From 44355f548b174575608ebe1353f6b6d806d51e06 Mon Sep 17 00:00:00 2001 From: Ed Santiago Date: Tue, 5 Jul 2022 13:27:24 -0600 Subject: [PATCH] Force CgroupsV1 on Ubuntu PR #115 removed a force-cgroups-v2 setup for Ubuntu, possibly assuming that Ubuntu uses cgroups v1 by default? That doesn't seem to be the case: the Ubuntu I've looked at (via Cirrus rerun-with-terminal) seems to default to v2. End result is that we've been running CI for months without testing runc. This PR forces cgroups v1 on Ubuntu, via grub boot args. As of 2022-07-20 the version of criu in Ubuntu is broken, which requires us to install from something called OBS. There was some OBS-installing code present, but it didn't lend itself to reuse, so I refactored it and added a temporary use-criu-from-obs line with a timestamped FIXME. Signed-off-by: Ed Santiago --- cache_images/ubuntu_packaging.sh | 63 ++++++++++++++++++++++++-------- cache_images/ubuntu_setup.sh | 3 +- 2 files changed, 50 insertions(+), 16 deletions(-) diff --git a/cache_images/ubuntu_packaging.sh b/cache_images/ubuntu_packaging.sh index 04d7970f..253f7785 100644 --- a/cache_images/ubuntu_packaging.sh +++ b/cache_images/ubuntu_packaging.sh @@ -27,21 +27,54 @@ if [[ "$OS_RELEASE_VER" -le 2004 ]]; then fi # The OpenSuse Open Build System must be utilized to obtain newer -# development versions of podman/buildah/skopeo & dependencies, -# in order to support upstream (i.e. bleeding-edge) development and -# automated testing. These packages are not otherwise intended for -# end-user consumption. -VERSION_ID=$(source /etc/os-release; echo $VERSION_ID) -# Overview: https://build.opensuse.org/project/show/devel:kubic:libcontainers:unstable -REPO_URL="https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/unstable/xUbuntu_$VERSION_ID/" -GPG_URL="https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$VERSION_ID/Release.key" - -echo "deb $REPO_URL /" | ooe.sh $SUDO \ - tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable:ci.list -curl --fail --silent --location --url "$GPG_URL" | \ - gpg --dearmor | \ - $SUDO tee /etc/apt/trusted.gpg.d/devel_kubic_libcontainers_unstable_ci.gpg &> /dev/null - +# development versions of some tools. This helper sets up config +# files for apt to fetch packages from OBS. We can be called with +# a variable number of arguments; I think the term is "subprojects"? +function setup_obs() { + # Version of ubuntu, e.g., 22.04 + local xubuntu_version + xubuntu_version="xUbuntu_$(source /etc/os-release; echo $VERSION_ID)" + + local base_url="https://download.opensuse.org/repositories/devel" + + # Assemble the .deb repo URL by appending colon-slash-item for each arg + local repo_url="$base_url" + local repo_file="/etc/apt/sources.list.d/devel" + for i in "$@"; do + repo_url+=":/$i" + repo_file+=":$i" + done + repo_url+="/${xubuntu_version}/" + repo_file+=":ci.list" + echo "deb $repo_url /" | ooe.sh $SUDO tee "$repo_file" + + # GPG key URL is similar to .deb repo, but just colons, no slashes + local gpg_url="$base_url" + local gpg_file="/etc/apt/trusted.gpg.d/devel" + for i in "$@"; do + gpg_url+=":$i" + gpg_file+="_$i" + done + gpg_url+="/${xubuntu_version}/Release.key" + gpg_file+="_ci.gpg" + curl --fail --silent --location --url "$gpg_url" | \ + gpg --dearmor | \ + $SUDO tee "$gpg_file" &> /dev/null +} + +# OBS: podman/buildah/skopeo & dependencies, in order to support +# upstream (i.e. bleeding-edge) development and automated testing. +# These packages are not otherwise intended for end-user consumption. +# We expect to need this repo for the foreseeable future. +# See https://build.opensuse.org/project/show/devel:kubic:libcontainers:unstable +setup_obs kubic libcontainers unstable + +# OBS: FIXME! TEMPORARY! 2022-07-20! Needed because a glibc update broke criu. +# >>> PLEASE REMOVE THIS ONCE CRIU GETS FIXED IN REGULAR UBUNTU! +# >>> (No, I -- Ed -- have no idea how to even check that, sorry). +# Context: https://github.com/containers/podman/pull/14972 +# Context: https://github.com/checkpoint-restore/criu/issues/1935 +setup_obs tools criu # N/B: DO NOT install the bats package on Ubuntu VMs, it's broken. # ref: (still open) https://bugs.launchpad.net/ubuntu/+source/bats/+bug/1882542 diff --git a/cache_images/ubuntu_setup.sh b/cache_images/ubuntu_setup.sh index 34dedfd8..de13f919 100644 --- a/cache_images/ubuntu_setup.sh +++ b/cache_images/ubuntu_setup.sh @@ -23,7 +23,8 @@ bash $SCRIPT_DIRPATH/ubuntu_packaging.sh if ! ((CONTAINER)); then warn "Making Ubuntu kernel to enable cgroup swap accounting" - SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1"/' + warn "Forcing CgroupsV1" + SEDCMD='s/^GRUB_CMDLINE_LINUX="(.*)"/GRUB_CMDLINE_LINUX="\1 cgroup_enable=memory swapaccount=1 systemd.unified_cgroup_hierarchy=0"/' ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub.d/* ooe.sh $SUDO sed -re "$SEDCMD" -i /etc/default/grub ooe.sh $SUDO update-grub