2020-02-08 16:58:36 +01:00
#!/bin/bash
2021-12-03 17:13:27 +00:00
# This script is used to run vagrant based tests on Cirrus CI.
# This script is started via .cirrus.yml
2020-02-08 16:58:36 +01:00
set -e
set -x
2024-06-09 18:25:28 +02:00
VAGRANT_VERSION = 2.4.1
FEDORA_VERSION = 40
FEDORA_BOX_VERSION = 40.20240414.0
2020-02-08 16:58:36 +01:00
setup( ) {
2020-11-05 06:47:52 +00:00
if [ -n " $TRAVIS " ] ; then
# Load the kvm modules for vagrant to use qemu
modprobe kvm kvm_intel
fi
2020-02-08 16:58:36 +01:00
# Tar up the git checkout to have vagrant rsync it to the VM
tar cf criu.tar ../../../criu
2020-11-05 06:47:52 +00:00
# Cirrus has problems with the following certificate.
2023-05-20 08:45:50 +01:00
wget --no-check-certificate https://releases.hashicorp.com/vagrant/${ VAGRANT_VERSION } /vagrant_${ VAGRANT_VERSION } -1_" $( dpkg --print-architecture) " .deb -O /tmp/vagrant.deb && \
2020-02-08 16:58:36 +01:00
dpkg -i /tmp/vagrant.deb
2025-07-25 07:53:55 +01:00
./apt-install libvirt-clients libvirt-daemon-system libvirt-dev qemu-utils qemu-system \
2020-11-05 06:47:52 +00:00
ruby build-essential libxml2-dev qemu-kvm rsync ebtables dnsmasq-base \
openssh-client
2021-03-17 07:49:26 -04:00
systemctl restart libvirtd
2020-02-08 16:58:36 +01:00
vagrant plugin install vagrant-libvirt
vagrant init fedora/${ FEDORA_VERSION } -cloud-base --box-version ${ FEDORA_BOX_VERSION }
# The default libvirt Vagrant VM uses 512MB.
# Travis VMs should have around 7.5GB.
# Increasing it to 4GB should work.
sed -i Vagrantfile -e 's,^end$, config.vm.provider :libvirt do |libvirt|' "\n" ' libvirt.memory = 4096;end' "\n" 'end,g'
2021-01-29 19:20:48 +00:00
vagrant up --provider= libvirt --no-tty
2020-02-08 16:58:36 +01:00
mkdir -p /root/.ssh
vagrant ssh-config >> /root/.ssh/config
2021-01-29 19:20:48 +00:00
ssh default sudo dnf upgrade -y
2020-02-08 16:58:36 +01:00
ssh default sudo dnf install -y gcc git gnutls-devel nftables-devel libaio-devel \
2022-02-01 15:59:14 +00:00
libasan libcap-devel libnet-devel libnl3-devel libbsd-devel make protobuf-c-devel \
2024-02-09 13:04:58 +00:00
protobuf-devel python3-protobuf python3-importlib-metadata python3-junit_xml \
2025-01-23 09:26:15 +00:00
rubygem-asciidoctor iptables libselinux-devel libbpf-devel python3-yaml libuuid-devel
2020-02-08 16:58:36 +01:00
# Disable sssd to avoid zdtm test failures in pty04 due to sssd socket
ssh default sudo systemctl mask sssd
ssh default cat /proc/cmdline
}
fedora-no-vdso( ) {
ssh default sudo grubby --update-kernel ALL --args= "vdso=0"
vagrant reload
ssh default cat /proc/cmdline
ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
2021-12-07 23:40:12 +07:00
ssh default 'cd /vagrant/criu/test; sudo ./zdtm.py run -a --keep-going'
2021-04-20 23:46:15 +02:00
# This test (pidfd_store_sk) requires pidfd_getfd syscall which is guaranteed in Fedora 33.
# It is also skipped from -a because it runs in RPC mode only
ssh default 'cd /vagrant/criu/test; sudo ./zdtm.py run -t zdtm/transition/pidfd_store_sk --rpc --pre 2'
2020-02-08 16:58:36 +01:00
}
2021-12-23 14:57:43 +03:00
fedora-rawhide( ) {
2023-11-29 08:27:29 +00:00
# The 6.2 kernel of Fedora 38 in combination with rawhide userspace breaks
# zdtm/static/socket-tcp-nfconntrack. To activate the new kernel previously
# installed this reboots the VM.
vagrant reload
ssh default uname -a
2021-12-23 14:57:43 +03:00
#
# Workaround the problem:
# error running container: error from /usr/bin/crun creating container for [...]: sd-bus call: Transport endpoint is not connected
# Let's just use runc instead of crun
# see also https://github.com/kata-containers/tests/issues/4283
#
ssh default 'sudo dnf remove -y crun || true'
ssh default sudo dnf install -y podman runc
2023-11-30 15:10:23 +00:00
# Some tests in the container need selinux to be disabled.
# In the container it is not possible to change the state of selinux.
# Let's just disable it for this test run completely.
ssh default 'sudo setenforce Permissive'
2021-12-23 14:57:43 +03:00
ssh default 'cd /vagrant; tar xf criu.tar; cd criu; sudo -E make -C scripts/ci fedora-rawhide CONTAINER_RUNTIME=podman BUILD_OPTIONS="--security-opt seccomp=unconfined"'
}
2020-07-24 16:21:51 +00:00
fedora-non-root( ) {
ssh default uname -a
ssh default 'cd /vagrant; tar xf criu.tar; cd criu; make -j 4'
# Setting the capability should be the only line needed to run as non-root on Fedora
# In other environments either set /proc/sys/kernel/yama/ptrace_scope to 0 or grant cap_sys_ptrace to criu
ssh default 'sudo setcap cap_checkpoint_restore+eip /vagrant/criu/criu/criu'
# Run it once as non-root
ssh default 'cd /vagrant/criu; criu/criu check --unprivileged; ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
# Run it as root with '--rootless'
ssh default 'cd /vagrant/criu; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h; sudo chmod 777 test/dump/zdtm/static/{env00,pthread00}; sudo ./test/zdtm.py run -t zdtm/static/env00 -t zdtm/static/pthread00 -f h --rootless'
2023-02-02 09:43:37 -08:00
# Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore
# under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace,
# otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies.
# Note: selinux in Enforcing mode prevents us from calling clone3() or writing to ns_last_pid on restore; hence set to Permissive for the test and then set back.
ssh default 'cd /vagrant/criu; selinuxmode=`getenforce` && sudo setenforce Permissive && unshare -Ucfpm --mount-proc bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true" && sudo setenforce $selinuxmode'
2020-07-24 16:21:51 +00:00
}
2020-02-08 16:58:36 +01:00
$1
