From ebaa4fa4c10e2fe4ded5b67373e079d5e68c61c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 21 Sep 2023 08:53:05 +0200 Subject: [PATCH 1/4] ci: crio: Pass `-y` to apt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That was something overlooked during my tests. :-/ Fixes: #8005 Signed-off-by: Fabiano Fidêncio --- tests/gha-run-k8s-common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh index 01d825c284..44b6601e3c 100644 --- a/tests/gha-run-k8s-common.sh +++ b/tests/gha-run-k8s-common.sh @@ -224,7 +224,7 @@ function setup_crio() { curl -L https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable:cri-o:${crio_version}/${os}/Release.key | sudo apt-key add - curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/${os}/Release.key | sudo apt-key add - sudo apt update - sudo apt install cri-o cri-o-runc + sudo apt install -y cri-o cri-o-runc sudo systemctl enable --now crio } From 358dc2f5695e185df1a8fdaf44dc447438060efa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 21 Sep 2023 10:15:17 +0200 Subject: [PATCH 2/4] kata-deploy: Fix CRI-O detection MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some of the "k8s distros" allow using CRI-O in a non-official way, and if that's done we cannot simply assume they're on containerd, otherwise kata-deploy will simply not work. In order to avoid such issue, let's check for `cri-o` as the container engine as the first place and only proceed with the checks for the "k8s distros" after we rule out that CRI-O is not being used. Signed-off-by: Fabiano Fidêncio --- tools/packaging/kata-deploy/scripts/kata-deploy.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh index 5a19befea8..9d60a7ad04 100755 --- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh +++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh @@ -75,7 +75,9 @@ function get_container_runtime() { die "invalid node name" fi - if echo "$runtime" | grep -qE 'containerd.*-k3s'; then + if echo "$runtime" | grep -qE "cri-o"; then + echo "cri-o" + elif echo "$runtime" | grep -qE 'containerd.*-k3s'; then if host_systemctl is-active --quiet rke2-agent; then echo "rke2-agent" elif host_systemctl is-active --quiet rke2-server; then From 74c12b29270d6ed5bbad560d020cdebd73ef2a3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 25 Sep 2023 13:35:41 +0200 Subject: [PATCH 3/4] ci: crio: Enable default capabilities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need the default capabilities to be enabled, especially `SYS_CHROOT`, in order to have tests accessing the host to pass. A huge thanks to Greg Kurz for spotting this and suggesting the fix. Signed-off-by: Fabiano Fidêncio Signed-off-by: Greg Kurz --- tests/gha-run-k8s-common.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/gha-run-k8s-common.sh b/tests/gha-run-k8s-common.sh index 44b6601e3c..9c1d9f9be5 100644 --- a/tests/gha-run-k8s-common.sh +++ b/tests/gha-run-k8s-common.sh @@ -225,6 +225,26 @@ function setup_crio() { curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/${os}/Release.key | sudo apt-key add - sudo apt update sudo apt install -y cri-o cri-o-runc + + # We need to set the default capabilities to ensure our tests will pass + # See: https://github.com/kata-containers/kata-containers/issues/8034 + sudo mkdir -p /etc/crio/crio.conf.d/ + cat < Date: Mon, 25 Sep 2023 14:54:12 +0200 Subject: [PATCH 4/4] ci: crio: Trail '\r' from exec_host() output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We've faced this as part of the CI, only happening with the CRI-O tests: ``` not ok 1 Test readonly volume for pods # (from function `exec_host' in file tests_common.sh, line 51, # in test file k8s-file-volume.bats, line 25) # `exec_host "echo "$file_body" > $tmp_file"' failed with status 127 # [bats-exec-test:38] INFO: k8s configured to use runtimeclass # bash: line 1: $'\r': command not found # # Error from server (NotFound): pods "test-file-volume" not found ``` I must say I didn't dig into figuring out why this is happening, but we may be safe enough to just trail the '\r', as long as all the tests keep passing on containerd. Signed-off-by: Fabiano Fidêncio --- tests/integration/kubernetes/tests_common.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/integration/kubernetes/tests_common.sh b/tests/integration/kubernetes/tests_common.sh index b6d448cac1..f932bd6561 100644 --- a/tests/integration/kubernetes/tests_common.sh +++ b/tests/integration/kubernetes/tests_common.sh @@ -44,7 +44,16 @@ exec_host() { # `kubectl debug` always returns 0, so we hack it to return the right exit code. command="$@" command+='; echo -en \\n$?' - output="$(kubectl debug -qit "${node}" --image=alpine:latest -- chroot /host bash -c "${command}")" + # We're trailing the `\r` here due to: https://github.com/kata-containers/kata-containers/issues/8051 + # tl;dr: When testing with CRI-O we're facing the foillowing error: + # ``` + # (from function `exec_host' in file tests_common.sh, line 51, + # in test file k8s-file-volume.bats, line 25) + # `exec_host "echo "$file_body" > $tmp_file"' failed with status 127 + # [bats-exec-test:38] INFO: k8s configured to use runtimeclass + # bash: line 1: $'\r': command not found + # ``` + output="$(kubectl debug -qit "${node}" --image=alpine:latest -- chroot /host bash -c "${command}" | tr -d '\r')" kubectl get pods -o name | grep node-debugger | xargs kubectl delete > /dev/null exit_code="$(echo "${output}" | tail -1)" echo "$(echo "${output}" | head -n -1)"