||||||
|
|
||||||
|
- name: skopeo root
|
||||||
|
package: skopeo
|
||||||
|
environment:
|
||||||
|
SKOPEO_BINARY: /usr/bin/skopeo
|
||||||
|
|
||||||
|
# cockpit-podman
|
||||||
|
- role: fetch_pkg
|
||||||
|
package: cockpit-podman
|
||||||
|
modulemd: ../container-tools.yaml
|
||||||
|
tasks:
|
||||||
|
- include_role:
|
||||||
|
name: ./packages/cockpit-podman/tests/roles/test
|
||||||
|
vars:
|
||||||
|
pkgdir: ./packages/cockpit-podman/
|
||||||
|
test_script_dir: tests
|
Loading…
Reference in new issue