commit
2ce6c2e9df
@ -0,0 +1,2 @@
|
||||
artifacts
|
||||
tests/packages
|
@ -0,0 +1,131 @@
|
||||
---
|
||||
document: modulemd
|
||||
version: 2
|
||||
data:
|
||||
name: container-tools
|
||||
stream: 4.0
|
||||
summary: >-
|
||||
Stable versions of podman 4.0, buildah 1.24, skopeo 1.6, runc, conmon, CRIU,
|
||||
Udica, etc as well as dependencies such as container-selinux built and tested
|
||||
together, and supported as documented on the Application Stream lifecycle page.
|
||||
description: >-
|
||||
Stable versions of podman 4.0, buildah 1.24, skopeo 1.6, runc, conmon, CRIU,
|
||||
Udica, etc as well as dependencies such as container-selinux built and tested
|
||||
together. Released with RHEL 8.6 and supported for 24 months. During the
|
||||
support lifecycle, back ports of important, critical vulnerabilities (CVEs,
|
||||
RHSAs) and bug fixes (RHBAs) are provided to this stream, and versions do not
|
||||
move forward. For more information see:
|
||||
https://access.redhat.com/support/policy/updates/containertools
|
||||
license:
|
||||
module:
|
||||
- MIT
|
||||
dependencies:
|
||||
- buildrequires:
|
||||
go-toolset: [rhel8]
|
||||
golang-ecosystem: [1.0]
|
||||
platform: [el8]
|
||||
requires:
|
||||
platform: [el8]
|
||||
references:
|
||||
community: https://github.com/projectatomic
|
||||
documentation: https://projectatomic.io
|
||||
tracker: https://github.com/projectatomic
|
||||
profiles:
|
||||
common:
|
||||
rpms:
|
||||
- buildah
|
||||
- cockpit-podman
|
||||
- conmon
|
||||
- container-selinux
|
||||
- containernetworking-plugins
|
||||
- containers-common
|
||||
- criu
|
||||
- crun
|
||||
- fuse-overlayfs
|
||||
- libslirp
|
||||
- podman
|
||||
- python3-podman
|
||||
- runc
|
||||
- skopeo
|
||||
- slirp4netns
|
||||
- toolbox
|
||||
- udica
|
||||
api:
|
||||
rpms:
|
||||
- buildah
|
||||
- conmon
|
||||
- container-selinux
|
||||
- containernetworking-plugins
|
||||
- containers-common
|
||||
- fuse-overlayfs
|
||||
- libslirp
|
||||
- podman
|
||||
- podman-docker
|
||||
- podman-manpages
|
||||
- podman-remote
|
||||
- python3-podman
|
||||
- runc
|
||||
- skopeo
|
||||
- slirp4netns
|
||||
buildopts:
|
||||
rpms:
|
||||
macros: |
|
||||
%_with_ignore_tests 1
|
||||
components:
|
||||
rpms:
|
||||
buildah:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
cockpit-podman:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
conmon:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
container-selinux:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
containernetworking-plugins:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
containers-common:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
criu:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
crun:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
fuse-overlayfs:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
libslirp:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
buildorder: -1
|
||||
oci-seccomp-bpf-hook:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
podman:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
python-podman:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
runc:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
skopeo:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
slirp4netns:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
toolbox:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
udica:
|
||||
rationale: Primary component of this module
|
||||
ref: stream-container-tools-4.0-rhel-8.8.0
|
||||
...
|
@ -0,0 +1,8 @@
|
||||
# recipients: jnovy, santiago, lsm5
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-8
|
||||
decision_context: osci_compose_gate_modules
|
||||
subject_type: redhat-module
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: baseos-ci.redhat-module.tier0.functional}
|
@ -0,0 +1,12 @@
|
||||
---
|
||||
# Sigh; RHEL8 doesn't have BATS
|
||||
- name: bats | fetch and unpack tarball
|
||||
unarchive:
|
||||
src: https://github.com/bats-core/bats-core/archive/v1.1.0.tar.gz
|
||||
dest: /root
|
||||
remote_src: true
|
||||
|
||||
- name: bats | install
|
||||
command: ./install.sh /usr/local
|
||||
args:
|
||||
chdir: /root/bats-core-1.1.0
|
@ -0,0 +1,36 @@
|
||||
# standard role for fetching a package dist-git into the Ansible controller for running its tests
|
||||
# variables:
|
||||
# - package: dist-git source package name
|
||||
# - modulemd: file name of module metadata description, for getting correct branch name
|
||||
---
|
||||
- name: Install git
|
||||
dnf: name=git state=installed
|
||||
|
||||
- name: Clone package dist-git
|
||||
git:
|
||||
repo: git://pkgs.devel.redhat.com/rpms/{{ package }}
|
||||
# read package branch from module md file
|
||||
version: "{{ (lookup('file', modulemd) | from_yaml)['data']['components']['rpms'][package]['ref'] }}"
|
||||
dest: "/tmp/packages/{{ package }}"
|
||||
|
||||
# fetch can only get a single file, so we have to do this in a loop
|
||||
- name: Get package test file list
|
||||
find:
|
||||
paths: "/tmp/packages/{{ package }}/tests"
|
||||
recurse: yes
|
||||
register: test_files_to_fetch
|
||||
|
||||
- name: Copy package test files to controller
|
||||
fetch:
|
||||
src: "{{ item.path }}"
|
||||
# strip off /tmp/ prefix
|
||||
dest: "{{ playbook_dir }}/{{ item.path[5:] }}"
|
||||
flat: yes
|
||||
with_items: "{{ test_files_to_fetch.files }}"
|
||||
|
||||
- name: Copy package files
|
||||
fetch:
|
||||
src: "/tmp/packages/{{ package }}/{{ item }}"
|
||||
dest: "{{ playbook_dir }}/packages/{{ package }}/"
|
||||
flat: yes
|
||||
with_items: ["{{ package }}.spec", "sources"]
|
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: create nonroot user
|
||||
user:
|
||||
name: testuser
|
||||
shell: /bin/bash
|
||||
- name: enable linger
|
||||
command: loginctl enable-linger testuser
|
@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# setup and teardown helpers for buildah test
|
||||
#
|
||||
|
||||
function setup() {
|
||||
REGISTRY_FQIN=quay.io/libpod/registry:2
|
||||
|
||||
AUTHDIR=/tmp/buildah-tests-auth.$$
|
||||
mkdir -p $AUTHDIR
|
||||
|
||||
CERT=$AUTHDIR/domain.crt
|
||||
if [ ! -e $CERT ]; then
|
||||
openssl req -newkey rsa:4096 -nodes -sha256 \
|
||||
-keyout $AUTHDIR/domain.key -x509 -days 2 \
|
||||
-out $AUTHDIR/domain.crt \
|
||||
-subj "/C=US/ST=Foo/L=Bar/O=Red Hat, Inc./CN=registry host certificate" \
|
||||
-addext subjectAltName=DNS:localhost
|
||||
fi
|
||||
|
||||
if [ ! -e $AUTHDIR/htpasswd ]; then
|
||||
htpasswd -Bbn testuser testpassword > $AUTHDIR/htpasswd
|
||||
fi
|
||||
|
||||
podman run -d -p 5000:5000 \
|
||||
--name registry \
|
||||
-v $AUTHDIR:/auth:Z \
|
||||
-e "REGISTRY_AUTH=htpasswd" \
|
||||
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
|
||||
-e REGISTRY_HTTP_TLS_CERTIFICATE=/auth/domain.crt \
|
||||
-e REGISTRY_HTTP_TLS_KEY=/auth/domain.key \
|
||||
$REGISTRY_FQIN
|
||||
}
|
||||
|
||||
function teardown() {
|
||||
podman rm -f registry
|
||||
}
|
@ -0,0 +1,103 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Run bats tests for a given $TEST_PACKAGE, e.g. buildah, podman
|
||||
#
|
||||
# This is invoked by the 'run_bats_tests' role; we assume that
|
||||
# the package foo has a foo-tests subpackage which provides the
|
||||
# directory /usr/share/foo/test/system, containing one or more .bats
|
||||
# test files.
|
||||
#
|
||||
|
||||
export PATH=/usr/local/bin:/usr/sbin:/usr/bin
|
||||
|
||||
# Keep all logs in /tmp/artifacts - this seems to be an undocumented
|
||||
# (and therefore dangerous and unreliable) convention of the Standard
|
||||
# Test Roles package. As of 2020-05 we have to coexist with cockpit
|
||||
# which uses standard-test-basic, which means we need to conform to
|
||||
# its conventions.
|
||||
# We rely on our parent playbook to create /tmp/artifacts and make it
|
||||
# world-writable so nonroot tests can use it.
|
||||
TEST_LOG_TXT=/tmp/artifacts/test.log
|
||||
TEST_LOG_YML=/tmp/artifacts/results.yml
|
||||
|
||||
# "podman root" -> "podman-root"
|
||||
testname_oneword=${TEST_NAME// /-}
|
||||
|
||||
FULL_LOG=/tmp/artifacts/test.${testname_oneword}.debug.log
|
||||
BATS_LOG=/tmp/artifacts/test.${testname_oneword}.bats.log
|
||||
rm -f $FULL_LOG $BATS_LOG
|
||||
touch $FULL_LOG $BATS_LOG
|
||||
|
||||
exec &> $FULL_LOG
|
||||
|
||||
# Log program versions
|
||||
echo "Packages:"
|
||||
(
|
||||
uname -r
|
||||
rpm -qa |\
|
||||
egrep 'buildah|conmon|container|crun|iptable|podman|runc|skopeo|slirp|systemd' |\
|
||||
sort
|
||||
) | sed -e 's/^/ /'
|
||||
|
||||
echo "------------------------------"
|
||||
printenv | sort
|
||||
|
||||
testdir=/usr/share/${TEST_PACKAGE}/test/system
|
||||
|
||||
if ! cd $testdir; then
|
||||
echo "FAIL ${TEST_NAME} : cd $testdir" >> $TEST_LOG_TXT
|
||||
echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -e /tmp/helper.sh ]; then
|
||||
echo "------------------------------"
|
||||
echo ". /tmp/helper.sh"
|
||||
. /tmp/helper.sh
|
||||
fi
|
||||
|
||||
if [ "$(type -t setup)" = "function" ]; then
|
||||
echo "------------------------------"
|
||||
echo "\$ setup"
|
||||
setup
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "FAIL ${TEST_NAME} : setup" >> $TEST_LOG_TXT
|
||||
echo "- { test: '${TEST_NAME}', result: error, logs: [ $(basename $FULL_LOG) ] }" >> $TEST_LOG_YML
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "------------------------------"
|
||||
echo "\$ bats ."
|
||||
bats . &> $BATS_LOG
|
||||
rc=$?
|
||||
|
||||
echo "------------------------------"
|
||||
echo "bats completed with status $rc"
|
||||
|
||||
status=PASS
|
||||
if [ $rc -ne 0 ]; then
|
||||
status=FAIL
|
||||
fi
|
||||
|
||||
echo "${status} ${TEST_NAME}" >> $TEST_LOG_TXT
|
||||
|
||||
# Append a stanza to results.yml
|
||||
(
|
||||
echo "- test: ${TEST_NAME}"
|
||||
# pass/fail - the ',,' (comma comma) converts to lower-case
|
||||
echo " result: ${status,,}"
|
||||
echo " logs:"
|
||||
echo " - $(basename $BATS_LOG)"
|
||||
echo " - $(basename $FULL_LOG)"
|
||||
) >> $TEST_LOG_YML
|
||||
|
||||
|
||||
if [ "$(type -t teardown)" = "function" ]; then
|
||||
echo "------------------------------"
|
||||
echo "\$ teardown"
|
||||
teardown
|
||||
fi
|
||||
|
||||
# FIXME: for CI purposes, always exit 0. This allows subsequent tests.
|
||||
exit 0
|
@ -0,0 +1,50 @@
|
||||
---
|
||||
# Create a directory for artifacts on remote host
|
||||
- name: create remote artifacts directory
|
||||
file:
|
||||
path: /tmp/artifacts
|
||||
state: directory
|
||||
mode: 0777
|
||||
|
||||
# Create empty results file, world-writable so rootless test can log to it
|
||||
- name: initialize test.log file
|
||||
copy: dest=/tmp/artifacts/test.log content='' force=yes mode=0666
|
||||
|
||||
# Same with results.yml file
|
||||
- name: initialize results.yml file
|
||||
copy: dest=/tmp/artifacts/results.yml content='results:\n' force=yes mode=0666
|
||||
|
||||
- name: execute tests
|
||||
include: run_one_test.yml
|
||||
with_items: "{{ tests }}"
|
||||
loop_control:
|
||||
loop_var: test
|
||||
|
||||
- name: pull test.log and results.yml
|
||||
fetch:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ artifacts }}/"
|
||||
flat: yes
|
||||
with_items:
|
||||
- /tmp/artifacts/test.log
|
||||
- /tmp/artifacts/results.yml
|
||||
|
||||
# Copied from standard-test-basic
|
||||
- name: check results
|
||||
shell: grep "^FAIL" /tmp/artifacts/test.log
|
||||
register: test_fails
|
||||
# Never fail at this step. Just store result of tests.
|
||||
failed_when: False
|
||||
|
||||
- name: preserve results
|
||||
set_fact:
|
||||
role_result_failed: "{{ (test_fails.stdout|d|length > 0) or (test_fails.stderr|d|length > 0) }}"
|
||||
role_result_msg: "{{ test_fails.stdout|d('tests failed.') }}"
|
||||
|
||||
- name: display results
|
||||
vars:
|
||||
msg: |
|
||||
Tests failed: {{ role_result_failed|d('Undefined') }}
|
||||
Tests msg: {{ role_result_msg|d('None') }}
|
||||
debug:
|
||||
msg: "{{ msg.split('\n') }}"
|
@ -0,0 +1,52 @@
|
||||
---
|
||||
- name: "{{ test.name }} | install test packages"
|
||||
dnf: name="{{ test.package }}-tests" state=installed
|
||||
|
||||
- name: "{{ test.name }} | define helper variables"
|
||||
set_fact:
|
||||
test_name_oneword: "{{ test.name | replace(' ','-') }}"
|
||||
|
||||
# UGH. This is necessary because our caller sets some environment variables
|
||||
# and we need to set a few more based on other caller variables; then we
|
||||
# need to combine the two dicts when running the test. This seems to be
|
||||
# the only way to do it in ansible.
|
||||
- name: "{{ test.name }} | define local environment"
|
||||
set_fact:
|
||||
local_environment:
|
||||
TEST_NAME: "{{ test.name }}"
|
||||
TEST_PACKAGE: "{{ test.package }}"
|
||||
TEST_ENV: "{{ test.environment }}"
|
||||
|
||||
- name: "{{ test.name }} | setup/teardown helper | see if exists"
|
||||
local_action: stat path={{ role_path }}/files/helper.{{ test_name_oneword }}.sh
|
||||
register: helper
|
||||
|
||||
- name: "{{ test.name }} | setup/teardown helper | install"
|
||||
copy: src=helper.{{ test_name_oneword }}.sh dest=/tmp/helper.sh
|
||||
when: helper.stat.exists
|
||||
|
||||
- name: "{{ test.name }} | run test"
|
||||
script: ./run_bats_tests.sh
|
||||
args:
|
||||
chdir: /usr/share/{{ test.package }}/test/system
|
||||
become: "{{ true if test.become is defined else false }}"
|
||||
become_user: testuser
|
||||
environment: "{{ local_environment | combine(test.environment) }}"
|
||||
|
||||
- name: "{{ test.name }} | pull logs"
|
||||
fetch:
|
||||
src: "/tmp/artifacts/test.{{ test_name_oneword }}.{{ item }}.log"
|
||||
dest: "{{ artifacts }}/"
|
||||
flat: yes
|
||||
with_items:
|
||||
- bats
|
||||
- debug
|
||||
|
||||
- name: "{{ test.name }} | remove remote logs and helpers"
|
||||
file:
|
||||
dest=/tmp/{{ item }}
|
||||
state=absent
|
||||
with_items:
|
||||
- artifacts/test.{{ test_name_oneword }}.bats.log
|
||||
- artifacts/test.{{ test_name_oneword }}.debug.log
|
||||
- helper.sh
|
@ -0,0 +1,48 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
tags: classic
|
||||
vars:
|
||||
- artifacts: ./artifacts
|
||||
roles:
|
||||
- role: bats_installed
|
||||
- role: nonroot_user
|
||||
- role: run_bats_tests
|
||||
tests:
|
||||
- name: podman root
|
||||
package: podman
|
||||
environment:
|
||||
PODMAN: /usr/bin/podman
|
||||
|
||||
- name: podman nonroot
|
||||
package: podman
|
||||
environment:
|
||||
PODMAN: /usr/bin/podman
|
||||
become: true
|
||||
|
||||
#- name: podman-remote root
|
||||
#package: podman
|
||||
#environment:
|
||||
# PODMAN: /usr/bin/podman-remote
|
||||
|
||||
- name: buildah root
|
||||
package: buildah
|
||||
environment:
|
||||
BUILDAH_BINARY: /usr/bin/buildah
|
||||
IMGTYPE_BINARY: /usr/bin/buildah-imgtype
|
||||
COPY_BINARY: /usr/bin/buildah-copy
|
||||
|
||||
- name: skopeo root
|
||||
package: skopeo
|
||||
environment:
|
||||
SKOPEO_BINARY: /usr/bin/skopeo
|
||||
|
||||
# cockpit-podman
|
||||
- role: fetch_pkg
|
||||
package: cockpit-podman
|
||||
modulemd: ../container-tools.yaml
|
||||
tasks:
|
||||
- include_role:
|
||||
name: ./packages/cockpit-podman/tests/roles/test
|
||||
vars:
|
||||
pkgdir: ./packages/cockpit-podman/
|
||||
test_script_dir: tests
|
Loading…
Reference in new issue