keremet/rpm-ostree
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
799a809c2d
rpm-ostree/tests/vmcheck/overlay.sh

134 lines
4.1 KiB
Bash
Raw Normal View History

Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
#!/bin/bash
set -euo pipefail
# Execute this code path on the host
vmcheck: adapt for non-vagrant hosts This is just the final bit required to make sure the vagrant and non-vagrant paths can work happily together. It's mostly minor fixes, though the most major change which also affects vagrant is that we now sync to the root home dir, rather than ~vagrant. Closes: #524 Approved by: cgwalters
2016-11-22 06:22:51 +03:00
if test -z "${INSIDE_VM:-}"; then
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
. ${commondir}/libvm.sh
vmcheck: adapt for non-vagrant hosts This is just the final bit required to make sure the vagrant and non-vagrant paths can work happily together. It's mostly minor fixes, though the most major change which also affects vagrant is that we now sync to the root home dir, rather than ~vagrant. Closes: #524 Approved by: cgwalters
2016-11-22 06:22:51 +03:00
vm_setup
if ! vm_ssh_wait 30; then
echo "ERROR: A running VM is required for 'make vmcheck'."
exit 1
fi
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
vm_rsync
Initial support for automatic updates This patch introduces a new `AutomaticUpdatePolicy` configuration. This was a long time coming for rpm-ostree, given that its update model makes it extremely apt for such a feature. The config supports a `check` mode, which should be very useful to Atomic Workstation users, as well as a `reboot` mode, which could be used in its present form in simple single node Atomic Host situations. There is still a lot of work to be done, including integrating advisories, and supporting a `deploy` mode. This feature hopefully will be leveraged as well by higher-level projects like GNOME Software and Cockpit. Closes: #1147 Approved by: cgwalters
2017-12-15 20:01:46 +03:00
# ✀✀✀ BEGIN selinux-policy hack (part 1) for
# https://github.com/fedora-selinux/selinux-policy-contrib/pull/45
selhack=selinux-tmp-hack
if ! vm_cmd sesearch -A -s init_t -t install_t -c dbus | grep -q allow; then
echo "Activating selinux-tmp-hack"
d=$(mktemp -d)
cat > $d/$selhack.te << 'EOF'
policy_module(selinux-tmp-hack, 1.0.0)
gen_require(`
type install_t;
')
init_dbus_chat(install_t)
EOF
make -C $d -f /usr/share/selinux/devel/Makefile $selhack.pp
vm_send /var/roothome/sync $d/$selhack.pp
rm -rf $d
fi
# ✀✀✀ END selinux-policy hack ✀✀✀
tests: Add RPMOSTREE_TEST_NO_OVERLAY to skip overlay The use case here is to run our tests against the shipped tree; this could be used by a-h-t for example: https://github.com/projectatomic/atomic-host-tests/issues/74 I tried this with just `TESTS=basic` and it failed for `usroverlay`. So we'd have to start adding feature detection to the test suite to make this truly useful, but let's at least start with the basic bits now to play with it. Closes: #1251 Approved by: jlebon
2018-02-14 17:55:39 +03:00
vm_cmd env RPMOSTREE_TEST_NO_OVERLAY="${RPMOSTREE_TEST_NO_OVERLAY:-}" INSIDE_VM=1 /var/roothome/sync/tests/vmcheck/overlay.sh
vmcheck: adapt for non-vagrant hosts This is just the final bit required to make sure the vagrant and non-vagrant paths can work happily together. It's mostly minor fixes, though the most major change which also affects vagrant is that we now sync to the root home dir, rather than ~vagrant. Closes: #524 Approved by: cgwalters
2016-11-22 06:22:51 +03:00
vm_reboot
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
exit 0
fi
set -x
# And then this code path in the VM
vmcheck/overlay: add version and timestamp in source title This makes it much easier to know how old the base we're working from is and whether it's time to upgrade before hacking some more. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
# get details from the current default deployment
rpm-ostree status --json > json.txt
json_field() {
field=$1; shift;
python -c "
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
import sys, json;
vmcheck/overlay: add version and timestamp in source title This makes it much easier to know how old the base we're working from is and whether it's time to upgrade before hacking some more. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
deployment = json.load(open('json.txt'))['deployments'][0]
print deployment.get('$field', '')
exit()"
}
commit=$(json_field checksum)
origin=$(json_field origin)
version=$(json_field version)
timestamp=$(json_field timestamp)
[ -n "$timestamp" ]
timestamp=$(date -d "@$timestamp" "+%b %d %Y")
rm -f json.txt
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
if [[ -z $commit ]] || ! ostree rev-parse $commit; then
echo "Error while determining current commit" >&2
exit 1
fi
cd /ostree/repo/tmp
rm vmcheck -rf
ostree checkout $commit vmcheck --fsync=0
Require ostree 2017.5 This is preparatory for future changes which will make use the newer sysroot writing API. But in this change, we can drop all of our version ifdef'd code. Closes: #740 Approved by: jlebon
2017-04-13 17:52:04 +03:00
rm vmcheck/etc -rf
overlay.sh: also overlay /etc to /usr/etc This is needed to test changes to the D-Bus config file. Closes: #894 Approved by: cgwalters
2017-07-27 18:25:38 +03:00
tests: Add RPMOSTREE_TEST_NO_OVERLAY to skip overlay The use case here is to run our tests against the shipped tree; this could be used by a-h-t for example: https://github.com/projectatomic/atomic-host-tests/issues/74 I tried this with just `TESTS=basic` and it failed for `usroverlay`. So we'd have to start adding feature detection to the test suite to make this truly useful, but let's at least start with the basic bits now to play with it. Closes: #1251 Approved by: jlebon
2018-02-14 17:55:39 +03:00
# Now, overlay our built binaries & config files, unless
# explicitly requested not to (with the goal of testing the
# tree shipped as is with our existing tests).
if test -z "${RPMOSTREE_TEST_NO_OVERLAY}"; then
INSTTREE=/var/roothome/sync/insttree
rsync -rlv $INSTTREE/usr/ vmcheck/usr/
rsync -rlv $INSTTREE/etc/ vmcheck/usr/etc/
else
echo "Skipping overlay of built rpm-ostree"
fi
vmcheck: use --selinux-policy when committing Let's make SELinux and atomic-host-tests happy with trees we concoct ourselves by using the new --selinux-policy. (Specifically, we want our sync'ed binaries to have install_exec_t). Closes: #953 Approved by: cgwalters
2017-09-01 23:35:52 +03:00
Initial support for automatic updates This patch introduces a new `AutomaticUpdatePolicy` configuration. This was a long time coming for rpm-ostree, given that its update model makes it extremely apt for such a feature. The config supports a `check` mode, which should be very useful to Atomic Workstation users, as well as a `reboot` mode, which could be used in its present form in simple single node Atomic Host situations. There is still a lot of work to be done, including integrating advisories, and supporting a `deploy` mode. This feature hopefully will be leveraged as well by higher-level projects like GNOME Software and Cockpit. Closes: #1147 Approved by: cgwalters
2017-12-15 20:01:46 +03:00
## ✀✀✀ BEGIN selinux-policy hack (part 2) for
## https://github.com/fedora-selinux/selinux-policy-contrib/pull/45
selhack=selinux-tmp-hack
pp=/var/roothome/sync/$selhack.pp
if [ -f $pp ]; then
seld=usr/share/selinux/packages/$selhack
mkdir -p vmcheck/$seld
cp $pp vmcheck/$seld
mkdir vmcheck/var/tmp # bwrap wrapper will mount tmpfs there
/var/roothome/sync/scripts/bwrap-script-shell.sh /ostree/repo/tmp/vmcheck \
semodule -v -n -i /$seld/$selhack.pp
fi
## ✀✀✀ END selinux-policy hack ✀✀✀
vmcheck/overlay: use --keep-metadata for source-title One issue right now is that repeated applications of `make vmoverlay` will result in losing the source title. Let's use the new `--keep-metadata` in subsequent `make vmoverlay` invocations to make sure it gets transferred over correctly. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
# ✀✀✀ BEGIN hack to get --keep-metadata
if ! ostree commit --help | grep -q -e --keep-metadata; then
# this is fine, rsync doesn't modify in place
mount -o rw,remount /usr
# don't overwrite /etc/ to not mess up 3-way merge
rsync -rlv --exclude '/etc/' vmcheck/usr/ /usr/
fi
# ✀✀✀ END hack to get --keep-metadata ✀✀✀
Initial support for automatic updates This patch introduces a new `AutomaticUpdatePolicy` configuration. This was a long time coming for rpm-ostree, given that its update model makes it extremely apt for such a feature. The config supports a `check` mode, which should be very useful to Atomic Workstation users, as well as a `reboot` mode, which could be used in its present form in simple single node Atomic Host situations. There is still a lot of work to be done, including integrating advisories, and supporting a `deploy` mode. This feature hopefully will be leveraged as well by higher-level projects like GNOME Software and Cockpit. Closes: #1147 Approved by: cgwalters
2017-12-15 20:01:46 +03:00
# if the commit already has pkglist metadata (i.e. the tree was composed with at
# least v2018.1), make sure it gets preserved, because it's useful for playing
# around (but note it's not a requirement for our tests)
tests: Make use of commit --no-bindings if available The way we alias a commit with e.g. `vmcheck_orig` trips up ref bindings. Perhaps we should rework the test suite but for now let's just mark `vmcheck` as aliasable. See: https://github.com/ostreedev/ostree/pull/1380 https://github.com/ostreedev/ostree/pull/1379 Closes: #1167 Approved by: jlebon
2017-12-22 10:50:19 +03:00
commit_opts=
Initial support for automatic updates This patch introduces a new `AutomaticUpdatePolicy` configuration. This was a long time coming for rpm-ostree, given that its update model makes it extremely apt for such a feature. The config supports a `check` mode, which should be very useful to Atomic Workstation users, as well as a `reboot` mode, which could be used in its present form in simple single node Atomic Host situations. There is still a lot of work to be done, including integrating advisories, and supporting a `deploy` mode. This feature hopefully will be leveraged as well by higher-level projects like GNOME Software and Cockpit. Closes: #1147 Approved by: cgwalters
2017-12-15 20:01:46 +03:00
if ostree show $commit --raw | grep -q rpmostree.rpmdb.pkglist; then
commit_opts="${commit_opts} --keep-metadata=rpmostree.rpmdb.pkglist"
fi
vmcheck/overlay: use --keep-metadata for source-title One issue right now is that repeated applications of `make vmoverlay` will result in losing the source title. Let's use the new `--keep-metadata` in subsequent `make vmoverlay` invocations to make sure it gets transferred over correctly. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
source_opt= # make this its own var since it contains spaces
if [ $origin != vmcheck ]; then
source_title="${origin}"
if [ -n "$version" ]; then
source_title="${source_title} (${version}; $timestamp)"
else
source_title="${source_title} ($timestamp)"
fi
source_opt="--add-metadata-string=ostree.source-title=Dev overlay on ${source_title}"
commit_opts="${commit_opts} --add-metadata-string=rpmostree.original-origin=${origin}"
vmcheck/overlay: add version and timestamp in source title This makes it much easier to know how old the base we're working from is and whether it's time to upgrade before hacking some more. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
else
vmcheck/overlay: use --keep-metadata for source-title One issue right now is that repeated applications of `make vmoverlay` will result in losing the source title. Let's use the new `--keep-metadata` in subsequent `make vmoverlay` invocations to make sure it gets transferred over correctly. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
source_opt="--keep-metadata=ostree.source-title"
commit_opts="${commit_opts} --keep-metadata=rpmostree.original-origin"
vmcheck/overlay: add version and timestamp in source title This makes it much easier to know how old the base we're working from is and whether it's time to upgrade before hacking some more. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
fi
vmcheck/overlay: always use --consume --no-bindings For CI purposes at least, these features are already part of FAH and the latest CAH smoketested. Anyway, we're already hacking the latest ostree into place for `--keep-metadata`. If it already supports the latter, then clearly it'll support those. Closes: #1215 Approved by: cgwalters
2018-01-18 21:13:39 +03:00
ostree commit --parent=$commit -b vmcheck --consume --no-bindings \
vmcheck/overlay: use --keep-metadata for source-title One issue right now is that repeated applications of `make vmoverlay` will result in losing the source title. Let's use the new `--keep-metadata` in subsequent `make vmoverlay` invocations to make sure it gets transferred over correctly. Closes: #1205 Approved by: cgwalters
2018-01-12 23:55:34 +03:00
--link-checkout-speedup ${commit_opts} "${source_opt}" \
tests: Use ostree commit --consume Just noticed this while working on something else; we should use it where possible. Closes: #1117 Approved by: jlebon
2017-11-29 05:37:06 +03:00
--selinux-policy=vmcheck --tree=dir=vmcheck
Initial support for automatic updates This patch introduces a new `AutomaticUpdatePolicy` configuration. This was a long time coming for rpm-ostree, given that its update model makes it extremely apt for such a feature. The config supports a `check` mode, which should be very useful to Atomic Workstation users, as well as a `reboot` mode, which could be used in its present form in simple single node Atomic Host situations. There is still a lot of work to be done, including integrating advisories, and supporting a `deploy` mode. This feature hopefully will be leveraged as well by higher-level projects like GNOME Software and Cockpit. Closes: #1147 Approved by: cgwalters
2017-12-15 20:01:46 +03:00
Redo `vmcheck` to abstract over ssh-config, drop all building My development environment is now using "pet" docker containers. I use VMs for testing things that require that (like rpm-ostree). This patch builds on work from @jlebon in https://github.com/projectatomic/rpm-ostree/pull/509 to rework `vmcheck` such that it can work on any `ssh-config`. By default we expect this to be Vagrant. However, I go a lot farther and delete the `vmbuild` code that was trying to do builds in a container on the target VM. I think this is still worth pursuing at some point, but for now I think it's reasonable to assume that the rpm-ostree developer audience uses Linux as their host workstation and hence has containers. (There's another important point here in that for developing lower level things like rpm-ostree, there's a strong push to make the VM disposable and not a pet) Closes: #516 Approved by: jlebon
2016-11-14 20:07:43 +03:00
ostree admin deploy vmcheck
Reference in New Issue Copy Permalink