tests/vmcheck: Fully drop python 3 requirement

Drop the use of Ansible everywhere. In the few cases where we really
Python, just spawn a container instead.

This is required to be able to hack on Fedora CoreOS.

Closes: #1850
Approved by: jlebon

ci/vmcheck-provision.sh

@@ -5,4 +5,4 @@ set -xeuo pipefail
 
 dn=$(dirname $0)
 . ${dn}/libbuild.sh
-pkg_install openssh-clients ansible
+pkg_install openssh-clients

tests/common/libvm.sh

@@ -37,25 +37,27 @@ vm_setup() {
   export SCP="scp ${SSHOPTS}"
 }
 
-vm_ansible_inline() {
+# $1 - file to send
-    playbook=$(mktemp -p /tmp 'libvm-ansible.XXXXXX')
+# $2 - destination path
-    cat > ${playbook} <<EOF
+vm_send() {
----
+  $SCP ${1} ${VM}:${2}
-- hosts: ${VM}
+}
-  gather_facts: no
+
-  tasks:
+# $1 - destination path
-EOF
+vm_send_inline() {
-    sed -e 's,^,  ,' >> ${playbook}
+  f=$(mktemp -p $PWD)
-    ansible-playbook -vi ${VM}, --ssh-common-args "${SSHOPTS}" ${playbook}
+  cat > ${f}
-    rm -f ${playbook}
+  vm_send ${f} ${1}
+  rm -f ${f}
 }
 
 vm_shell_inline() {
-  vm_ansible_inline <<EOF
+  script=$(mktemp -p $PWD)
-- shell: |
+  echo "set -xeuo pipefail" > ${script}
-    set -xeuo pipefail
+  cat >> ${script}
-$(sed -e 's,^,    ,')
+  vm_send ${script} /tmp/$(basename ${script})
-EOF
+  rm -f ${script}
+  vm_cmd bash /tmp/$(basename ${script})
 }
 
 # rsync wrapper that sets up authentication
@@ -133,10 +135,7 @@ EOF
       echo 'gpgcheck=0' >> vmcheck.repo
   fi
 
-  vm_ansible_inline <<EOF
+  vm_send vmcheck.repo /etc/yum.repos.d
-- file: path=/etc/yum.repos.d state=directory
-- copy: src=$(pwd)/vmcheck.repo dest=/etc/yum.repos.d
-EOF
 }
 
 # wait until ssh is available on the vm
@@ -401,9 +400,7 @@ vm_get_journal_cursor() {
 vm_wait_content_after_cursor() {
     from_cursor=$1; shift
     regex=$1; shift
-    vm_ansible_inline <<EOF
+    vm_shell_inline <<EOF
-- shell: |
-    set -xeuo pipefail
     tmpf=\$(mktemp /var/tmp/journal.XXXXXX)
     for x in \$(seq 60); do
       journalctl -u rpm-ostreed --after-cursor "${from_cursor}" > \${tmpf}
@@ -435,6 +432,24 @@ vm_assert_journal_has_content() {
   rm -f tmp-journal.txt
 }
 
+# usage: <podman args> -- <container args>
+vm_run_container() {
+  local podman_args=
+  while [ $# -ne 0 ]; do
+    local arg=$1; shift
+    if [[ $arg == -- ]]; then
+      break
+    fi
+    podman_args="$podman_args $arg"
+  done
+  [ $# -ne 0 ] || fatal "No container args provided"
+  # just automatically always share dnf cache so we don't redownload each time
+  # (use -n so this ssh invocation doesn't consume stdin)
+  vm_cmd -n mkdir -p /var/cache/dnf
+  vm_cmd podman run --rm -v /var/cache/dnf:/var/cache/dnf:z $podman_args \
+    registry.fedoraproject.org/fedora:30 "$@"
+}
+
 # $1 - service name
 # $2 - dir to serve
 # $3 - port to serve on
@@ -443,14 +458,10 @@ vm_start_httpd() {
   local dir=$1; shift
   local port=$1; shift
 
-  # just nuke the service of the same name if it exists and is also transient
+  vm_cmd podman rm -f $name || true
-  if vm_cmd systemctl show $name | grep -q UnitFileState=transient; then
+  vm_run_container --net=host -d --name $name --privileged \
-    vm_cmd systemctl stop $name
+    -v $dir:/srv --workdir /srv -- \
-  fi
+    python3 -m http.server $port
-
-  # CentOS systemd is too old for -p WorkingDirectory
-  vm_cmd systemd-run --unit $name sh -c \
-    "'cd $dir && python3 -m http.server $port'"
 
   # NB: the EXIT trap is used by libtest, but not the ERR trap
   trap "vm_stop_httpd $name" ERR
@@ -463,7 +474,7 @@ vm_start_httpd() {
 # $1 - service name
 vm_stop_httpd() {
   local name=$1; shift
-  vm_cmd systemctl stop $name
+  vm_cmd podman rm -f $name
   set +E
   trap - ERR
 }
@@ -556,8 +567,7 @@ vm_ostreeupdate_prepare_reboot() {
 
 vm_change_update_policy() {
     policy=$1; shift
-    vm_ansible_inline <<EOF
+    vm_shell_inline <<EOF
-- shell: |
     cp /usr/etc/rpm-ostreed.conf /etc
     echo -e "[Daemon]\nAutomaticUpdatePolicy=$policy" > /etc/rpm-ostreed.conf
     rpm-ostree reload

tests/vmcheck/test-cached-rpm-diffs.sh

@@ -68,8 +68,10 @@ run_transaction() {
   sig=$1; shift
   args=$1; shift
   cur=$(vm_get_journal_cursor)
-  # use ansible for this so we don't have to think about hungry quote-eating ssh
+  vm_run_container --privileged -i -v /var/run/dbus:/var/run/dbus --net=host -- \
-  vm_shell_inline <<EOF
+    /bin/bash << EOF
+set -xeuo pipefail
+dnf install -y python3-dbus
 python3 -c '
 import dbus
 addr = dbus.SystemBus().call_blocking(

tests/vmcheck/test-download-only.sh

@@ -35,14 +35,11 @@ set -x
 vm_build_rpm_repo_mode skip foobar
 vm_start_httpd vmcheck /var/tmp 8888
 vm_rpmostree cleanup -m
-vm_ansible_inline <<EOF
+vm_send_inline /etc/yum.repos.d/vmcheck-http.repo <<EOF
-- copy:
+[vmcheck-http]
-    content: |
+name=vmcheck-http
-      [vmcheck-http]
+baseurl=http://localhost:8888/vmcheck/yumrepo
-      name=vmcheck-http
+gpgcheck=0
-      baseurl=http://localhost:8888/vmcheck/yumrepo
-      gpgcheck=0
-    dest: /etc/yum.repos.d/vmcheck-http.repo
 EOF
 
 osname=$(vm_get_booted_deployment_info osname)

tests/vmcheck/test-layering-scripts.sh

@@ -35,9 +35,16 @@ vm_build_rpm scriptpkg1 \
   pretrans "# http://lists.rpm.org/pipermail/rpm-ecosystem/2016-August/000391.html
             echo pretrans should've been ignored && exit 1" \
   verifyscript "echo verifyscript should've been ignored && exit 1" \
-  post_args "-p /usr/bin/python3" \
+  post_args "-p /usr/bin/bash" \
-  post 'open("/usr/lib/rpmostreetestinterp", "w").close();
+  post '
-open("/var/lib/rpm-state/scriptpkg1-stamp", "w").close()' \
+# default shell is sh, but we requested bash; check that rpm-ostree picks it up
+interp=$(cat /proc/$$/comm)
+if [ "$interp" != "bash" ]; then
+  echo "Expected bash interpreter, got $interp"
+  exit 1
+fi
+touch /usr/lib/rpmostreetestinterp
+touch /var/lib/rpm-state/scriptpkg1-stamp' \
   posttrans "# Firewalld; https://github.com/projectatomic/rpm-ostree/issues/638
              . /etc/os-release || :
              # See https://github.com/projectatomic/rpm-ostree/pull/647
@@ -209,9 +216,8 @@ vm_cmd systemctl restart rpm-ostreed
 echo "ok cancel infinite post via `rpm-ostree cancel`"
 
 # Test rm -rf /!
-vm_ansible_inline <<EOF
+vm_shell_inline <<EOF
-- user:
+getent passwd testuser >/dev/null || useradd testuser
-    name: testuser
 EOF
 vm_cmd touch /home/testuser/somedata /tmp/sometmpfile /var/tmp/sometmpfile
 vm_build_rpm rmrf post "rm --no-preserve-root -rf / &>/dev/null || true"

tests/vmcheck/test-livefs.sh

@@ -150,9 +150,7 @@ fi
 vm_cmd test -f /${dummy_file_to_modify}
 generate_upgrade() {
     # Create a modified vmcheck commit
-    vm_ansible_inline <<EOF
+    vm_shell_inline <<EOF
-- shell: |
-    set -xeuo pipefail
       cd /ostree/repo/tmp
       rm vmcheck -rf
       ostree checkout vmcheck vmcheck --fsync=0

tests/vmcheck/test-misc-1.sh

@@ -83,11 +83,8 @@ echo "ok error on unknown command"
 # Be sure an unprivileged user exists and that we can SSH into it. This is a bit
 # underhanded, but we need a bona fide user session to verify non-priv status,
 # and logging in through SSH is an easy way to achieve that.
-vm_ansible_inline <<EOF
+vm_shell_inline <<EOF
-- user:
+    getent passwd testuser >/dev/null || useradd testuser
-    name: testuser
-- shell: |
-    set -euo pipefail
     mkdir -pm 0700 /home/testuser/.ssh
     cp -a /root/.ssh/authorized_keys /home/testuser/.ssh
     chown -R testuser:testuser /home/testuser/.ssh
@@ -139,9 +136,7 @@ vm_rpmostree usroverlay
 vm_cmd test -w /usr/bin
 echo "ok usroverlay"
 
-vm_ansible_inline <<EOF
+vm_shell_inline <<EOF
-- shell: |
-    set -xeuo pipefail
     rpm-ostree cleanup -p
     originpath=\$(ostree admin --print-current-dir).origin
     cp -a \${originpath}{,.orig}

tests/vmcheck/test-misc-2.sh

@@ -229,14 +229,11 @@ echo "ok /run/ostree-booted in scriptlet container"
 # local repos are always cached, so let's start up an http server for the same
 # vmcheck repo
 vm_start_httpd vmcheck /var/tmp 8888
-vm_ansible_inline <<EOF
+vm_send_inline /etc/yum.repos.d/vmcheck-http.repo <<EOF
-- copy:
+[vmcheck-http]
-    content: |
+name=vmcheck-http
-      [vmcheck-http]
+baseurl=http://localhost:8888/vmcheck/yumrepo
-      name=vmcheck-http
+gpgcheck=0
-      baseurl=http://localhost:8888/vmcheck/yumrepo
-      gpgcheck=0
-    dest: /etc/yum.repos.d/vmcheck-http.repo
 EOF
 
 vm_rpmostree cleanup -rpmb