ansible: add Ubuntu 22.04 sharedlibs container #3371
Conversation
|
In draft while I test the new container (being done in https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/). I have a single test container, test-softlayer-ubuntu2204_sharedlibs_container-x64-1, on the Softlayer Docker host. This started as adding a variant of OpenSSL 3.0 with FIPS enabled, and then I also added OpenSSL 3.1 and figured I'd create a new container based on Ubuntu 22.04 as we'll eventually need to replace the Ubuntu 18.04 containers. |
richardlau
force-pushed
the
openssl-containers
branch
from
fe313dd
to
784d0f1
Compare
|
Just a question: since the host is still running on Ubuntu 18.04, how can we know whether Ubuntu 22.04 is able to run with the host's kernel? I tried googling this, but didn't find any answer. |
|
I don't have an answer to that either. I guess the same question applies to the Alpine containers running on it. AFAICT from the two runs of https://ci.nodejs.org/job/richardlau-node-test-commit-linux-containered/ I've had so far, the existing node-test-commit-linux-containered (the original job) sub-jobs are passing in the Ubuntu 22.04 container. I could try updating the host OS to Ubuntu 22.04? |
richardlau
force-pushed
the
openssl-containers
branch
2 times, most recently
from
8751485
to
8aad3b5
Compare
Doesn't have to be done now if everything works, but we should do it soon (Ubuntu 18.04 is EoL). |
richardlau
force-pushed
the
openssl-containers
branch
from
8aad3b5
to
cd27edc
Compare
Add an Ubuntu 22.04 based sharedlibs container, intended to eventually replace the Ubuntu 18.04 based one. Changes compared to the Ubuntu 18.04 container: - Add FIPS variant for OpenSSL 3.0. - Add OpenSSL 3.1. - Dropped older versions of ICU that were used for Node.js 14.
Upgrade the Softlayer Docker host from Ubuntu 18.04 to Ubuntu 22.04. Rename the host from "test-softlayer-ubuntu1804_docker-x64-1" to "test-ibm-ubuntu2204_docker-x64-1".
richardlau
force-pushed
the
openssl-containers
branch
from
cd27edc
to
2c2a5b6
Compare
|
SSL routines:tls_process_ske_dhe:dh key too small10:01:39 not ok 2807 parallel/test-tls-dhe
10:01:39 ---
10:01:39 duration_ms: 0.550
10:01:39 severity: fail
10:01:39 exitcode: 1
10:01:39 stack: |-
10:01:39 node:assert:991
10:01:39 throw newErr;
10:01:39 ^
10:01:39
10:01:39 AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Command failed: /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
10:01:39 Can't use SSL_get_servername
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify error:num=18:self-signed certificate
10:01:39 verify return:1
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify return:1
10:01:39 40B7E174147F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:
10:01:39
10:01:39 at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:410:12
10:01:39 at /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/test/common/index.js:447:15
10:01:39 at ChildProcess.exithandler (node:child_process:427:5)
10:01:39 at ChildProcess.exithandler (node:child_process:419:12)
10:01:39 at ChildProcess.emit (node:events:513:28)
10:01:39 at maybeClose (node:internal/child_process:1091:16)
10:01:39 at ChildProcess._handle.onexit (node:internal/child_process:302:5) {
10:01:39 generatedMessage: false,
10:01:39 code: 'ERR_ASSERTION',
10:01:39 actual: Error: Command failed: /home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
10:01:39 Can't use SSL_get_servername
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify error:num=18:self-signed certificate
10:01:39 verify return:1
10:01:39 depth=0 C = US, ST = CA, L = SF, O = Joyent, OU = Node.js, CN = agent2, emailAddress = ry@tinyclouds.org
10:01:39 verify return:1
10:01:39 40B7E174147F0000:error:0A00018A:SSL routines:tls_process_ske_dhe:dh key too small:../deps/openssl/openssl/ssl/statem/statem_clnt.c:2100:
10:01:39
10:01:39 at ChildProcess.exithandler (node:child_process:419:12)
10:01:39 at ChildProcess.emit (node:events:513:28)
10:01:39 at maybeClose (node:internal/child_process:1091:16)
10:01:39 at ChildProcess._handle.onexit (node:internal/child_process:302:5) {
10:01:39 code: 1,
10:01:39 killed: false,
10:01:39 signal: null,
10:01:39 cmd: '/home/iojs/build/workspace/richardlau-node-test-commit-linux-containered/out/Release/openssl-cli s_client -connect 127.0.0.1:45863 -cipher DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
10:01:39 },
10:01:39 expected: null,
10:01:39 operator: 'ifError'
10:01:39 }
10:01:39
10:01:39 Node.js v18.16.1-pre
10:01:39 ...This looks like nodejs/node#48192 so we'd need that merged before switching node-test-commit-linux-containered over to the Ubuntu 22.04 containers. The test is not failing for |
|
Test runs with Ubuntu 22.04 container:
New tests:
|
|
This is ready for review. We can't swap node-test-commit-linux-containered over to the new containers for the existing jobs until nodejs/node#48192 lands on v18.x-staging but that's all independent of these Ansible changes anyway. The new OpenSSL 3.1 testing requires nodejs/node#47859 (test fixes) on all release lines, or VersionSelector changes to exclude running it on older releases. OpenSSL 3.0 FIPS testing won't be added until nodejs/node#48379 is resolved. |
Add an Ubuntu 22.04 based sharedlibs container, intended to eventually replace the Ubuntu 18.04 based one.
Changes compared to the Ubuntu 18.04 container: