-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ansible: add Ubuntu 22.04 sharedlibs container #3371
Conversation
In draft while I test the new container (being done in https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/). I have a single test container, test-softlayer-ubuntu2204_sharedlibs_container-x64-1, on the Softlayer Docker host. This started as adding a variant of OpenSSL 3.0 with FIPS enabled, and then I also added OpenSSL 3.1 and figured I'd create a new container based on Ubuntu 22.04 as we'll eventually need to replace the Ubuntu 18.04 containers. |
fe313dd
to
784d0f1
Compare
Just a question: since the host is still running on Ubuntu 18.04, how can we know whether Ubuntu 22.04 is able to run with the host's kernel? I tried googling this, but didn't find any answer. |
I don't have an answer to that either. I guess the same question applies to the Alpine containers running on it. AFAICT from the two runs of https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/ I've had so far, the existing node-test-commit-linux-containered (the original job) sub-jobs are passing in the Ubuntu 22.04 container. I could try updating the host OS to Ubuntu 22.04? |
8751485
to
8aad3b5
Compare
Doesn't have to be done now if everything works, but we should do it soon (Ubuntu 18.04 is EoL). |
8aad3b5
to
cd27edc
Compare
Add an Ubuntu 22.04 based sharedlibs container, intended to eventually replace the Ubuntu 18.04 based one. Changes compared to the Ubuntu 18.04 container: - Add FIPS variant for OpenSSL 3.0. - Add OpenSSL 3.1. - Dropped older versions of ICU that were used for Node.js 14.
Upgrade the Softlayer Docker host from Ubuntu 18.04 to Ubuntu 22.04. Rename the host from "test-softlayer-ubuntu1804_docker-x64-1" to "test-ibm-ubuntu2204_docker-x64-1".
cd27edc
to
2c2a5b6
Compare
SSL routines:tls_process_ske_dhe:dh key too small 10:01:39 not ok 2807 parallel/test-tls-dhe
10:01:39 ---
10:01:39 duration_ms: 0.550
10:01:39 severity: fail
10:01:39 exitcode: 1
10:01:39 stack: |-
10:01:39 node:assert:991
10:01:39 throw newErr;
10:01:39 ^
10:01:39
10:01:39 AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Command failed: /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
10:01:39 Can't use SSL_get_servername
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify error:num=18:self-signed certificate
10:01:39 verify return:1
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify return:1
10:01:39 40B7E174147F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:
10:01:39
10:01:39 at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:410:12
10:01:39 at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:447:15
10:01:39 at ChildProcess.exithandler (node:child_process:427:5)
10:01:39 at ChildProcess.exithandler (node:child_process:419:12)
10:01:39 at ChildProcess.emit (node:events:513:28)
10:01:39 at maybeClose (node:internal/child_process:1091:16)
10:01:39 at ChildProcess._handle.onexit (node:internal/child_process:302:5) {
10:01:39 generatedMessage: false,
10:01:39 code: 'ERR_ASSERTION',
10:01:39 actual: Error: Command failed: /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
10:01:39 Can't use SSL_get_servername
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify error:num=18:self-signed certificate
10:01:39 verify return:1
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify return:1
10:01:39 40B7E174147F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:
10:01:39
10:01:39 at ChildProcess.exithandler (node:child_process:419:12)
10:01:39 at ChildProcess.emit (node:events:513:28)
10:01:39 at maybeClose (node:internal/child_process:1091:16)
10:01:39 at ChildProcess._handle.onexit (node:internal/child_process:302:5) {
10:01:39 code: 1,
10:01:39 killed: false,
10:01:39 signal: null,
10:01:39 cmd: '/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
10:01:39 },
10:01:39 expected: null,
10:01:39 operator: 'ifError'
10:01:39 }
10:01:39
10:01:39 Node.js v18.16.1-pre
10:01:39 ... This looks like nodejs/node#48192 so we'd need that merged before switching node-test-commit-linux-containered over to the Ubuntu 22.04 containers. The test is not failing for |
Test runs with Ubuntu 22.04 container:
New tests:
|
This is ready for review. We can't swap node-test-commit-linux-containered over to the new containers for the existing jobs until nodejs/node#48192 lands on v18.x-staging but that's all independent of these Ansible changes anyway. The new OpenSSL 3.1 testing requires nodejs/node#47859 (test fixes) on all release lines, or VersionSelector changes to exclude running it on older releases. OpenSSL 3.0 FIPS testing won't be added until nodejs/node#48379 is resolved. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Add an Ubuntu 22.04 based sharedlibs container, intended to eventually replace the Ubuntu 18.04 based one.
Changes compared to the Ubuntu 18.04 container: