From d11d0ead55ebd65a3c779a2198dc44e666951a57 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 29 May 2024 16:33:54 -0400 Subject: [PATCH 1/6] github: switch to using 24.04 on CI runners Signed-off-by: Simon Deziel --- .github/workflows/commits.yml | 2 +- .github/workflows/tests.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index f9d4913ab..3126e3901 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -8,7 +8,7 @@ permissions: jobs: commits: name: Branch target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Check branch target env: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f28adb365..38ee12b02 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -39,7 +39,7 @@ defaults: jobs: code-tests: name: Code - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@v4 @@ -71,7 +71,7 @@ jobs: env: PURGE_LXD: "1" name: ${{ matrix.test }} (${{ matrix.track }}) - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: From 46b9f5c271be0a611b03fe78bfb6097180527ba7 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 29 May 2024 16:38:29 -0400 Subject: [PATCH 2/6] github: moby-containerd docker are not on 24.04 images Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 38ee12b02..32b30176d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -144,7 +144,7 @@ jobs: - name: Remove docker run: | set -eux - sudo apt-get autopurge -y containerd.io moby-containerd docker docker-ce podman uidmap + sudo apt-get autopurge -y containerd.io docker-ce podman uidmap sudo ip link delete docker0 sudo nft flush ruleset From c60bb945a5722994479724101ddbc69157a13a5e Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 29 May 2024 16:39:57 -0400 Subject: [PATCH 3/6] github: workaround bug with needrestart (LP: #2067800) https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2067800 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 32b30176d..a45ce52f2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -148,6 +148,18 @@ jobs: sudo ip link delete docker0 sudo nft flush ruleset + - name: Remove needrestart + run: | + # XXX: workaround https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2067800 + # needrestart restarting runner-provisioner.service causes an immediate job failure: + # + #Restarting services... + # /etc/needrestart/restart.d/systemd-manager + # systemctl restart packagekit.service php8.3-fpm.service runner-provisioner.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-udevd.service udisks2.service walinuxagent.service + #Terminated + #++ cleanup + sudo apt-get autopurge -y needrestart + - name: Checkout uses: actions/checkout@v4 From aedaf1ab2572bd8a814f902c5f5220fb931e4945 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 29 May 2024 17:17:22 -0400 Subject: [PATCH 4/6] tests/interception: support .zst compressed modules copied to 22.04 guests https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2028568 If the module is not decompressed ahead of `insmod`, loading it will be denied: ``` + lxc exec c1 -- insmod /root/nf_nat_ftp.ko.zst insmod: ERROR: could not insert module /root/nf_nat_ftp.ko.zst: Operation not permitted + lxc config set c1 linux.kernel_modules.load=ondemand + lxc restart c1 -f + lxc exec c1 -- insmod /root/nf_nat_ftp.ko.zst insmod: ERROR: could not insert module /root/nf_nat_ftp.ko.zst: Operation not permitted + lxc config set c1 linux.kernel_modules=nf_nat_ftp + lxc restart c1 -f + lxc exec c1 -- insmod /root/nf_nat_ftp.ko.zst insmod: ERROR: could not insert module /root/nf_nat_ftp.ko.zst: Operation not permitted + cleanup ``` Signed-off-by: Simon Deziel --- tests/interception | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/interception b/tests/interception index 4054b779f..3785b41f2 100755 --- a/tests/interception +++ b/tests/interception @@ -112,6 +112,18 @@ if hasNeededAPIExtension container_syscall_intercept_finit_module; then # upload module file into the container lxc file push "${MODULE_PATH}" "c1/root/" + # Ubuntu 23.10+ ships kernel modules individually compressed to speed up + # boot and initramfs generation + # (https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2028568) + # XXX: This compression seems to prevent proper parsing by the `container_syscall_intercept_finit_module` feature + # resulting in `Operation not permitted` error + if echo "${MODULE_FILE_NAME}" | grep -q "\.zst$"; then + lxc exec c1 -- apt-get update -qq + lxc exec c1 -- apt-get install --no-install-recommends -y zstd + lxc exec c1 -- unzstd "/root/${MODULE_FILE_NAME}" + MODULE_FILE_NAME="$(basename "${MODULE_PATH}" .zst)" + fi + # negative case 1 (feature is not enabled) ! lxc exec c1 -- insmod "/root/${MODULE_FILE_NAME}" || false From 489bb5f889bbf3c2f3db3f6670c949def9003468 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Thu, 30 May 2024 16:09:11 -0400 Subject: [PATCH 5/6] tests/docker: workaround apparmor/kernel bug preventing runc from using pivot_root https://bugs.launchpad.net/bugs/2067900 https://github.com/canonical/lxd/issues/13389 Signed-off-by: Simon Deziel --- tests/docker | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/docker b/tests/docker index 53befc106..65a2df064 100755 --- a/tests/docker +++ b/tests/docker @@ -39,6 +39,15 @@ for BIN in docker dockerd docker-init docker-proxy; do chmod +x "/usr/bin/\${BIN}" done +# XXX: Workaround Apparmor/kernel bug: https://bugs.launchpad.net/bugs/2067900 +if [ -e /etc/apparmor.d/runc ]; then + cat << EOF2 > /etc/apparmor.d/local/runc +# Workaround https://bugs.launchpad.net/bugs/2067900 + pivot_root, +EOF2 + apparmor_parser -rTW /etc/apparmor.d/runc +fi + unset https_proxy # Start docker again From ac4de35ecf0f27c63c36ef92e2840984f3431ab0 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 31 May 2024 12:56:10 -0400 Subject: [PATCH 6/6] github: expand the test matrix to run on 22.04 (!= latest/edge) and 24.04 (!= 5.0/edge) Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a45ce52f2..b41290f69 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -70,11 +70,12 @@ jobs: system-tests: env: PURGE_LXD: "1" - name: ${{ matrix.test }} (${{ matrix.track }}) - runs-on: ubuntu-24.04 + name: ${{ matrix.test }} (${{ matrix.track }} - ${{ matrix.os }}) + runs-on: ubuntu-${{ matrix.os }} strategy: fail-fast: false matrix: + os: [22.04, 24.04] track: ${{ fromJSON(inputs.snap-tracks || '["latest/edge", "5.21/edge", "5.0/edge"]') }} test: - cgroup @@ -105,6 +106,10 @@ jobs: track: "5.0/edge" - test: storage-buckets # waiting for integration with microceph - test: "storage-vm ceph" # waiting for integration with microceph + - track: "5.0/edge" + os: "24.04" + - track: "latest/edge" + os: "22.04" steps: - name: Performance tuning