ci: Rework installed tests to use Fedora Standard Test interface #1462
Conversation
|
Cool! Though we don't have |
For reasons I haven't dug in too much, `oci-kvm-hook` doesn't work on F25 (though it does on F27). Howver, the nodes are currently stuck at F25 because of severe issues with `docker cp` in newer version (rhbz#1489505). So let's just explicitly pass /dev/kvm into the container, which is all `oci-kvm-hook` is trying to do anyway. I've verified this works. This will unblock ostreedev/ostree#1462.
For reasons I can't quite figure out, `oci-kvm-hook` doesn't work on F25 (though it does on F27). The nodes are currently stuck at F25 because of severe issues with `docker cp` in newer version (rhbz#1489505). So let's just explicitly pass /dev/kvm into the container, which is all `oci-kvm-hook` is trying to do anyway. I've verified this works. This will unblock ostreedev/ostree#1462.
For reasons I can't quite figure out, `oci-kvm-hook` doesn't work on F25 (though it does on F27). The nodes are currently stuck at F25 because of severe issues with `docker cp` in newer version (rhbz#1489505). So let's just explicitly pass /dev/kvm into the container, which is all `oci-kvm-hook` is trying to do anyway. I've verified this works. This will unblock ostreedev/ostree#1462. Closes: #88 Approved by: cgwalters
For reasons I can't quite figure out, `oci-kvm-hook` doesn't work on F25 (though it does on F27). The nodes are currently stuck at F25 because of severe issues with `docker cp` in newer version (rhbz#1489505). So let's just explicitly pass /dev/kvm into the container, which is all `oci-kvm-hook` is trying to do anyway. I've verified this works. This will unblock ostreedev/ostree#1462. Closes: #88 Approved by: cgwalters
|
bot, retest this please |
cgwalters
force-pushed
the
fedora-standard-test-roles
branch
4 times, most recently
from
3bbe908 to
93ed117
Compare
|
bot, retest this please |
cgwalters
force-pushed
the
fedora-standard-test-roles
branch
2 times, most recently
from
204a8e3 to
892ba0c
Compare
|
bot, retest this please |
Damn it Python... |
|
Using Professional Software Engineering skill |
|
Hmm, right I can reproduce this locally: If I pass So it seems likely to be related to PAPR not allocating a tty. |
|
Explicitly passing Hmm, I wonder if |
|
The |
|
OK so...let me briefly outline my plans here. High level goals;
In general, let's try to follow the Cockpit path on this. One of the Taking this first step, along with the "dedup CI" path means I am inclined to An interesting question here is to what degree it makes sense to have PAPR itself Anyways, short term goal is step |
|
@jlebon ^ |
|
I'm mostly in agreement with the above, including rolling with a copy-paste lib for now. (Actually, we could have the lib stored in the PAPR container and just scp all environments with a copy of it).
This is something that PAPR will have to learn if we want to migrate to OCP. It also takes us a step closer to integrating the Fedora STI directly in PAPR. (Basically, PAPR takes on the role of resource provisioner, or testing system).
One thing to note is that right now all container workloads are performed directly on the executor nodes. And we don't do any form of scheduling other than relying on Jenkins' built-in queue based on executor slots. Before we go all in on the VM-in-container approach, we need better scheduling, which I think would make more sense to tackle until after we move to OCP? For the time being, I would suggest provisioning a In the meantime, I'd like to pursue the developments going on in PACI to set up the full infra in OCP. Once we're to a point where we can run container workloads as pods there, we can iterate over integrating support for containerized VMs. |
cgwalters
force-pushed
the
fedora-standard-test-roles
branch
3 times, most recently
from
17534c4 to
d203248
Compare
cgwalters
force-pushed
the
fedora-standard-test-roles
branch
from
80f37cc to
3759fce
Compare
Reusing the way `standard-test-roles` has support for booting a qcow2 actually gets us to the "VM-in-container" flow. Plus Ansible over shell script is sometimes nicer. https://fedoraproject.org/wiki/CI/Tests#Testing_an_Atomic_Host It's better than what we were doing before for installed tests, and moreover using Ansible more broadly for testing is going to align us better with Fedora's CI. As part of this I split off a "libpaprci" which I intend to maintain as a "copylib" for a little bit between ostree/rpm-ostree, and then we'll figure out how to expand from there (maybe some of the patterns get "baked in" to PAPR for example). Note the `FAH27-insttests` context moves to the top since it's now of primary importance, and I expect that we start expanding it.
cgwalters
force-pushed
the
fedora-standard-test-roles
branch
from
ef79ba7 to
e7dcd7e
Compare
cgwalters
changed the title
|
Lifting WIP on this. |
|
@miabbott would you mind looking at this too? |
| - find: | ||
| paths: /root/tests/installed/ | ||
| patterns: "itest-*.sh" | ||
| register: installed_tests |
There was a problem hiding this comment.
This registered variable is never used.
tests/fedora-str/overlay-git.yml
Outdated
| remote_user: root | ||
| tasks: | ||
| # Install the built RPM to the VM | ||
| - command: git rev-parse HEAD |
There was a problem hiding this comment.
nit: Since lines 29-36 are commented out, you could also remove this use of git
tests/fedora-str/overlay-git.yml
Outdated
| changed_when: False | ||
| register: ostree_version | ||
| - set_fact: | ||
| ostree_version_yaml: "{{ ostree_version.stdout | from_yaml }}" |
There was a problem hiding this comment.
Similar to above nit, you could comment out/remove lines 23-27
ci/build-rpm.sh
Outdated
| @@ -0,0 +1,46 @@ | |||
| #!/usr/bin/bash | |||
| # Install build dependencies, run unit tests and installed tests. | |||
There was a problem hiding this comment.
Minor: this looks like the wrong description, right?
| pkg_install make /usr/bin/rpmbuild git | ||
| fi | ||
|
|
||
| # PAPR really should do this |
There was a problem hiding this comment.
Oh, good catch! Filed: projectatomic/papr#90.
ci/build-rpm.sh
Outdated
| esac | ||
| fi | ||
| case "${CONFIGOPTS:-}" in | ||
| *--with-curl*|--with-soup*) |
There was a problem hiding this comment.
This looks like it's missing a * after the |.
| OS_VERSION_ID=$(. /etc/os-release; echo $VERSION_ID) | ||
|
|
||
| pkg_upgrade() { | ||
| # https://bugzilla.redhat.com/show_bug.cgi?id=1483553 |
There was a problem hiding this comment.
Optional/not new: we should be able to drop this by now.
ci/libpaprci/libbuild.sh
Outdated
|
|
||
| build() { | ||
| env NOCONFIGURE=1 ./autogen.sh | ||
| ./configure --prefix=/usr --libdir=/usr/lib64 "$@" |
There was a problem hiding this comment.
Optional/not new: ahh, I forgot to upstream the --sysconfdir=/etc fix here!
tests/fedora-str/overlay-git.yml
Outdated
| /usr/bin/rpm -Fvh /root/x86_64/*.rpm && \ | ||
| cd / && rpm2cpio /root/x86_64/ostree-tests-2*.rpm | cpio -div | ||
| changed_when: False | ||
| - shell: /usr/bin/rpm -Fvh /root/x86_64/*.rpm |
There was a problem hiding this comment.
We just did this in the previous task, right?
tests/fedora-str/overlay-git.yml
Outdated
| register: ostree_version | ||
| - set_fact: | ||
| ostree_version_yaml: "{{ ostree_version.stdout | from_yaml }}" | ||
| # FIXME: make this work when building RPMs too |
There was a problem hiding this comment.
Hmm, how about just checking that the version before and after the RPM install are not the same?
| patterns: "itest-*.sh" | ||
| register: installed_tests | ||
| - name: Run sysinstalled tests | ||
| shell: /root/tests/installed/run.sh &> /root/installed-tests.log |
There was a problem hiding this comment.
This is OK, though things will get tricky when we want to e.g. have tests that reboot/modify the VM. It could be interesting to have a hybrid approach of this and rpm-ostree's libvm where tests can seamlessly use the ansible infra for running code remotely, rebooting, pushing/fetching files, etc... Or do you already have an idea in mind on how to approach this?
There was a problem hiding this comment.
Right, I think the next step is to change some of the installed tests to be playbooks.
|
|
||
| srpm: dist-snapshot | ||
| if test -f "$(SPEC)"; then \ | ||
| sed -e "s,^Version:.*,Version: $(GITREV_FOR_PKG)," $(SPEC) > $(DISTGIT_NAME).spec && \ |
There was a problem hiding this comment.
So, does this not work for some reason? (Judging by the comment in overlay-git.yaml).
There was a problem hiding this comment.
It works, I was just trying to proactively prevent any "not testing what was built" type issues like we've had once or twice. Basically I was thinking the very first test should be checking the binary's built version in some way. Which we now have.
tests/fedora-str/overlay-git.yml
Outdated
| connection: local | ||
| - name: Copy locally built RPMs | ||
| synchronize: src=x86_64/ dest=/root/x86_64/ archive=yes | ||
| - shell: ostree admin unlock || true |
There was a problem hiding this comment.
I'm not a big fan of using admin unlock for this, given that it's not how it's actually run on client systems. It also limits what tests can do (e.g. testing admin unlock itself, or rebooting). Have you considered building our own tree like in rpm-ostree?
Actually, it should work to just rpm-ostree override replace the RPMs, reset the ref and change the origin back to use refspec, right?
There was a problem hiding this comment.
Mmm. I use admin unlock a lot for testing personally where I really explicitly don't want things to persist. We'll clearly need vmcheck and override replace to be used as well though.
(I'd be cool down the line to have override override replace --transient or something which would be like more like replace + "livefs-on-overlay" but still underneath the ro mount).
There was a problem hiding this comment.
Since the previous installed tests code in fah-prep.sh (now deleted) also used admin unlock i'd vote we keep it for now - and build upon this first step by e.g. copying the a-h-t reboot playbook and using it, etc.
|
Fixup for all comments ⬆️ |
|
The PR tester failed with: But it worked earlier, so probably a flake? Anyway, let's try this out! 🎉 |
This adds a shell primitive to make it easy to execute a playbook task list. The big picture idea is to sync with ostreedev/ostree#1462 and rewrite some of the libvm shell stuff as playbooks, allowing easier code sharing with a-h-t and just in general being a better library for talking ssh and executing commnads.
|
☀️ Test successful - status-atomicjenkins |
This adds a shell primitive to make it easy to execute a playbook task list. The big picture idea is to sync with ostreedev/ostree#1462 and rewrite some of the libvm shell stuff as playbooks, allowing easier code sharing with a-h-t and just in general being a better library for talking ssh and executing commnads. Closes: #1297 Approved by: jlebon
|
This was reverted in #1783 |
Reusing the way
standard-test-roleshas support for bootinga qcow2 actually gets us to the "VM-in-container" flow. Plus
Ansible over shell script is sometimes nicer.
https://fedoraproject.org/wiki/CI/Tests#Testing_an_Atomic_Host
This is just an experiment to see if this works; right now we aren't
even injecting the built ostree into the VM, or doing any interesting tests.
One thing that I'm sure we're going to hit is a need to cache the qcow2 in the
CI environment.