From: Kienan Stewart Date: Thu, 22 Aug 2024 17:40:05 +0000 (-0400) Subject: jjb: Update image building jobs to use incus-client X-Git-Url: https://git.lttng.org./?a=commitdiff_plain;h=89d416b3b600e974dad6d5e71e5f951c3c6ac897;p=lttng-ci.git jjb: Update image building jobs to use incus-client Change-Id: I2e701af95b16227459bbcec403996275d893325b Signed-off-by: Kienan Stewart --- diff --git a/jobs/images.yml b/jobs/images.yml index 9d2f4b0..9f59bf9 100644 --- a/jobs/images.yml +++ b/jobs/images.yml @@ -32,7 +32,7 @@ - choice: &images_parameters_IMAGE_TYPE name: 'IMAGE_TYPE' choices: - - 'lxd' + - 'incus' - 'vm' description: 'The type of image to create' - choice: @@ -42,15 +42,15 @@ - 'developer' description: 'The ansible group to apply to the image' required: true - - string: &images_parameters_LXD_HOST - name: 'LXD_HOST' + - string: &images_parameters_INCUS_HOST + name: 'INCUS_HOST' default: 'ci-host-amd64-1a.internal.efficios.com' - description: 'The address of the LXD cluster to publish to' + description: 'The address of the incus cluster to publish to' required: true - - string: &images_parameters_LXD_INSTANCE_PROFILE - name: 'LXD_INSTANCE_PROFILE' + - string: &images_parameters_INCUS_INSTANCE_PROFILE + name: 'INCUS_INSTANCE_PROFILE' default: 'ci-rootnode' - description: 'The LXD instance profile to use for temporary instances when building images' + description: 'The Incus instance profile to use for temporary instances when building images' required: true - string: &images_parameters_GIT_URL name: 'GIT_URL' @@ -81,9 +81,9 @@ - choice: <<: *images_parameters_IMAGE_TYPE - string: - <<: *images_parameters_LXD_HOST + <<: *images_parameters_INCUS_HOST - string: - <<: *images_parameters_LXD_INSTANCE_PROFILE + <<: *images_parameters_INCUS_INSTANCE_PROFILE - string: <<: *images_parameters_GIT_URL - string: @@ -97,10 +97,10 @@ name: 'DISTROBUILDER_GIT_BRANCH' default: 'main' - string: - name: 'LXC_CI_GIT_URL' + name: 'INCUS_CI_GIT_URL' default: 'https://github.com/lxc/lxc-ci.git' - string: - name: 'LXC_CI_GIT_BRANCH' + name: 'INCUS_CI_GIT_BRANCH' default: 'main' - string: name: 'GO_VERSION' @@ -137,10 +137,10 @@ passphrase-variable: SSH_PASSWORD - file: credential-id: 'f3f08275-59ef-42ff-9de5-9beafc7435b8' - variable: LXD_CLIENT_CERT + variable: INCUS_CLIENT_CERT - file: credential-id: '0debf23b-191b-4cdf-8a25-04e9a7092a67' - variable: LXD_CLIENT_KEY + variable: INCUS_CLIENT_KEY - text: credential-id: SLES_REGISTRATION_CODE_amd64 variable: SLES_REGISTRATION_CODE_amd64 @@ -161,7 +161,7 @@ project-type: pipeline parameters: '{obj:parameters}' IMAGE_TYPES: - - lxd + - incus - vm PROFILES: - ci-node @@ -231,7 +231,7 @@ name: 'IMAGE_TYPE_FILTER' choices: - all - - lxd + - incus - vm - choice: &images_parameters_PROFILE_FILTER name: 'PROFILE_FILTER' @@ -295,12 +295,12 @@ ARCHES: - amd64 RELEASES: - # 12.5 Doesn't currently work well with LXD either as a container or a VM + # 12.5 Doesn't currently work well with Incus either as a container or a VM # * 12.5 has systemd 228, which doesn't support cgroups v2. Hosts _could_ # be configured to disable the unified cgroup hierarchy in order to have # this version systemd work correctly. # * Running as a QEMU VM, virtio_scsi isn't correctly able to bring the - # virtual disks online. The version of lxd currently deployed doesn't + # virtual disks online. The version of incus currently deployed doesn't # support the io.bus option to use virtio-blk instead. # - '12.5' - '15.4' diff --git a/pipelines/images/distrobuild.sh b/pipelines/images/distrobuild.sh index fea1d13..a4e9538 100644 --- a/pipelines/images/distrobuild.sh +++ b/pipelines/images/distrobuild.sh @@ -31,13 +31,13 @@ REQUIRED_VARIABLES=( VARIANT GIT_BRANCH GIT_URL - LXD_CLIENT_CERT - LXD_CLIENT_KEY + INCUS_CLIENT_CERT + INCUS_CLIENT_KEY TEST DISTROBUILDER_GIT_URL DISTROBUILDER_GIT_BRANCH - LXC_CI_GIT_URL - LXC_CI_GIT_BRANCH + INCUS_CI_GIT_URL + INCUS_CI_GIT_BRANCH GO_VERSION ) MISSING_VARS=0 @@ -55,26 +55,26 @@ fi INSTANCE_START_TIMEOUT="${INSTANCE_START_TIMEOUT:-120}" VM_ARG=() -# Install lxd-client +# Install incus-client apt-get update -apt-get install -y lxd-client -mkdir -p ~/.config/lxc -cp "${LXD_CLIENT_CERT}" ~/.config/lxc/client.crt -cp "${LXD_CLIENT_KEY}" ~/.config/lxc/client.key +apt-get install -y incus-client +mkdir -p ~/.config/incus +cp "${INCUS_CLIENT_CERT}" ~/.config/incus/client.crt +cp "${INCUS_CLIENT_KEY}" ~/.config/incus/client.key CLEANUP+=( - "rm -f ${HOME}/.config/lxc/client.crt" - "rm -f ${HOME}/.config/lxc/client.key" + "rm -f ${HOME}/.config/incus/client.crt" + "rm -f ${HOME}/.config/incus/client.key" ) -lxc remote add ci --accept-certificate --auth-type tls "${LXD_HOST}" -lxc remote switch ci +incus remote add ci --accept-certificate --auth-type tls "${INCUS_HOST}" +incus remote switch ci -# Exit gracefully if the lxc images: provides the base image +# Exit gracefully if the incus images: provides the base image IMAGE_NAME="${OS}/${RELEASE}/${VARIANT}/${ARCH}" TYPE_FILTER='type=container' if [[ "${IMAGE_TYPE}" == "vm" ]] ; then TYPE_FILTER='type=virtual-machine' fi -if [[ "$(lxc image list -f csv images:"${IMAGE_NAME}" -- "${TYPE_FILTER}" | wc -l)" != "0" ]] ; then +if [[ "$(incus image list -f csv images:"${IMAGE_NAME}" -- "${TYPE_FILTER}" | wc -l)" != "0" ]] ; then echo "Image '${IMAGE_NAME}' provided by 'images:' remote" exit 0 fi @@ -97,13 +97,13 @@ PATH="${PATH}:${HOME}/go/bin" cd "${WORKSPACE}" git clone --branch="${GIT_BRANCH}" "${GIT_URL}" ci -# Get the LXC CI repo +# Get the INCUS CI repo cd "${WORKSPACE}" -git clone --branch="${LXC_CI_GIT_BRANCH}" "${LXC_CI_GIT_URL}" lxc-ci +git clone --branch="${INCUS_CI_GIT_BRANCH}" "${INCUS_CI_GIT_URL}" incus-ci IMAGE_DIRS=( "${WORKSPACE}/ci/automation/images" - "${WORKSPACE}/lxc-ci/images" + "${WORKSPACE}/incus-ci/images" ) EXTENSIONS=( 'yml' @@ -179,7 +179,7 @@ if [[ "${IMAGE_TYPE}" == "vm" ]] ; then ROOTFS="${BUILD_DIR}/disk.qcow2" fi -# Work-around for lxd not using qemu-system-i386: set the architecture to x86_64 +# Work-around for incus not using qemu-system-i386: set the architecture to x86_64 # which will use qemu-system-x86_64 and still run 32bit userspace/kernels fine. if [[ "${ARCH}" == "i386" ]] ; then TMP_DIR=$(mktemp -d) @@ -191,12 +191,12 @@ if [[ "${ARCH}" == "i386" ]] ; then rm -rf "${TMP_DIR}" fi -# When using `lxc image import` two images cannot have the same alias - +# When using `incus image import` two images cannot have the same alias - # only the last image imported will keep the alias. Therefore, the # image type is appended as part of the alias. IMAGE_NAME="${IMAGE_NAME}/${IMAGE_TYPE}" -if FINGERPRINT=$(lxc image import "${BUILD_DIR}/incus.tar.xz" "${ROOTFS}" 2>&1 | grep -E -o '[A-Fa-f0-9]{64}') ; then +if FINGERPRINT=$(incus image import "${BUILD_DIR}/incus.tar.xz" "${ROOTFS}" 2>&1 | grep -E -o '[A-Fa-f0-9]{64}') ; then echo "Image imported with fingerprint '${FINGERPRINT}'" else fail 1 "No fingerprint for imported image" @@ -205,10 +205,10 @@ fi if [[ "${TEST}" == "true" ]] ; then set +e INSTANCE_NAME='' - if INSTANCE_NAME="$(lxc -q launch -e ${VM_ARG[@]} -p default -p "${LXD_INSTANCE_PROFILE}" "${FINGERPRINT}")" ; then + if INSTANCE_NAME="$(incus -q launch -e ${VM_ARG[@]} -p default -p "${INCUS_INSTANCE_PROFILE}" "${FINGERPRINT}")" ; then INSTANCE_NAME="$(echo "${INSTANCE_NAME}" | cut -d':' -f2 | tr -d ' ')" CLEANUP+=( - "lxc stop -f ${INSTANCE_NAME}" + "incus stop -f ${INSTANCE_NAME}" ) else fail 1 "Failed to launch instance using image '${FINGERPRINT}'" @@ -216,18 +216,18 @@ if [[ "${TEST}" == "true" ]] ; then TIME_REMAINING="${INSTANCE_START_TIMEOUT}" INSTANCE_STATUS='' while true ; do - INSTANCE_STATUS="$(lxc exec "${INSTANCE_NAME}" hostname)" + INSTANCE_STATUS="$(incus exec "${INSTANCE_NAME}" hostname)" if [[ "${INSTANCE_STATUS}" == "${INSTANCE_NAME}" ]] ; then break fi sleep 1 TIME_REMAINING=$((TIME_REMAINING - 1)) if [ "${TIME_REMAINING}" -lt "0" ] ; then - fail 1 "Timed out waiting for instance to become available via 'lxc exec'" + fail 1 "Timed out waiting for instance to become available via 'incus exec'" fi done set -e fi -lxc image alias delete "${IMAGE_NAME}" || true -lxc image alias create "${IMAGE_NAME}" "${FINGERPRINT}" +incus image alias delete "${IMAGE_NAME}" || true +incus image alias create "${IMAGE_NAME}" "${FINGERPRINT}" diff --git a/pipelines/images/imagebuild.sh b/pipelines/images/imagebuild.sh index befc9bf..c7233d7 100644 --- a/pipelines/images/imagebuild.sh +++ b/pipelines/images/imagebuild.sh @@ -32,8 +32,8 @@ REQUIRED_VARIABLES=( PROFILE # The ansible group to apply to the new image GIT_BRANCH # The git branch of the automation repo to checkout GIT_URL # The git URL of the automation repo to checkout - LXD_CLIENT_CERT # Path to LXD client certificate - LXD_CLIENT_KEY # Path to LXD client certificate key + INCUS_CLIENT_CERT # Path to INCUS client certificate + INCUS_CLIENT_KEY # Path to INCUS client certificate key SSH_PRIVATE_KEY # Path to SSH private key TEST # 'true' to test launching published image ) @@ -53,18 +53,18 @@ INSTANCE_START_TIMEOUT="${INSTANCE_START_TIMEOUT:-120}" NETWORK_SLEEP="${NETWORK_SLEEP:-15}" # Dependencies -apt-get -y install lxd-client ansible jq +apt-get -y install incus-client ansible jq # Configuration -mkdir -p ~/.config/lxc -cp "${LXD_CLIENT_CERT}" ~/.config/lxc/client.crt -cp "${LXD_CLIENT_KEY}" ~/.config/lxc/client.key +mkdir -p ~/.config/incus +cp "${INCUS_CLIENT_CERT}" ~/.config/incus/client.crt +cp "${INCUS_CLIENT_KEY}" ~/.config/incus/client.key CLEANUP+=( - "rm -f ${HOME}/.config/lxc/client.crt" - "rm -f ${HOME}/.config/lxc/client.key" + "rm -f ${HOME}/.config/incus/client.crt" + "rm -f ${HOME}/.config/incus/client.key" ) -lxc remote add ci --accept-certificate --auth-type tls "${LXD_HOST}" -lxc remote switch ci +incus remote add ci --accept-certificate --auth-type tls "${INCUS_HOST}" +incus remote switch ci # Clone lttng-ci git clone -b "${GIT_BRANCH}" "${GIT_URL}" ci @@ -91,9 +91,9 @@ set +e TRIES_MAX=3 TRIES=0 while [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; do - if ! INSTANCE_NAME=$(lxc -q launch "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${SOURCE_IMAGE_NAME}/${IMAGE_TYPE}") ; then + if ! INSTANCE_NAME=$(incus -q launch "${VM_ARG[@]}" -p default -p "${INCUS_INSTANCE_PROFILE}" "${SOURCE_IMAGE_NAME}/${IMAGE_TYPE}") ; then # Try from images - if ! INSTANCE_NAME=$(lxc -q launch "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" images:"${SOURCE_IMAGE_NAME}") ; then + if ! INSTANCE_NAME=$(incus -q launch "${VM_ARG[@]}" -p default -p "${INCUS_INSTANCE_PROFILE}" images:"${SOURCE_IMAGE_NAME}") ; then TRIES=$((TRIES + 1)) echo "Failed to deployed ephemereal instance attempt ${TRIES}/${TRIES_MAX}" if [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; then @@ -111,15 +111,15 @@ INSTANCE_NAME="$(echo "${INSTANCE_NAME}" | cut -d ':' -f 2 | tr -d ' ')" set -e CLEANUP+=( - "lxc delete -f ${INSTANCE_NAME}" - "lxc stop ${INSTANCE_NAME}" + "incus delete -f ${INSTANCE_NAME}" + "incus stop ${INSTANCE_NAME}" ) # VMs may take more time to start, wait until instance is running TIME_REMAINING="${INSTANCE_START_TIMEOUT}" while true ; do set +e - INSTANCE_STATUS=$(lxc exec "${INSTANCE_NAME}" hostname) + INSTANCE_STATUS=$(incus exec "${INSTANCE_NAME}" hostname) set -e if [[ "${INSTANCE_STATUS}" == "${INSTANCE_NAME}" ]] ; then break @@ -127,7 +127,7 @@ while true ; do sleep 1 TIME_REMAINING=$((TIME_REMAINING - 1)) if [ "${TIME_REMAINING}" -lt "0" ] ; then - fail 1 "Timed out waiting for instance to become available via 'lxc exec'" + fail 1 "Timed out waiting for instance to become available via 'incus exec'" fi done @@ -136,7 +136,7 @@ if [[ "${VARIANT}" == "cloud" ]] ; then # It's possible for cloud-init to fail, but to still be able to continue. # Eg., a profile asks for netplan.io on a system that doesn't have that # package available. - lxc exec "${INSTANCE_NAME}" -- cloud-init status -w || true + incus exec "${INSTANCE_NAME}" -- cloud-init status -w || true fi # Wait for instance to have an ip address (@TODO: is there a better approach?) @@ -145,10 +145,10 @@ sleep "${NETWORK_SLEEP}" # @TODO: Handle case when iputils2 is not installed INSTANCE_IP='' POTENTIAL_INTERFACES=(eth0 enp5s0) -lxc exec "${INSTANCE_NAME}" -- ip a +incus exec "${INSTANCE_NAME}" -- ip a set +e for interface in "${POTENTIAL_INTERFACES[@]}" ; do - if ! DEV_INFO="$(lxc exec "${INSTANCE_NAME}" -- ip a show dev "${interface}")" ; then + if ! DEV_INFO="$(incus exec "${INSTANCE_NAME}" -- ip a show dev "${interface}")" ; then continue fi INSTANCE_IP="$(echo "${DEV_INFO}" | grep -Eo 'inet [^ ]* ' | cut -d' ' -f2 | cut -d'/' -f1)" @@ -162,7 +162,7 @@ if [[ "${INSTANCE_IP}" == "" ]] ; then fi ssh-keyscan "${INSTANCE_IP}" >> ~/.ssh/known_hosts2 -#lxc exec "${INSTANCE_NAME}" -- bash -c 'for i in /etc/ssh/ssh_host_*_key ; do ssh-keygen -l -f "$i" ; done' >> "${HOME}/.ssh/known_hosts" +#incus exec "${INSTANCE_NAME}" -- bash -c 'for i in /etc/ssh/ssh_host_*_key ; do ssh-keygen -l -f "$i" ; done' >> "${HOME}/.ssh/known_hosts" CLEANUP+=( "rm -f ${HOME}/.ssh/known_hosts2" ) @@ -172,10 +172,10 @@ CLEANUP+=( "rm -f ${HOME}/.ssh/id_rsa.pub" "rm -f ${HOME}/.ssh/id_rsa" ) -lxc file push ~/.ssh/id_rsa.pub "ci:${INSTANCE_NAME}/root/.ssh/authorized_keys2" +incus file push ~/.ssh/id_rsa.pub "ci:${INSTANCE_NAME}/root/.ssh/authorized_keys2" # Some distros, eg. Rocky Linux, don't enable the use of authorized_keys2 # by default -lxc exec "ci:${INSTANCE_NAME}" -- bash -c 'if test -f /etc/redhat-release ; then sed -i "s#^AuthorizedKeysFile.*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2#" /etc/ssh/sshd_config ; systemctl restart sshd ; fi' +incus exec "ci:${INSTANCE_NAME}" -- bash -c 'if test -f /etc/redhat-release ; then sed -i "s#^AuthorizedKeysFile.*#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2#" /etc/ssh/sshd_config ; systemctl restart sshd ; fi' # Confirm working SSH connection @@ -202,10 +202,10 @@ LANG=C ANSIBLE_STRATEGY=linear ansible-playbook \ -l "${INSTANCE_IP}" -i fake-inventory # Graceful shutdown -lxc stop "${INSTANCE_NAME}" +incus stop "${INSTANCE_NAME}" # Publish -if FINGERPRINT=$(lxc publish "${INSTANCE_NAME}" 2>&1 | grep -E -o '[A-Fa-f0-9]{64}') ; then +if FINGERPRINT=$(incus publish "${INSTANCE_NAME}" 2>&1 | grep -E -o '[A-Fa-f0-9]{64}') ; then echo "Published instance with fingerprint '${FINGERPRINT}'" else fail 1 "No fingerprint for published instance" @@ -216,7 +216,7 @@ TRIES=0 if [[ "${TEST}" == "true" ]] ; then set +e while [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; do - if ! INSTANCE_NAME=$(lxc -q launch -e "${VM_ARG[@]}" -p default -p "${LXD_INSTANCE_PROFILE}" "${FINGERPRINT}") ; then + if ! INSTANCE_NAME=$(incus -q launch -e "${VM_ARG[@]}" -p default -p "${INCUS_INSTANCE_PROFILE}" "${FINGERPRINT}") ; then TRIES=$((TRIES + 1)) echo "Failed to launch instance try ${TRIES}/${TRIES_MAX}" if [[ "${TRIES}" -lt "${TRIES_MAX}" ]] ; then @@ -227,7 +227,7 @@ if [[ "${TEST}" == "true" ]] ; then else INSTANCE_NAME="$(echo "${INSTANCE_NAME}" | cut -d':' -f2 | tr -d ' ')" CLEANUP+=( - "lxc stop -f ${INSTANCE_NAME}" + "incus stop -f ${INSTANCE_NAME}" ) break fi @@ -235,5 +235,5 @@ if [[ "${TEST}" == "true" ]] ; then set -e fi -lxc image alias delete "${TARGET_IMAGE_NAME}" || true -lxc image alias create "${TARGET_IMAGE_NAME}" "${FINGERPRINT}" +incus image alias delete "${TARGET_IMAGE_NAME}" || true +incus image alias create "${TARGET_IMAGE_NAME}" "${FINGERPRINT}"