Packit failures w/a

There connectivity issues between bluechi-controller
and qm-node1 bluechi-agent failing tier-0 tests

Adding --tz local for each container
Disk selinux container cleanup

Signed-off-by: Yariv Rachmani <[email protected]>

.packit.yaml

@@ -70,8 +70,6 @@ jobs:
  hardware:
  disk:
  - size: ">= 20 GB"
-
-
  - job: tests
  trigger: pull_request
  identifier: e2e-ffi

tests/e2e/lib/container

@@ -62,6 +62,7 @@ file: ${container_file} tag: ${container_tag}"
  # Execute the container
  eval "$(podman run -d \
  --privileged \
+ --tz local \
  --network podmanDualStack \
  --name "${container_name}" \
  --hostname "${container_name}" \

tests/ffi/agent-flood/test.sh

@@ -64,7 +64,6 @@ run_test_containers(){
  done
 }
 
-disk_cleanup
 prepare_test
 reload_config
 prepare_images
@@ -86,6 +85,9 @@ for ((i=1;i<=NUMBER_OF_NODES;i++)); do
  fi
 done
 
+# Call cleanup
+disk_cleanup
+
 #check ASIL bluechi-agent is connected
 connection_cnt="$(grep -e Connected -e "'localrootfs'" \
  -oc <<< "$(systemctl status -l --no-pager bluechi-agent)")"

tests/ffi/common/prepare.sh

@@ -11,20 +11,20 @@ prepare_test() {
  # Remove 'DropCapability=sys_resource' enable nested container in QM
  exec_cmd "sed -i 's|DropCapability=sys_resource|#DropCapability=sys_resource|' \
  ${qm_service_file}"
- exec_cmd "restorecon -RFv /var/lib/containers"
  # Changing QM score to 1000 to avoid full memory error on SoC
  if [[ -n "${PACKIT_COPR_PROJECT}" && "${PACKIT_COPR_PROJECT}" == "release" ]]; then
  exec_cmd "sed -i 's|OOMScoreAdjust.*|OOMScoreAdjust=1000|' ${qm_service_file}"
  fi
 }
 
 disk_cleanup() {
+ exec_cmd "podman exec qm bash -c \"podman container rm -f -t0 --all\""
  exec_cmd "systemctl stop qm"
  remove_file=$(find /var/qm -size +2G)
  exec_cmd "rm -f $remove_file"
- exec_cmd "systemctl start qm"
  remove_file=$(find /root -size +1G)
  exec_cmd "rm -f $remove_file"
+ exec_cmd "systemctl start qm"
 }
 
 reload_config() {
@@ -41,6 +41,7 @@ prepare_images() {
  exec_cmd "podman push ${image_id} dir:${QM_HOST_REGISTRY_DIR}/tools-ffi:latest"
  # Remove image to save /var space
  exec_cmd "podman image rm -f ${image_id}"
+ exec_cmd "restorecon -RFv /var/lib/containers"
  fi
 }
 

tests/ffi/deny_sched_setattr/test.sh

@@ -1,12 +1,13 @@
 #!/bin/bash -euvx
 
+# shellcheck disable=SC1091
+
 . ../common/prepare.sh
 
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 expected_result="sched_setattr failed: Operation not permitted"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -16,7 +17,9 @@ run_container_in_qm "ffi-qm"
 return_from_sched_setattr=$(podman exec -it qm /bin/bash -c \
  'podman exec -it ffi-qm ./QM/execute_sched_setattr')
 
-if [[ "${return_from_sched_setattr}" =~ "${expected_result}" ]]; then
+disk_cleanup
+
+if [[ "${return_from_sched_setattr}" =~ ${expected_result} ]]; then
  info_message "QM not allow SCHED_DEADLINE be set via sched_setattr() syscall."
 else
  info_message "Failure: SCHED_DEADLINE can not be set via sched_setattr() syscall in QM."

tests/ffi/deny_set_scheduler/test.sh

@@ -1,12 +1,13 @@
 #!/bin/bash -euvx
 
+# shellcheck disable=SC1091
+
 . ../common/prepare.sh
 
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 expected_result="Failed to set scheduler: Operation not permitted"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -16,9 +17,13 @@ run_container_in_qm "ffi-qm"
 return_from_setscheduler=$(podman exec -it qm /bin/bash -c \
  'podman exec -it ffi-qm ./QM/test_sched_setscheduler')
 
+# Call cleanup
+disk_cleanup
+
 if [[ "${return_from_setscheduler}" =~ ${expected_result} ]]; then
  info_message "set_scheduler() syscall denied in QM."
 else
  info_message "set_scheduler() syscall can be executed in QM."
  exit 1
-fi
+fi
+

tests/ffi/disk/test.sh

@@ -4,7 +4,6 @@
 
 . ../common/prepare.sh
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -23,4 +22,6 @@ fi
 
 ls -lh /root/file.lock
 
+disk_cleanup
+
 

tests/ffi/memory/test.sh

@@ -7,7 +7,6 @@
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -25,6 +24,9 @@ podman exec -it qm /bin/bash -c \
  "podman run --replace --name ffi-qm dir:${QM_REGISTRY_DIR}/tools-ffi:latest \
  ./QM/90_percent_memory_eat > /dev/null"
 
+# Call cleanup
+disk_cleanup
+
 if [ $? -eq 137 ]; then
  echo ffi-qm was killed by SIGKILL
 fi

tests/ffi/modules/test.sh

@@ -7,7 +7,6 @@
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -21,6 +20,9 @@ run_container_in_qm ffi-qm
 msg=$(podman exec -it qm /bin/bash -c \
  "podman exec ffi-qm ./modprobe_module 2>&1")
 
+# Call cleanup
+disk_cleanup
+
 # Check result message displays right.
 if grep -eq "modprobe: FATAL: Module ext4 not found in directory /lib/modules/*" "$msg"; then
  if_error_exit "Module ext4 should not found in /lib/modules/ inside QM"

tests/ffi/qm-oom-score-adj/test.sh

@@ -7,7 +7,6 @@
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -26,7 +25,7 @@ podman exec -it qm /bin/bash -c \
 QM_PID=$(podman inspect qm --format '{{.State.Pid}}' | tr -d '\r')
 QM_FFI_PID=$(podman exec -it qm /bin/bash -c "podman inspect ffi-qm --format '{{.State.Pid}}'" | tr -d '\r')
 
-QM_OOM_SCORE_ADJ=$(cat /proc/$QM_PID/oom_score_adj)
+QM_OOM_SCORE_ADJ=$(cat /proc/"$QM_PID"/oom_score_adj)
 QM_FFI_OOM_SCORE_ADJ=$(podman exec -it qm /bin/bash -c "cat /proc/$QM_FFI_PID/oom_score_adj" | tr -d '\r')
 
 
@@ -37,5 +36,5 @@ test "$QM_OOM_SCORE_ADJ" -eq "500"
 # for the containers that would run inside of the qm container.
 test "$QM_FFI_OOM_SCORE_ADJ" -eq "750"
 
-podman exec -it qm /bin/bash -c "podman stop ffi-qm > /dev/null"
-
+# Call cleanup
+disk_cleanup

tests/ffi/sysctl/test.sh

@@ -7,7 +7,6 @@
 export QM_HOST_REGISTRY_DIR="/var/qm/lib/containers/registry"
 export QM_REGISTRY_DIR="/var/lib/containers/registry"
 
-disk_cleanup
 prepare_test
 reload_config
 
@@ -20,13 +19,15 @@ run_container_in_qm ffi-qm
 # Get numbers of sysctl permission denied
 sysctl_num=$(podman exec qm /bin/bash -c \
  "podman exec ffi-qm ./setsysctl 2>&1" | grep -c "sysctl: permission denied on key")
+# Call cleanup
+disk_cleanup
 
 # We execute 'X' sysctl call(s) inside a nested container running in a QM environment
 # to determine if changes are allowed, which should be denied for:
 # - Network subsystem
 # - Virtual memory subsystem
 SYSCTL_DENIED_COUNT=5
-if [ $sysctl_num -eq "${SYSCTL_DENIED_COUNT}" ];then
+if [ "$sysctl_num" -eq "${SYSCTL_DENIED_COUNT}" ];then
  info_message "Attempt to change OS level are denied successfully inside QM container."
  exit 0
 fi