-
Notifications
You must be signed in to change notification settings - Fork 765
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cirrus: Install docker from package cache #3292
Cirrus: Install docker from package cache #3292
Conversation
92cfa3a
to
44110dd
Compare
fc811e0
to
f68037a
Compare
Uh oh, I think I broke it. @edsantiago every platform (a guess - I only looked at two or three) is failing this |
f68037a
to
96cfc9b
Compare
Sorry, I took a quick look at this last week but decided it was nothing I could have an opinion on. Diving into it now, this is almost certainly a problem with the new VM update. I can reproduce this on my laptop, with buildah@master. My laptop updated runc 1.0.0-377.rc93 -> -378.rc95 on 2021-05-29. My uneducated guess is that the test developer chose a string ("nsexec started") that looked reliable, but is actually not; and runc changed so that it no longer spits out that string; and someone will have to fix the buildah test. |
@edsantiago thanks for taking a look, that helps. I haven't looked at the test recently...anything you can think of so the test doesn't need to rely on (perhaps frequently changing) debug-level messages? If not, I'll try fixing the test with the message you suggest and see what happens. |
I would bring in a runc expert, because I have no idea what guarantees runc makes or does not make about its debug messages; or what problems we (buildah gating tests) will run into if the new test runs with an old runc (e.g. on RHEL). My naïve first reaction is to simply search for the presence of |
@giuseppe what's your opinion (see test failure due to new runc). Can I update the test to just check for |
96cfc9b
to
828bdac
Compare
828bdac
to
f38ec6e
Compare
LGTM |
Looks like seccomp again:
|
f38ec6e
to
655a4e5
Compare
sigh, yep and rebasing didn't help (was worth a try).
|
Opened test PR in podman to see if these several-days newer images reproduce similar failures containers/podman#10709 |
Yay, a result! This problem is reproducing in podman testing on Ubuntu 20.10 (CGv1 + runc): https://cirrus-ci.com/task/6152440987779072?logs=main#L272 |
655a4e5
to
71badfe
Compare
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cevich The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Installing packages at runtime (from an external source) is problematic for many reasons. Specifically in the case of buildah/docker conformance testing, it means the current "latest" pacakges are always installed. This is a problem as new release branches are created, because it presents an opportunity for test-environment changes to happen after buildah/test code is stabilized. Fix this by using new/special VM images which cache the required docker packages. At runtime then, the required packages may be installed from this cache instead of reaching out to the repository. Since images used by tests on release branches never change, this will also serve to stabilize the package versions for that specific environment. Signed-off-by: Chris Evich <cevich@redhat.com>
This test was observed failing in upstream CI on all platforms due to the contents of debug messages changing after updating runc. Since the system tests need to function on multiple platforms with inconsistent runc versions (depending on testing context), match a more general output message on success. Specifically, the test really only cares that debugging output appears and that runc is always used. Signed-off-by: Chris Evich <cevich@redhat.com>
71badfe
to
df84d01
Compare
Okay assuming tests pass, this should be ready to go. Though the real fruits will only appear over time in new release branches, it might only have a minor improvement to stability on 'main'. Once this merges, I will investigate possibility of doing something similar for already released branches (possible in theory, practice is another matter). |
/lgtm |
What type of PR is this?
/kind flake
What this PR does / why we need it:
Installing packages at runtime (from an external source) is problematic
for many reasons. Specifically in the case of buildah/docker
conformance testing, it means the current "latest" pacakges are
always installed. This is a problem as new release branches are
created, because it presents an opportunity for test-environment changes
to happen after buildah/test code is stabilized.
Fix this by using new/special VM images which cache the required docker
packages. At runtime then, the required packages may be installed from
this cache instead of reaching out to the repository. Since images used
by tests on release branches never change, this will also serve to
stabilize the package versions for that specific environment.
How to verify it
The automated 'conformance' testing will pass in this PR
Which issue(s) this PR fixes:
None
Special notes for your reviewer:
Ref: containers/automation_images#75
Does this PR introduce a user-facing change?
None