Techognito/starter-kit
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

package.json: Update react package dependency

Browse source 
Closes #211
This commit is contained in:
Cockpituous 2019-08-22 16:08:36 +00:00
parent 044b8da55a
commit 5fc7d033f9
288 changed files with 13040 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
bots/images/candlepin Symbolic link
View file

@ -0,0 +1 @@
candlepin-3a39cecb7d2fea2e75b0093a891b3c476141406e20f332cb2a12f2dfb6e9d275.qcow2

1
bots/images/centos-7 Symbolic link
View file

@ -0,0 +1 @@
centos-7-3d4864aef14eb0fc7ca59857c99d75aadf22ea39286d56886e55f408dabe6943.qcow2

1
bots/images/cirros Symbolic link
View file

@ -0,0 +1 @@
cirros-d5fcb44e05f2dafc7eaab6bce906ba9cc06af51f84f1e7a527fe12102e34bbcf.qcow2

1
bots/images/continuous-atomic Symbolic link
View file

@ -0,0 +1 @@
continuous-atomic-dbc11a3d5baae076e743c572673c8675500eafcc7a8ac73f35e3dbac2871f611.qcow2

1
bots/images/debian-stable Symbolic link
View file

@ -0,0 +1 @@
debian-stable-20f723ddf309888c23b2e3c1269d49f73998ebe7b93e2ce8ef956fc75b82978e.qcow2

1
bots/images/debian-testing Symbolic link
View file

@ -0,0 +1 @@
debian-testing-67a76310b5690cb438eea9871943d1ed62bf4b58ab82f0fa3916036fed5fd4d6.qcow2

1
bots/images/fedora-23-stock Symbolic link
View file

@ -0,0 +1 @@
fedora-23-stock-1a7ce615dcf1772ff6514148513fc88e420b9179f32c5395e3a27dab3b107dcc.qcow2

1
bots/images/fedora-29 Symbolic link
View file

@ -0,0 +1 @@
fedora-29-7dffa701d72a40e18bbe60d6abd2b28074601e4830f62d24e70ea14de6b59714.qcow2

1
bots/images/fedora-30 Symbolic link
View file

@ -0,0 +1 @@
fedora-30-6169ef919387b02fee781d978026ca00fb90d797d34362ee05aef74bfb33f7ce.qcow2

1
bots/images/fedora-atomic Symbolic link
View file

@ -0,0 +1 @@
fedora-atomic-9b7a5c5c6f4f71bae65d3e6de050325f849ac68a4de9a43382eddd251bb08d29.qcow2

1
bots/images/fedora-i386 Symbolic link
View file

@ -0,0 +1 @@
fedora-i386-f5c6c9730facd6b7d00d5c07f59cf7bf3a9ce3de1270f174cf5d9aefcd86a297.qcow2

1
bots/images/fedora-stock Symbolic link
View file

@ -0,0 +1 @@
stock-fedora-22-x86_64-2.qcow2

1
bots/images/fedora-testing Symbolic link
View file

@ -0,0 +1 @@
fedora-testing-72c693493fcbf66cb9ed70b1ceebd7b76ce32972bb1c00a90d1246e15a2ca62d.qcow2

21
bots/images/files/ca.pem Normal file
View file

@ -0,0 +1,21 @@
# This is the CA for cockpit-tests images and data
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIJANdoyGJiUz+8MA0GCSqGSIb3DQEBCwUAMDUxEDAOBgNV
BAoMB0NvY2twaXQxFDASBgNVBAsMC0NvY2twaXR1b3VzMQswCQYDVQQDDAJDQTAg
Fw0xOTAyMDcxMDE4NDNaGA8zMDE4MDYxMDEwMTg0M1owNTEQMA4GA1UECgwHQ29j
a3BpdDEUMBIGA1UECwwLQ29ja3BpdHVvdXMxCzAJBgNVBAMMAkNBMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvIZetd5yEhdE0c/9lYp1mC4M6qiu6E2
wVMbJLwsOuCyCSaZs5eDap1kremHz7ms+Fq07TUsN/o5U7PBnNgM3z6Zbv78QN6R
wn6ovLHfCyVqpg0nPMh3Hzpd0HDZQ+3eBayL2xfmBhU8p1+/vWVBOe49SDO15YDM
/Ian7I/HRsnprz5PH3atquSf+B8/Q+lgbO0dHKhXlbnTsSy/Esee82HhYrDlxD3p
Ow7EcZ7HACh/2dvF70BQpjnxTEc//4LNgP7hiqk4phsGzM/9QSFHW8ol4XlBDUi0
F5nNXZTs3jKITTOeda5mppuKoZoC+7iFk8dLvV0Y187xD38X2XgGnwIDAQABox0w
GzAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEA
PHaVKb97ZN2m/sEVU+TGepVhCZ15frIaCJRuBPEs5rwcJjIctyRF4H6R6ec2b2lB
6ni9eqU6pPgS+rVJPsxqCpelQiCZALR7FYoA6+FtfpLkB5+zwJUfexr7Q6I7llWI
8OBOmtEADRv//2D+Iu6mM6nkzUK1K/wCcFS//roLjK/nKH2xd2lWbYk2Ro+nTPIm
slwgk6fAUXQcd5v/XqrySZ5jny73jMqo7SRVC5suNuAfiT0/YGvE5N99+I5AkD5I
R/R80/w1bDExfcqtx5UPBitMG2bx/gA07k4XbAGsEH5zvIdgsV9S5uYQEDjIRZys
ScLMpNOd3JyD7ncvr6Ga6g==
-----END CERTIFICATE-----

37
bots/images/files/openshift.kubeconfig Normal file
View file

@ -0,0 +1,37 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2akNDQWRLZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0lnWURWUVFEREJ0dmNHVnUKYzJocFpuUXRjMmxuYm1WeVFERTFOak15TXpFME1UVXdIaGNOTVRrd056RTFNakkxTmpVMVdoY05NalF3TnpFegpNakkxTmpVMldqQW1NU1F3SWdZRFZRUUREQnR2Y0dWdWMyaHBablF0YzJsbmJtVnlRREUxTmpNeU16RTBNVFV3CmdnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURNMDNBMFpxOGE3UHhYTTNIcjVEQ2oKdWtreDl1ZVUzT2dTRlB0Q2tWcFpkNXkwbXlnTXYyK2ZUVko2eXRLRXBXNXFJVkZiTFVmWlZZdWxmZjhTUVVHdwpVbXNoQTRQa3Y4MjVscVZjKzdwVitlRkRvTU42L2hrNUFWMkt0WTh3QUl4T2gzclZER2E3N3dGUlRQMVBmeG9YCnZHNElpd3dCZElGaXpNdEp2dThvWHB4dUpUZkJjN3ZldXlPT1NxMEFXaTZQRER0Vkdka252K3hyMFcyeEJBS1oKM2tsWmY2Tnp0WTRIcGR5YUNXYUw1MVhTZzY0TlNoc2VPUytHRUhJVkJPREJtUTNJTDBQRTh4WGhlbldkSFA0RQpOaElSU21JcFNrdC95M3RYWTBqRDRjNDdXaEpTeTh2VEFlT1phaTZSVU1LZTNKWlZxWXF5czVzbnVtQzdYNDRwCkFnTUJBQUdqSXpBaE1BNEdBMVVkRHdFQi93UUVBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUcKU0liM0RRRUJDd1VBQTRJQkFRQmVFTmJIWVFqTVRFdmk4azhuNnczeTZxOWRqYnFMd29CNjJva2lVYy9hbGJvMQpHTDJkNDh6OTExYXd2bmE4UDJMNENSTEFRTDBpOFA4WkozN2I5VFlWU2JBNHE2emNiWCtuMlZlbmppd1JRRzZiCkkzNmI4OW4wWnRZdFU2VTBXY2hMc0p0VThybG5XUlhraEpnZERZeFR2elNrMGRxZEJ1UDdkTDROa1hJMlluNTAKeExHWjc0Ti9USngzRy9NN0tFcWoxVWh6cXprYWNPR3RCcVB6L1cxQXJMWFNwaGNrdHZiaGU5Q0hWSG5IaFMvMApYZWZiWjk4Vll6MHBCMWxObkdqTWx5TGlzclBMMUJteDk0VzBLL25RN1hHSmRKbk1ZckdHbWF2SWJnOUVqbVNxCkgyOEVMOTVUZ2xkVUJSa1ZmbVZRc1pTTHpta3JjSFZLWTFvMnVibUwKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
server: https://10.111.112.101:8443
name: 10-111-112-101:8443
contexts:
- context:
cluster: 10-111-112-101:8443
user: scruffy/10-111-112-101:8443
name: /10-111-112-101:8443/scruffy
- context:
cluster: 10-111-112-101:8443
namespace: default
user: system:admin/10-111-112-101:8443
name: default/10-111-112-101:8443/system:admin
- context:
cluster: 10-111-112-101:8443
namespace: marmalade
user: scruffy/10-111-112-101:8443
name: marmalade/10-111-112-101:8443/scruffy
- context:
cluster: 10-111-112-101:8443
namespace: pizzazz
user: scruffy/10-111-112-101:8443
name: pizzazz/10-111-112-101:8443/scruffy
current-context: default/10-111-112-101:8443/system:admin
kind: Config
preferences: {}
users:
- name: scruffy/10-111-112-101:8443
user:
token: pnHabWrkS-QNwczCj3dGg54ds8ck3NTuimQ-3PXSwl8
- name: system:admin/10-111-112-101:8443
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lCQ0RBTkJna3Foa2lHOXcwQkFRc0ZBREFtTVNRd0lnWURWUVFEREJ0dmNHVnUKYzJocFpuUXRjMmxuYm1WeVFERTFOak15TXpFME1UVXdIaGNOTVRrd056RTFNakkxTmpVNFdoY05NakV3TnpFMApNakkxTmpVNVdqQk9NVFV3RlFZRFZRUUtFdzV6ZVhOMFpXMDZiV0Z6ZEdWeWN6QWNCZ05WQkFvVEZYTjVjM1JsCmJUcGpiSFZ6ZEdWeUxXRmtiV2x1Y3pFVk1CTUdBMVVFQXhNTWMzbHpkR1Z0T21Ga2JXbHVNSUlCSWpBTkJna3EKaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0WC9mSU16dThMY3JTRTZXb3hWUXZNWWgyRHZRTjEvNQp2SXZPRndVVFpTWERPcFc1Ly9tSHg0TFFid29mOXMyQUJjZzQ4N3c0UjhiMzY0blZhVVJGWVVnNHlycm8xOWpCCjJzZkZKbjd0UDgrVC9JNXB5WFY1SVBWMXFDN2ozNXMxUlhXb25icElwVzU5WHZPYU9hdm5CaDFHc3RaYW1VTjEKL1pEUXE4TlRuVXg1aEozWjZPSGx4bFNhUXhQZk9IbituRVZNZTNMUTNjeitydkNMalVKcVY4b05aTlpqUEVTZwpWY0dqb2dobW15MVZkNUhOeGV6WGdCYVZ0VDRkTWc0Ym5HRTBnT1B3OFdpUTNwNUY4M0RibXVUck5oYzBNdmhLClBIa0ZkWVBmeWpVMlNCSjY3aFltVmY4SXhFQVllT3VsOVdLWFFYditwRzZHS3pURkdsVTc1d0lEQVFBQm96VXcKTXpBT0JnTlZIUThCQWY4RUJBTUNCYUF3RXdZRFZSMGxCQXd3Q2dZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFILwpCQUl3QURBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWgzNHpFYVZ1UkhQczBqMHE5b1ZSSHZnNkJnQ09BWXcxCjBjNjdKeXBQeUZOaHVYS3d6WnNYK1FMRXZUKzdITUpwRzN2ZTJ2OU0wbTRsNjdWK0pXeTBiczczb0hrTTRCM28KOUxJK2hocTJaOUtLMVJQM0NHUVZZdDdTWmpuUzk3Nk55anR2OXVHY3h2aGZtZWlOY0Q0MVd2ZHZvRkthc2I5Sgp3Y2JDb0UwTFdMdENXdHFHbGo3WGF0c0FCL0dpK05GeEtnRWRZcEU5K0UwaXRCSzdIVzJaSHJCV0NMRmc5Mnl5ClhtZUdvVDZVeGg1MEZFSVpsWmtIdWxTckN4eXpwZUx6QUJrKzdYZmNjdm1NK04vOS9MV0pYK1JPZ3NEYm10ZUoKQzVtZUY3ZkhNemV6OXI3Zk9hSGg0YWVDU0NGb0JvbTlvM1c0WVdOOHpWaUJRbkJLSXZxU3BBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBNFgvZklNenU4TGNyU0U2V294VlF2TVloMkR2UU4xLzV2SXZPRndVVFpTWERPcFc1Ci8vbUh4NExRYndvZjlzMkFCY2c0ODd3NFI4YjM2NG5WYVVSRllVZzR5cnJvMTlqQjJzZkZKbjd0UDgrVC9JNXAKeVhWNUlQVjFxQzdqMzVzMVJYV29uYnBJcFc1OVh2T2FPYXZuQmgxR3N0WmFtVU4xL1pEUXE4TlRuVXg1aEozWgo2T0hseGxTYVF4UGZPSG4rbkVWTWUzTFEzY3orcnZDTGpVSnFWOG9OWk5aalBFU2dWY0dqb2dobW15MVZkNUhOCnhlelhnQmFWdFQ0ZE1nNGJuR0UwZ09QdzhXaVEzcDVGODNEYm11VHJOaGMwTXZoS1BIa0ZkWVBmeWpVMlNCSjYKN2hZbVZmOEl4RUFZZU91bDlXS1hRWHYrcEc2R0t6VEZHbFU3NXdJREFRQUJBb0lCQVFESWJTbGJOQXNrTlFucAphTUNIRDBrRm9HMHdqbWxRN3FOQUxGcnZKdm5JS3pwTTlndXVNcEcyaU5UTi9RZlFDM05Bc0dlK2E0cnljU3ltClU0bzEyQko2bHdDellGSFlsN1lseU8yNGU1UlA1U1k1a2pNQWRzTkV3aWJqWjFudXd6c2tFNkhkSDFlMmduQTQKVnZpN1RjazNMQXBNcGkwOGtETnRQcXZhSHZCUW01ODZJVXFIZW1HL3pKQlBWZCtoZ2EwdjhlWFVZSlFuZE1iWApQa2N1Q0ovYnI4a2pGaGhac2k0YjBmK3lubHB6WmdwZFhqeExtNmJhaC9wOFYwZVMyeGlzeDdVMkhJMFZ3UUZxCmwxMUhzWk81WW1jdGpVMVR0L1FkSk95OG9yWjYrb3cxQ2JEL3BySlJpM2c2K2JDVFR0N2RDU2wydmxJWlZCR0gKeHpLdzFSdlJBb0dCQU8xTkFLSXp4RkoyNGtvSlNRRWErMmRIeVdCMEdMRVB6WE9kNzJxZnFscWRhOWIxRW93awpRcUF2OVBqay83SUlpVTZXTXhOVTFJVUd3aitnbnlEbXVvUmZZTkRaZ3RxZGVCUmFycWQyeUhjNi95a2U4K2tpCnNDY0dheStIVTVodndyUWcwdEhSSE9DTjJhTkw4RFpjZjh4N0hndHVtdXYzWWo1VEo5VXNEd2NMQW9HQkFQTkUKemlFZmxNYWtNZ2lwRS9uaWRRWmZPR2FIa01zNG83bUhXQkRRc2I3VGhGUjNsMWxtNlI0bjJ4V01VajU3K28zQQppYkdlRzNlRFQ1WFpNZVdkd04zTE14amFzYzU2dzFyY2crSmgraTdNRWw5Skd1NHJhUE5DTGVSb3M2dkpLR2Z4CnVvZ2FHYy9yY0FvYm5jRFBya3lFZ2ZVbXNKN1VTeElLK1pBTE5mZ1ZBb0dCQUtPMTFQTVNIYVg2cUlFRlNOMC8KWFNQU2phWkNVZXFOaVdMekdZSUlwd0VleTVBZndPejM4eE1LSXNvM1NnUHNDYll5dndmZUpVT2s5d3ZvWnYvTwp6ZXlXMUhjaEtEcGtHcnlJRnlnbk5ZTzBLdWFXbVJWRXZod2VQSUlzclVwa0NBSTNCdHFEbHBXQXB4NFdQS0YwClRTS242WUZmaS9ldzBwRkcweHNvNnpFakFvR0FIMHlLK05nSFhFZGo2SmxZYUo0cVVGZVAraUVYRUE2SmdpVlgKdjFJYWpHTEtjOU92TldGNFBOa0Q1eEhXd3hOUWVVeDhhczNjMnRPYU9iMW9IaExkN2F0bk41dHJwUlZHYlRwUgovWjU5Z2VmZnRVTENwRUlSanJyRkRNNHJ6NzVoNUgzRmNoMXBsTWJGODRiNkZRU2plRlRVSTZhR3N1aTlmK1RKCmx5N2FFc0VDZ1lFQXpNdzNzZGFrRmtRRDNWR3Zudjl3ZytJOXY5VmZNazFKMDJpdFkxUWRSWGFlSjU1c2FoQ2EKMWtGKzh5OEJZVUg4TUJkd0FIRzNpSWJKcDRoRHZKendhTlBsVWRkcEVCWlJPYU9kY2M2TEVVYytWUUNXZzlObgpqWERUY0NzSWk3Z05Sa2lxdnNCaUdvUzhoNmtwakpTeTYxRTFVbWhwZWkreFNCLythcm03U2d3PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

1
bots/images/ipa Symbolic link
View file

@ -0,0 +1 @@
ipa-fd92f013474c1625144b2c18424dffdc9386de5c2e493d4b0257f8ee725c177a.qcow2

1
bots/images/openshift Symbolic link
View file

@ -0,0 +1 @@
openshift-724bba0e96ba6fc8cfb4bb4fb8f814f9efb570b3109072c7a04091cb31986935.qcow2

1
bots/images/ovirt Symbolic link
View file

@ -0,0 +1 @@
ovirt-f033c4457fecb1e9078eb16d7ac5239fe79455ca6b533f2a37de4f965cf174e7.qcow2

1
bots/images/rhel-7-7 Symbolic link
View file

@ -0,0 +1 @@
rhel-7-7-67c37841a0ab1ead500e65acc767e7782e35d02f21ab8965ce40126c7c5cf386.qcow2

1
bots/images/rhel-8-0 Symbolic link
View file

@ -0,0 +1 @@
rhel-8-0-164709a5e7b34b32da66724c6d8b7b907aa7446891d0d13383e060cd2b8b44ad.qcow2

1
bots/images/rhel-8-1 Symbolic link
View file

@ -0,0 +1 @@
rhel-8-1-b6abe793117967124ff588c60516a408c40ddcd5e61bc60c3fcadd7ffebffd50.qcow2

1
bots/images/rhel-atomic Symbolic link
View file

@ -0,0 +1 @@
rhel-atomic-62290ef5921df5e247706e1fd424811884048ebb6b37109329f85256fa91c7a6.qcow2

78
bots/images/scripts/atomic.bootstrap Executable file
View file

@ -0,0 +1,78 @@
#! /bin/bash
# This file is part of Cockpit.
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
set -ex
out="$1"
base="$2"
redirect_base=$(curl -s -w "%{redirect_url}" "$base" -o /dev/null)
if [ -n "$redirect_base" ]; then
base="$redirect_base"
fi
# Lookup the newest base image recursively
url="$base"
while [ $# -gt 2 ]; do
fragment="$3"
if [ "$fragment" = "sort" ]; then
backref="$4"
pattern="$5"
result="`wget -q -O- $url | grep -oE "$pattern" | sed -E "s/${pattern}/\\\\${backref} \\0/" | sort -V -k1 | tail -1`"
fragment="`echo $result | cut -f2 -d' '`"
if [ -z "$fragment" ]; then
echo "Could not find '$pattern' at: $url" >&2
exit 1
fi
shift; shift
fi
base="$url"
url="$base/$fragment"
shift
done
# we link to the file so wget can properly detect if we have already downloaded it
# note that due to mirroring, timestamp comparison can result in unnecessary downloading
out_base="`dirname $out`"
intermediate="$out_base/$fragment"
if [ "$intermediate" != "$out" ]; then
wget --no-clobber --directory-prefix="$out_base" "$base/$fragment"
cp "$intermediate" "$out"
else
rm -f "$out"
wget --directory-prefix="$out_base" "$base/$fragment"
fi
# Make the image be at least 12 Gig. During boot, docker-storage-setup
# will grow the partitions etc as appropriate, and atomic.setup will
# explicitly grow the docker pool.
vsize=$(qemu-img info "$out" --output=json | python3 -c 'import json, sys; print(json.load(sys.stdin)["virtual-size"])')
if [ "$vsize" -lt 12884901888 ]; then
qemu-img resize "$out" 12884901888
fi

1
bots/images/scripts/candlepin.bootstrap Symbolic link
View file

@ -0,0 +1 @@
centos-7.bootstrap

65
bots/images/scripts/candlepin.setup Executable file
View file

@ -0,0 +1,65 @@
#!/bin/bash
set -ex
YUM_INSTALL="yum --setopt=skip_missing_names_on_install=False -y install"
# We deploy candlepin via ansible
$YUM_INSTALL epel-release
# Install dependencies
CANDLEPIN_DEPS="\
ansible \
git \
openssl \
"
$YUM_INSTALL $CANDLEPIN_DEPS
mkdir -p playbookdir; cd playbookdir;
mkdir -p roles
git clone https://github.com/candlepin/ansible-role-candlepin.git roles/candlepin
# Run the playbook
cat > inventory <<- EOF
[dev]
localhost
EOF
useradd -m admin
echo admin:foobar | chpasswd
echo 'admin ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/admin
cat > playbook.yml <<- EOF
- hosts: dev
environment:
JAVA_HOME: /usr/lib/jvm/java-1.8.0/
roles:
- role: candlepin
candlepin_git_pull: True
candlepin_deploy_args: "-g -a -f -t"
candlepin_user: admin
candlepin_user_home: /home/admin
candlepin_checkout: /home/admin/candlepin
EOF
ansible-playbook -i inventory -c local -v --skip-tags 'system_update' playbook.yml
rm -rf playbookdir
# reduce image size
yum clean all
/var/lib/testvm/zero-disk.setup
# Final tweaks
rm -rf /var/log/journal/*
echo "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e" > /etc/sysctl.d/50-coredump.conf
# Audit events to the journal
rm -f '/etc/systemd/system/multi-user.target.wants/auditd.service'
rm -rf /var/log/audit/

4
bots/images/scripts/centos-7.bootstrap Executable file
View file

@ -0,0 +1,4 @@
#! /bin/bash
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "http://mirror.centos.org/centos/7/os/x86_64/"

8
bots/images/scripts/centos-7.install Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
set -e
# remove cockpit distro packages, testing with upstream master
rpm --erase --verbose cockpit cockpit-ws cockpit-bridge cockpit-system
/var/lib/testvm/fedora.install "$@"

1
bots/images/scripts/centos-7.setup Symbolic link
View file

@ -0,0 +1 @@
rhel.setup

28
bots/images/scripts/cirros.bootstrap Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
set -eux
OUTPUT="$1"
curl https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-i386-disk.img > "$OUTPUT"
# prepare a cloud-init iso for disabling network source, to avoid a 90s timeout at boot
WORKDIR=$(mktemp -d)
trap "rm -rf '$WORKDIR'" EXIT INT QUIT PIPE
cd "$WORKDIR"
cat > meta-data <<EOF
{ "instance-id": "nocloud" }
EOF
cat > user-data <<EOF
#!/bin/sh
set -ex
sed -i 's/configdrive *//; s/ec2 *//' /etc/cirros-init/config
(sleep 1; poweroff) &
EOF
genisoimage -input-charset utf-8 -output cloud-init.iso -volid cidata -joliet -rock user-data meta-data
# boot it once with the cloud-init ISO
qemu-system-x86_64 -enable-kvm -nographic -net none \
-drive file="$OUTPUT",if=virtio -cdrom cloud-init.iso

9
bots/images/scripts/continuous-atomic.bootstrap Executable file
View file

@ -0,0 +1,9 @@
#! /bin/bash
set -e
url="https://cloud.centos.org/centos/7/atomic/images"
prefix="CentOS-Atomic-Host-GenericCloud.qcow2"
BASE=$(dirname $0)
$BASE/atomic.bootstrap "$1" "$url" "$prefix"

5
bots/images/scripts/continuous-atomic.install Executable file
View file

@ -0,0 +1,5 @@
#! /bin/bash
set -e
/var/lib/testvm/atomic.install --skip cockpit-sosreport --extra "/root/rpms/libssh*" --extra "/var/tmp/build-results/cockpit-dashboard*" "$@"

72
bots/images/scripts/continuous-atomic.setup Executable file
View file

@ -0,0 +1,72 @@
#!/bin/bash
# This file is part of Cockpit.
#
# Copyright (C) 2016 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
set -ex
# The docker pool should grow automatically as needed, but we grow it
# explicitly here anyway. This is hopefully more reliable.
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
lvresize atomicos/root -l+50%FREE -r
if lvs atomicos/docker-pool 2>/dev/null; then
lvresize atomicos/docker-pool -l+100%FREE
elif lvs atomicos/docker-root-lv; then
lvresize atomicos/docker-root-lv -l+100%FREE
fi
# Get the centos cockpit/ws image
docker pull registry.centos.org/cockpit/ws:latest
docker tag registry.centos.org/cockpit/ws cockpit/ws
# docker images that we need for integration testing
/var/lib/testvm/docker-images.setup
# Configure core dumps
echo "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e" > /etc/sysctl.d/50-coredump.conf
# Download the libssh RPM plus dependencies which we'll use for
# package overlay. The only way to do this is via a container
. /etc/os-release
REPO="updates"
if [ "$ID" = "rhel" ]; then
subscription-manager repos --enable rhel-7-server-extras-rpms
REPO="rhel-7-server-extras-rpms"
ID="rhel7"
fi
docker run --rm --volume=/etc/yum.repos.d:/etc/yum.repos.d:z --volume=/root/rpms:/tmp/rpms:rw,z "$ID:$VERSION_ID" /bin/sh -cex "yum install -y findutils createrepo_c && yum install -y --downloadonly --enablerepo=$REPO libssh && find /var -name '*.rpm' | while read rpm; do mv -v \$rpm /tmp/rpms; done; createrepo_c /tmp/rpms"
rm -f /etc/yum.repos.d/*
cat >/etc/yum.repos.d/deps.repo <<EOF
[deps]
baseurl=file:///root/rpms
enabled=1
EOF
# Switch to continuous stream
ostree remote add --set=gpg-verify=false centos-atomic-continuous https://ci.centos.org/artifacts/sig-atomic/rdgo/centos-continuous/ostree/repo/
rpm-ostree rebase centos-atomic-continuous:centos-atomic-host/7/x86_64/devel/continuous
ostree checkout centos-atomic-continuous:centos-atomic-host/7/x86_64/devel/continuous /var/local-tree
# reduce image size
/var/lib/testvm/zero-disk.setup
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config
# Final tweaks
rm -rf /var/log/journal/*

6
bots/images/scripts/debian-stable.bootstrap Executable file
View file

@ -0,0 +1,6 @@
#! /bin/sh -ex
ARCH=x86_64
DEBIAN_LATEST=$(virt-builder -l | grep "$ARCH" | sort -r | grep -m1 '^debian-' | cut -d' ' -f1)
exec $(dirname $0)/lib/debian.bootstrap "$1" "$2" "$DEBIAN_LATEST" "deb http://deb.debian.org/debian stable main
deb http://deb.debian.org/debian stable-updates main
deb http://security.debian.org/ stable/updates main"

8
bots/images/scripts/debian-stable.install Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
set -e
/var/lib/testvm/debian.install "$@"
# HACK: https://bugs.debian.org/914694
sed -i '/IndividualCalls/ s/=no/=yes/' /etc/firewalld/firewalld.conf

1
bots/images/scripts/debian-stable.setup Symbolic link
View file

@ -0,0 +1 @@
debian.setup

4
bots/images/scripts/debian-testing.bootstrap Executable file
View file

@ -0,0 +1,4 @@
#! /bin/sh -ex
ARCH=x86_64
DEBIAN_LATEST=$(virt-builder -l | grep "$ARCH" | sort -r | grep -m1 '^debian-' | cut -d' ' -f1)
exec $(dirname $0)/lib/debian.bootstrap "$1" "$2" "$DEBIAN_LATEST" "deb http://deb.debian.org/debian testing main"

8
bots/images/scripts/debian-testing.install Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
set -e
/var/lib/testvm/debian.install "$@"
# HACK: https://bugs.debian.org/914694
sed -i '/IndividualCalls/ s/=no/=yes/' /etc/firewalld/firewalld.conf

1
bots/images/scripts/debian-testing.setup Symbolic link
View file

@ -0,0 +1 @@
debian.setup

168
bots/images/scripts/debian.setup Executable file
View file

@ -0,0 +1,168 @@
#! /bin/bash
# Shared .setup between all Debian/Ubuntu flavors
set -ex
# Enable a console on ttyS0 so that we can log-in via vm-run.
# and make the boot up more verbose
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT/# GRUB_CMDLINE_LINUX_DEFAULT/' /etc/default/grub
# We install all dependencies of the cockpit packages since we want
# them to not spontaneously change from one test run to the next when
# the distribution repository is updated.
#
COCKPIT_DEPS="\
cryptsetup \
docker.io \
libblockdev-mdraid2 \
libjson-glib-1.0-0 \
libpcp3 \
libpolkit-agent-1-0 \
libpolkit-gobject-1-0 \
libpwquality-tools \
libssh-4 \
libteam-utils \
libvirt-daemon-system \
libvirt-dbus \
libosinfo-bin \
network-manager \
pcp \
policykit-1 \
python3-dbus \
qemu-block-extra \
realmd \
selinux-basics \
thin-provisioning-tools \
unattended-upgrades \
tuned \
xdg-utils \
udisks2 \
udisks2-lvm2 \
"
# We also install the packages necessary to join a FreeIPA domain so
# that we don't have to go to the network during a test run.
IPA_CLIENT_PACKAGES="\
freeipa-client \
sssd-tools \
sssd-dbus \
packagekit \
"
TEST_PACKAGES="\
acl \
curl \
firewalld \
gdb \
iproute2 \
mdadm \
nfs-server \
qemu-kvm \
socat \
systemd-coredump \
virtinst \
xfsprogs \
sosreport \
"
RELEASE=$(grep -m1 ^deb /etc/apt/sources.list | awk '{print $3}')
case "$RELEASE" in
bionic)
# these packages are not in Ubuntu 18.04
COCKPIT_DEPS="${COCKPIT_DEPS/libvirt-dbus /}"
;;
esac
if grep -q 'ID=ubuntu' /etc/os-release; then
PBUILDER_OPTS='COMPONENTS="main universe"'
# We want to use/test NetworkManager instead of netplan/networkd for ethernets
mkdir -p /etc/NetworkManager/conf.d
touch /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
fi
useradd -m -U -c Administrator -G sudo -s /bin/bash admin
echo admin:foobar | chpasswd
export DEBIAN_FRONTEND=noninteractive
apt-get -y update
DEBIAN_FRONTEND=noninteractive eatmydata apt-get -y dist-upgrade
eatmydata apt-get -y install $TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES
[ -z "$COCKPIT_DEPS_EXPERIMENTAL" ] || eatmydata apt-get -y install $COCKPIT_DEPS_EXPERIMENTAL
# Prepare for building
#
# extract control files and adjust them for our release, so that we can parse the build deps
mkdir -p /tmp/out
curl -L https://github.com/cockpit-project/cockpit/archive/master.tar.gz | tar -C /tmp/out --strip-components=1 --wildcards -zxf - '*/debian/'
/tmp/out/tools/debian/adjust-for-release $(lsb_release -sc)
# Disable build-dep installation for the real builds
cat > ~/.pbuilderrc <<- EOF
DISTRIBUTION=$RELEASE
PBUILDERSATISFYDEPENDSCMD=true
$PBUILDER_OPTS
EOF
eatmydata apt-get -y install dpkg-dev pbuilder
pbuilder --create --extrapackages "fakeroot $PBUILDER_EXTRA"
/usr/lib/pbuilder/pbuilder-satisfydepends-classic --control /tmp/out/tools/debian/control --force-version --echo|grep apt-get | pbuilder --login --save-after-login
rm -rf /tmp/out
# Debian does not automatically start the default libvirt network
virsh net-autostart default
# Don't automatically update on boot or daily
systemctl disable apt-daily.service apt-daily.timer || true
# Enable coredumping via systemd
echo "kernel.core_pattern=|/lib/systemd/systemd-coredump %P %u %g %s %t %c %e" > /etc/sysctl.d/50-coredump.conf
printf 'DefaultLimitCORE=infinity\n' >> /etc/systemd/system.conf
# HACK: we need to restart it in case aufs-dkms was installed after docker.io
# and thus docker.io auto-switches its backend
systemctl restart docker || journalctl -u docker
I=$(docker info)
if ! echo "$I" | grep -Eq 'Storage.*(aufs|overlay)'; then
echo "ERROR! docker does not use aufs or overlayfs"
exit 1
fi
# docker images that we need for integration testing
/var/lib/testvm/docker-images.setup
rm -rf /var/lib/docker/devicemapper
# in case there are unnecessary packages
eatmydata apt-get -y autoremove || true
# reduce image size
apt-get clean
pbuilder clean
rm -f /var/cache/apt/*cache.bin
/var/lib/testvm/zero-disk.setup
# Final tweaks
# Enable persistent journal
mkdir -p /var/log/journal
# Allow root login with password
sed -i 's/^[# ]*PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config
# At least debian-9 virt-install image only has RSA key
[ -e /etc/ssh/ssh_host_ed25519_key ] || ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
[ -e /etc/ssh/ssh_host_ecdsa_key ] || ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config
# HACK: https://bugzilla.mindrot.org/show_bug.cgi?id=2512
# Disable the restarting of sshd when networking changes
ln -snf /bin/true /etc/network/if-up.d/openssh-server
# Stop showing 'To run a command as administrator (user "root"), use "sudo <command>". See "man
# sudo_root" for details.` message in admins terminal.
touch /home/admin/.sudo_as_admin_successful

21
bots/images/scripts/fedora-23-stock.bootstrap Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
#
# Copyright (C) 2015 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "https://archives.fedoraproject.org/pub/archive/fedora/linux/releases/23/Server/x86_64/os/"

11
bots/images/scripts/fedora-23-stock.setup Executable file
View file

@ -0,0 +1,11 @@
#! /bin/bash
useradd -c Administrator -G wheel admin
echo foobar | passwd --stdin admin
dnf -y update
dnf -y install fedora-release-server
firewall-cmd --permanent --add-service cockpit
# Phantom can't use TLS..
sed -i -e 's/ExecStart=.*/\0 --no-tls/' /usr/lib/systemd/system/cockpit.service

21
bots/images/scripts/fedora-29.bootstrap Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
#
# Copyright (C) 2018 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "http://dl.fedoraproject.org/pub/fedora/linux/releases/29/Server/x86_64/os/"

4
bots/images/scripts/fedora-29.install Executable file
View file

@ -0,0 +1,4 @@
#! /bin/bash
set -e
/var/lib/testvm/fedora.install "$@"

1
bots/images/scripts/fedora-29.setup Symbolic link
View file

@ -0,0 +1 @@
fedora.setup

21
bots/images/scripts/fedora-30.bootstrap Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
#
# Copyright (C) 2019 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "http://dl.fedoraproject.org/pub/fedora/linux/releases/30/Server/x86_64/os/"

4
bots/images/scripts/fedora-30.install Executable file
View file

@ -0,0 +1,4 @@
#! /bin/bash
set -e
/var/lib/testvm/fedora.install "$@"

1
bots/images/scripts/fedora-30.setup Symbolic link
View file

@ -0,0 +1 @@
fedora.setup

14
bots/images/scripts/fedora-atomic.bootstrap Executable file
View file

@ -0,0 +1,14 @@
#! /bin/bash
set -e
url="https://download.fedoraproject.org/pub/alt/atomic/stable/"
BASE=$(dirname $0)
# The Fedora URLs have the version twice in the name. for example:
# https://dl.fedoraproject.org/pub/alt/atomic/stable/Fedora-Atomic-28-20180425.0/AtomicHost/x86_64/images/Fedora-AtomicHost-28-20180425.0.x86_64.qcow2
$BASE/atomic.bootstrap "$1" "$url" \
sort 3 "Fedora(-atomic)?-[0-9][0-9](-updates)?-([-0-9\.]+)" \
"AtomicHost" "x86_64" "images" \
sort 1 "Fedora-AtomicHost-([-0-9\.]+).x86_64.qcow2"

9
bots/images/scripts/fedora-atomic.install Executable file
View file

@ -0,0 +1,9 @@
#! /bin/bash
set -e
/var/lib/testvm/atomic.install --verbose --skip cockpit-kdump --extra "/root/rpms/libssh*" "$@"
# HACK: https://github.com/projectatomic/rpm-ostree/issues/1360
# rpm-ostree upgrade --check otherwise fails
mkdir -p /var/cache/rpm-ostree

18
bots/images/scripts/fedora-atomic.setup Executable file
View file

@ -0,0 +1,18 @@
#!/bin/bash
set -ex
# HACK: https://bugzilla.redhat.com/show_bug.cgi?id=1341829
# SELinux breaks coredumping on fedora-25
printf '(allow init_t domain (process (rlimitinh)))\n' > domain.cil
semodule -i domain.cil
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
os=$(ls /ostree/repo/refs/remotes/fedora-atomic/*/)
docker pull "registry.fedoraproject.org/f$os/cockpit"
docker tag "registry.fedoraproject.org/f$os/cockpit" cockpit/ws
/var/lib/testvm/atomic.setup

21
bots/images/scripts/fedora-i386.bootstrap Executable file
View file

@ -0,0 +1,21 @@
#!/bin/bash
#
# Copyright (C) 2019 Red Hat Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" i386 "https://dl.fedoraproject.org/pub/fedora-secondary/releases/30/Server/i386/os/"

1
bots/images/scripts/fedora-i386.install Symbolic link
View file

@ -0,0 +1 @@
fedora-30.install

1
bots/images/scripts/fedora-i386.setup Symbolic link
View file

@ -0,0 +1 @@
fedora.setup

11
bots/images/scripts/fedora-stock.setup Executable file
View file

@ -0,0 +1,11 @@
#! /bin/bash
useradd -c Administrator -G wheel admin
echo foobar | passwd --stdin admin
dnf -y update
dnf -y install fedora-release-server
firewall-cmd --permanent --add-service cockpit
# Phantom can't use TLS..
sed -i -e 's/ExecStart=.*/\0 --no-tls/' /usr/lib/systemd/system/cockpit.service

1
bots/images/scripts/fedora-testing.bootstrap Symbolic link
View file

@ -0,0 +1 @@
fedora-30.bootstrap

1
bots/images/scripts/fedora-testing.install Symbolic link
View file

@ -0,0 +1 @@
fedora-30.install

1
bots/images/scripts/fedora-testing.setup Symbolic link
View file

@ -0,0 +1 @@
fedora.setup

193
bots/images/scripts/fedora.setup Executable file
View file

@ -0,0 +1,193 @@
#!/bin/bash
set -ex
IMAGE="$1"
# avoid failures when running image builds in a non-English locale (ssh transfers the host environment)
unset LANGUAGE
unset LANG
export LC_ALL=C.utf8
# keep this in sync with avocado/selenium image mapping in bots/tests-invoke
if [ "$IMAGE" = fedora-30 ]; then
AVOCADO=1
fi
# HACK - virt-resize might not be able to resize our xfs rootfs,
# depending on how it was compiled and which plugins are installed,
# and will just silently not do it. So we do it here.
#
xfs_growfs /
df -h /
echo foobar | passwd --stdin root
HAVE_KUBERNETES=
if [ $(uname -m) = x86_64 ]; then
HAVE_KUBERNETES=1
fi
# We install all dependencies of the cockpit packages since we want
# them to not spontaneously change from one test run to the next when
# the distribution repository is updated.
#
COCKPIT_DEPS="\
atomic \
device-mapper-multipath \
docker \
etcd \
glib-networking \
json-glib \
kexec-tools \
libssh \
libvirt-daemon-kvm \
libvirt-client \
libvirt-dbus \
NetworkManager-team \
openssl \
PackageKit \
pcp \
pcp-libs \
qemu \
realmd \
selinux-policy-targeted \
setroubleshoot-server \
sos \
sscg \
system-logos \
subscription-manager \
tuned \
virt-install \
"
COCKPIT_DEPS="$COCKPIT_DEPS udisks2 udisks2-lvm2 udisks2-iscsi"
[ -z "$HAVE_KUBERNETES" ] || COCKPIT_DEPS="$COCKPIT_DEPS kubernetes"
# We also install the packages necessary to join a FreeIPA domain so
# that we don't have to go to the network during a test run.
#
IPA_CLIENT_PACKAGES="\
freeipa-client \
oddjob \
oddjob-mkhomedir \
sssd \
sssd-dbus \
libsss_sudo \
"
TEST_PACKAGES="\
systemtap-runtime-virtguest \
valgrind \
gdb \
targetcli \
dnf-automatic \
cryptsetup \
clevis-luks \
socat \
tang \
podman \
libvirt-daemon-config-network \
"
# HACK - For correct work of ABRT in Fedora 26 Alpha release a following
# packages are necessary. In Fedora 26 Beta and later these packages should be
# installed by default. See https://bugzilla.redhat.com/show_bug.cgi?id=1436941
#
ABRT_PACKAGES="\
abrt-desktop \
libreport-plugin-systemd-journal \
"
rm -rf /etc/sysconfig/iptables
maybe() { if type "$1" >/dev/null 2>&1; then "$@"; fi; }
# For the D-Bus test server
maybe firewall-cmd --permanent --add-port 8765/tcp
echo 'NETWORKING=yes' > /etc/sysconfig/network
useradd -c Administrator -G wheel admin
echo foobar | passwd --stdin admin
if [ "${IMAGE%-i386}" != "$IMAGE" ]; then
TEST_PACKAGES="${TEST_PACKAGES/podman /}"
fi
if [ "${IMAGE%-testing}" != "$IMAGE" ]; then
dnf config-manager --set-enabled updates-testing
fi
dnf $DNF_OPTS -y upgrade
dnf $DNF_OPTS -y install $TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES $ABRT_PACKAGES
if [ -n "$AVOCADO" ]; then
# enable python3 avocado support repository
dnf module install -y avocado:69lts
dnf $DNF_OPTS -y install \
fontconfig \
npm \
chromium-headless \
python3-libvirt \
python3-avocado \
python3-avocado-plugins-output-html \
python3-selenium
npm -g install chrome-remote-interface
echo 'NODE_PATH=/usr/lib/node_modules' >> /etc/environment
fi
dnf $DNF_OPTS -y install mock dnf-plugins-core rpm-build
useradd -c Builder -G mock builder
if [ "${IMAGE%-testing}" != "$IMAGE" ]; then
# Enable updates-testing in mock
echo "config_opts['yum.conf'] += '[updates-testing]\nenabled=1'" >>/etc/mock/default.cfg
fi
# HACK - mock --installdeps is broken, it seems that it forgets to
# copy the source rpm to a location that dnf can actually access. A
# workaround is to pass "--no-bootstrap-chroot".
#
# When you remove this hack, also remove it in fedora-*.install.
#
# https://bugzilla.redhat.com/show_bug.cgi?id=1447627
opsys=$(cut -d '-' -f 1 <<< "$IMAGE")
version=$(cut -d '-' -f 2 <<< "$IMAGE")
# If version is not number (testing/i386) then use Fedora 30
if ! [ "$version" -eq "$version" ] 2>/dev/null; then version=30; fi
su builder -c "/usr/bin/mock --no-bootstrap-chroot --verbose -i $(/var/lib/testvm/build-deps.sh "$opsys $version")"
su builder -c "/usr/bin/mock --install --verbose rpmlint"
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
# our cockpit/base container is only really a thing on x86_64, just skip it on other arches
if [ $(uname -m) = x86_64 ]; then
docker build -t cockpit/base /var/tmp/cockpit-base
fi
# Configure kubernetes
[ -z "$HAVE_KUBERNETES" ] || /var/lib/testvm/kubernetes.setup
# docker images that we need for integration testing
/var/lib/testvm/docker-images.setup
# reduce image size
dnf clean all
/var/lib/testvm/zero-disk.setup
ln -sf ../selinux/config /etc/sysconfig/selinux
printf "SELINUX=enforcing\nSELINUXTYPE=targeted\n" > /etc/selinux/config
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config
# Audit events to the journal
rm -f '/etc/systemd/system/multi-user.target.wants/auditd.service'
rm -rf /var/log/audit/

1
bots/images/scripts/ipa.bootstrap Symbolic link
View file

@ -0,0 +1 @@
fedora-29.bootstrap

49
bots/images/scripts/ipa.setup Executable file
View file

@ -0,0 +1,49 @@
#!/bin/bash
set -eufx
# ipa requires an UTF-8 locale
export LC_ALL=C.UTF-8
echo foobar | passwd --stdin root
dnf -y remove firewalld
dnf -y update
dnf -y install freeipa-server freeipa-server-dns bind bind-dyndb-ldap iptables
iptables -F
nmcli con add con-name "static-eth1" ifname eth1 type ethernet ip4 "10.111.112.100/20" ipv4.dns "10.111.112.100" gw4 "10.111.112.1"
nmcli con up "static-eth1"
hostnamectl set-hostname f0.cockpit.lan
# Let's make sure that ipa-server-install doesn't block on
# /dev/random.
#
rm -f /dev/random
ln -s /dev/urandom /dev/random
ipa-server-install -U -p foobarfoo -a foobarfoo -n cockpit.lan -r COCKPIT.LAN --setup-dns --no-forwarders
# Make sure any initial password change is overridden
printf 'foobarfoo\nfoobarfoo\nfoobarfoo\n' | kinit admin@COCKPIT.LAN
# Default password expiry of 90 days is impractical
ipa pwpolicy-mod --minlife=0 --maxlife=1000
# Change password to apply new password policy
printf 'foobarfoo\nfoobarfoo\n' | ipa user-mod --password admin
ipa user-show --all admin
# Allow "admins" IPA group members to run sudo
# This is an "unbreak my setup" step and ought to happen by default.
# See https://pagure.io/freeipa/issue/7538
ipa-advise enable-admins-sudo | sh -ex
ipa dnsconfig-mod --forwarder=8.8.8.8
ln -sf ../selinux/config /etc/sysconfig/selinux
echo 'SELINUX=permissive' > /etc/selinux/config
# reduce image size
dnf clean all
/var/lib/testvm/zero-disk.setup

303
bots/images/scripts/lib/atomic.install Executable file
View file

@ -0,0 +1,303 @@
#!/usr/bin/python2
# This file is part of Cockpit.
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
import subprocess
import os
import sys
import shutil
try:
from urllib.request import URLopener
except ImportError:
from urllib import URLopener # Python 2
import argparse
import json
BASEDIR = os.path.dirname(__file__)
class AtomicCockpitInstaller:
branch = None
checkout_location = "/var/local-tree"
repo_location = "/var/local-repo"
rpm_location = "/usr/share/rpm"
key_id = "95A8BA1754D0E95E2B3A98A7EE15015654780CBD"
port = 12345
# Support installing random packages if needed.
external_packages = {}
# Temporarily force cockpit-system instead of cockpit-shell
packages_force_install = [ "cockpit-system",
"cockpit-docker",
"cockpit-kdump",
"cockpit-networkmanager",
"cockpit-sosreport" ]
def __init__(self, rpms=None, extra_rpms=None, verbose=False):
self.verbose = verbose
self.rpms = rpms
self.extra_rpms = extra_rpms
status = json.loads(subprocess.check_output(["rpm-ostree", "status", "--json"], universal_newlines=True))
origin = None
for deployment in status.get("deployments", []):
if deployment.get("booted"):
origin = deployment["origin"]
if not origin:
raise Exception("Couldn't find origin")
self.branch = origin.split(":", 1)[-1]
def setup_dirs(self):
if self.verbose:
print("setting up new ostree repo")
try:
shutil.rmtree(self.repo_location)
except:
pass
os.makedirs(self.repo_location)
subprocess.check_call(["ostree", "init", "--repo", self.repo_location,
"--mode", "archive-z2"])
if not os.path.exists(self.checkout_location):
if self.verbose:
print("cloning current branch")
subprocess.check_call(["ostree", "checkout", self.branch,
self.checkout_location])
# move /usr/etc to /etc, makes rpm installs easier
subprocess.check_call(["mv", os.path.join(self.checkout_location, "usr", "etc"),
os.path.join(self.checkout_location, "etc")])
def switch_to_local_tree(self):
if self.verbose:
print("install new ostree commit")
# Not an error if this fails
subprocess.call(["ostree", "remote", "delete", "local"])
subprocess.check_call(["ostree", "remote", "add", "local",
"file://{}".format(self.repo_location),
"--no-gpg-verify"])
# HACK: https://github.com/candlepin/subscription-manager/issues/1404
subprocess.call(["systemctl", "disable", "rhsmcertd"])
subprocess.call(["systemctl", "stop", "rhsmcertd"])
status = subprocess.check_output(["rpm-ostree", "status"])
if b"local:" in status:
subprocess.check_call(["rpm-ostree", "upgrade"])
else:
try:
subprocess.check_call(["setenforce", "0"])
subprocess.check_call(["rpm-ostree", "rebase",
"local:{0}".format(self.branch)])
except:
os.system("sysctl kernel.core_pattern")
os.system("coredumpctl || true")
raise
finally:
subprocess.check_call(["setenforce", "1"])
def commit_to_repo(self):
if self.verbose:
print("commit package changes to our repo")
# move etc back to /usr/etc
subprocess.check_call(["mv", os.path.join(self.checkout_location, "etc"),
os.path.join(self.checkout_location, "usr", "etc")])
subprocess.check_call(["ostree", "commit", "-s", "cockpit-tree",
"--repo", self.repo_location,
"-b", self.branch,
"--add-metadata-string", "version=cockpit-base.1",
"--tree=dir={0}".format(self.checkout_location),
"--gpg-sign={0}".format(self.key_id),
"--gpg-homedir={0}".format(BASEDIR)])
def install_packages(self, packages, deps=True, replace=False):
args = ["rpm", "-U", "--root", self.checkout_location,
"--dbpath", self.rpm_location]
if replace:
args.extend(["--replacepkgs", "--replacefiles"])
if not deps:
args.append("--nodeps")
for package in packages:
args.append(os.path.abspath(os.path.join(os.getcwd(), package)))
subprocess.check_call(args)
def remove_packages(self, packages):
args = ["rpm", "-e", "--root", self.checkout_location,
"--dbpath", self.rpm_location]
args.extend(packages)
subprocess.check_call(args)
def package_basename(self, package):
""" only accept package with the name 'cockpit-%s-*' and return 'cockpit-%s' or None"""
basename = "-".join(package.split("-")[:2])
if basename.startswith("cockpit-"):
return basename
else:
return None
def update_container(self):
""" Install the latest cockpit RPMs in our container"""
rpm_args = []
for package in self.rpms:
if 'cockpit-ws' in package or 'cockpit-dashboard' in package or 'cockpit-bridge' in package:
rpm_args.append("/host" + package)
extra_args = []
for package in self.extra_rpms:
extra_args.append("/host" + package)
if rpm_args:
subprocess.check_call(["docker", "run", "--name", "build-cockpit",
"-d", "--privileged", "-v", "/:/host",
"cockpit/ws", "sleep", "1d"])
if self.verbose:
print("updating cockpit-ws container")
if extra_args:
subprocess.check_call(["docker", "exec", "build-cockpit",
"rpm", "--install", "--verbose", "--force"] + extra_args)
subprocess.check_call(["docker", "exec", "build-cockpit",
"rpm", "--freshen", "--verbose", "--force"] + rpm_args)
# if we update the RPMs, also update the scripts, to keep them in sync
subprocess.check_call(["docker", "exec", "build-cockpit", "sh", "-exc",
"cp /host/var/tmp/containers/ws/atomic-* /container/"])
subprocess.check_call(["docker", "commit", "build-cockpit",
"cockpit/ws"])
subprocess.check_call(["docker", "kill", "build-cockpit"])
subprocess.check_call(["docker", "rm", "build-cockpit"])
def package_basenames(self, package_names):
""" convert a list of package names to a list of their basenames """
return list(filter(lambda s: s is not None, map(self.package_basename, package_names)))
def get_installed_cockpit_packages(self):
""" get list installed cockpit packages """
packages = subprocess.check_output("rpm -qa | grep cockpit", shell=True, universal_newlines=True)
if self.verbose:
print("installed packages: {0}".format(packages))
installed_packages = packages.strip().split("\n")
return installed_packages
def clean_network(self):
if self.verbose:
print("clean network configuration:")
subprocess.check_call(["rm", "-rf", "/var/lib/NetworkManager"])
subprocess.check_call(["rm", "-rf", "/var/lib/dhcp"])
def run(self):
# Delete previous deployment if it's present
output = subprocess.check_output(["ostree", "admin", "status"])
if output.count(b"origin refspec") != 1:
subprocess.check_call(["ostree", "admin", "undeploy", "1"])
self.setup_dirs()
installed_packages = self.get_installed_cockpit_packages()
self.remove_packages(installed_packages)
packages_to_install = self.package_basenames(installed_packages)
for p in self.packages_force_install:
if not p in packages_to_install:
if self.verbose:
print("adding package %s (forced)" % (p))
packages_to_install.append(p)
packages_to_install = list(filter(lambda p: any(os.path.split(p)[1].startswith(base) for base in packages_to_install), self.rpms))
if self.verbose:
print("packages to install:")
print(packages_to_install)
if self.external_packages:
names = self.external_packages.keys()
if self.verbose:
print("external packages to install:")
print(list(names))
downloader = URLopener()
for name, url in self.external_packages.items():
downloader.retrieve(url, name)
self.install_packages(names, replace=True)
for name in names:
os.remove(name)
self.install_packages(packages_to_install)
no_deps = [x for x in self.rpms \
if os.path.split(x)[-1].startswith("cockpit-tests") or
os.path.split(x)[-1].startswith("cockpit-machines")]
self.install_packages(no_deps, deps=False, replace=True)
# If firewalld is installed, we need to poke a hole for cockpit, so
# that we can run firewall tests on it (change firewall-cmd to
# --add-service=cockpit once all supported atomics ship with the
# service file)
if subprocess.call(["systemctl", "enable", "--now", "firewalld"]) == 0:
subprocess.call(["firewall-cmd", "--permanent", "--add-port=9090/tcp"])
self.commit_to_repo()
self.switch_to_local_tree()
self.update_container()
self.clean_network()
parser = argparse.ArgumentParser(description='Install Cockpit in Atomic')
parser.add_argument('-v', '--verbose', action='store_true', help='Display verbose progress details')
parser.add_argument('-q', '--quick', action='store_true', help='Build faster')
parser.add_argument('--build', action='store_true', help='Build')
parser.add_argument('--install', action='store_true', help='Install')
parser.add_argument('--extra', action='append', default=[], help='Extra packages to install inside the container')
parser.add_argument('--skip', action='append', default=[], help='Packes to skip during installation')
args = parser.parse_args()
if args.build:
sys.stderr.write("Can't build on Atomic\n")
sys.exit(1)
if args.install:
os.chdir("build-results")
# Force skip cockpit-dashboard
if args.skip:
skip = list(args.skip)
else:
skip = []
skip.append("cockpit-dashboard")
rpms = [os.path.abspath(f) for f in os.listdir(".")
if (f.endswith(".rpm") and not f.endswith(".src.rpm")
and not any(f.startswith(s) for s in args.skip))]
cockpit_installer = AtomicCockpitInstaller(rpms=rpms, extra_rpms=args.extra, verbose=args.verbose)
cockpit_installer.run()
# vim: ft=python

78
bots/images/scripts/lib/atomic.setup Executable file
View file

@ -0,0 +1,78 @@
#!/bin/bash
# This file is part of Cockpit.
#
# Copyright (C) 2015 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
set -ex
# The docker pool should grow automatically as needed, but we grow it
# explicitly here anyway. This is hopefully more reliable.
# Newer Fedora versions configure docker to use the root LV
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
lvresize atomicos/root -l+60%FREE -r
if lvs atomicos/docker-pool 2>/dev/null; then
lvresize atomicos/docker-pool -l+100%FREE
elif lvs atomicos/docker-root-lv; then
lvresize atomicos/docker-root-lv -l+100%FREE
fi
# docker images that we need for integration testing
/var/lib/testvm/docker-images.setup
# Download the libssh RPM plus dependencies which we'll use for
# package overlay. The only way to do this is via a container
. /etc/os-release
REPO="updates"
if [ "$ID" = "rhel" ]; then
subscription-manager repos --enable rhel-7-server-extras-rpms
REPO="rhel-7-server-extras-rpms"
ID="rhel7"
fi
docker run --rm --volume=/etc/yum.repos.d:/etc/yum.repos.d:z --volume=/root/rpms:/tmp/rpms:rw,z "$ID:$VERSION_ID" /bin/sh -cex "yum install -y findutils createrepo yum-utils && (cd /tmp/; yumdownloader --enablerepo=$REPO libssh) && find /tmp -name '*.$(uname -m).*rpm' | while read rpm; do mv -v \$rpm /tmp/rpms; done; createrepo /tmp/rpms"
rm -f /etc/yum.repos.d/*
cat >/etc/yum.repos.d/deps.repo <<EOF
[deps]
baseurl=file:///root/rpms
enabled=1
EOF
# fully upgrade host. Anything past this point can't touch /etc
# Upgrade host if there is a valid upgrade available (we might be on a RC)
if rpm-ostree upgrade --check; then
atomic host upgrade
# HACK - Find a better way to compute the ref.
# https://lists.projectatomic.io/projectatomic-archives/atomic-devel/2016-July/msg00015.html
checkout=$(atomic host status --json | python -c 'import json; import sys; j = json.loads(sys.stdin.readline()); print j["deployments"][0]["origin"]')
else
checkout=$(atomic host status --json | python -c 'import json; import sys; j = json.loads(sys.stdin.readline()); print [x for x in j["deployments"] if x["booted"]][0]["checksum"]')
fi
# Checkout the just upgraded os branch since we'll use it every time
# we build a new tree.
ostree checkout "$checkout" /var/local-tree
# reduce image size
/var/lib/testvm/zero-disk.setup
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config
# Final tweaks
rm -rf /var/log/journal/*

5
bots/images/scripts/lib/base/Dockerfile Normal file
View file

@ -0,0 +1,5 @@
FROM fedora:30
ADD setup.sh /setup.sh
RUN /setup.sh

5
bots/images/scripts/lib/base/README.md Normal file
View file

@ -0,0 +1,5 @@
Cockpit Base
===========================
Simple base container that installs cockpit-ws dependencies. Used in testing
and development to speed up container build times.

26
bots/images/scripts/lib/base/setup.sh Executable file
View file

@ -0,0 +1,26 @@
#! /bin/sh
upgrade() {
# https://bugzilla.redhat.com/show_bug.cgi?id=1483553
dnf -v -y update 2>err.txt
ecode=$?
if [ $ecode -ne 0 ] ; then
grep -q -F -e "BDB1539 Build signature doesn't match environment" err.txt
if [ $? -eq 0 ]; then
set -eu
rpm --rebuilddb
dnf -v -y update
else
cat err.txt
exit ${ecode}
fi
fi
}
upgrade
set -eu
dnf install -y sed findutils glib-networking json-glib libssh openssl python3
dnf clean all

16
bots/images/scripts/lib/build-deps.sh Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
set -eu
# Download cockpit.spec, replace `npm-version` macro and then query all build requires
curl -s https://raw.githubusercontent.com/cockpit-project/cockpit/master/tools/cockpit.spec |
sed 's/%{npm-version:.*}/0/' |
sed '/Recommends:/d' |
rpmspec -D "$1" --buildrequires --query /dev/stdin |
sed 's/.*/"&"/' |
tr '\n' ' '
# support for backbranches
if [ "$1" = "rhel 7" ] || [ "$1" = "centos 7" ]; then
echo "golang-bin golang-src"
fi

35
bots/images/scripts/lib/containers.install Executable file
View file

@ -0,0 +1,35 @@
#!/bin/bash
# This file is part of Cockpit.
#
# Copyright (C) 2016 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
set -ex
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
for NAME in bastion
do
mkdir -p "/var/tmp/containers/$NAME/rpms"
cp -f /var/tmp/build-results/*.rpm "/var/tmp/containers/$NAME/rpms/"
cd "/var/tmp/containers/$NAME/"
sed -i -e "s#FROM .*#FROM cockpit/base#" Dockerfile
docker build --build-arg OFFLINE=1 -t "cockpit/$NAME" . 1>&2;
rm -r "/var/tmp/containers/$NAME/rpms"
done
journalctl --flush || true
journalctl --sync || killall systemd-journald || true
rm -rf /var/log/journal/* || true

36
bots/images/scripts/lib/debian.bootstrap Executable file
View file

@ -0,0 +1,36 @@
#! /bin/bash
set -ex
BASE=$(dirname $(dirname $0))
out=$1
arch=$2
virt_builder_image="$3"
if [ -n "$4" ]; then
apt_source="$4"
fi
if [ "$VIRT_BUILDER_NO_CACHE" == "yes" ]; then
virt_builder_caching="--no-cache"
fi
# 18.04 virt-builder image has an invalid apt proxy leftover; delete it
virt-builder $virt_builder_image \
$virt_builder_caching \
--output "$out" \
--size 8G \
--format qcow2 \
--arch "$arch" \
--root-password password:foobar \
--ssh-inject root:file:$BASE/../../machine/identity.pub \
--upload $BASE/../../machine/host_key:/etc/ssh/ssh_host_rsa_key \
--chmod 0600:/etc/ssh/ssh_host_rsa_key \
--upload $BASE/../../machine/host_key.pub:/etc/ssh/ssh_host_rsa_key.pub \
${apt_source:+--write /etc/apt/sources.list:"$apt_source"} \
--write /etc/apt/apt.conf.d/90nolanguages:'Acquire::Languages "none";' \
--run-command "sed -i 's/GRUB_TIMEOUT.*/GRUB_TIMEOUT=0/; /GRUB_CMDLINE_LINUX=/ s/"'"'"$/ console=ttyS0,115200 net.ifnames=0 biosdevname=0"'"'"/' /etc/default/grub" \
--run-command "update-grub" \
--run-command "sed -i 's/ens[^[:space:]:]*/eth0/' /etc/network/interfaces /etc/netplan/*.yaml || true" \
--run-command "rm --verbose -f /etc/apt/apt.conf" \
--run-command "export DEBIAN_FRONTEND=noninteractive; apt-get -y update; apt-get -y install eatmydata; eatmydata apt-get -y dist-upgrade"

92
bots/images/scripts/lib/debian.install Executable file
View file

@ -0,0 +1,92 @@
#! /bin/sh
set -ex
export DEB_BUILD_OPTIONS=""
do_build=
do_install=
stdout_dest="/dev/null"
args=$(getopt -o "vqs:" -l "verbose,quick,skip:,build,install" -- "$@")
eval set -- "$args"
while [ $# -gt 0 ]; do
case $1 in
-v|--verbose)
stdout_dest="/dev/stdout"
;;
-q|--quick)
DEB_BUILD_OPTIONS="$DEB_BUILD_OPTIONS nocheck"
;;
--build)
do_build=t
;;
--install)
do_install=t
;;
--)
shift
break
;;
esac
shift
done
tar="$1"
# Build
if [ -n "$do_build" ]; then
rm -rf build-results
mkdir build-results
resultdir=$PWD/build-results
upstream_ver=$(ls cockpit-*.tar.gz | sed 's/^.*-//; s/.tar.gz//' | head -n1)
ln -sf cockpit-*.tar.gz cockpit_${upstream_ver}.orig.tar.gz
rm -rf cockpit-*/
tar -xzf cockpit-*.tar.gz
( cd cockpit-*/
cp -rp tools/debian debian
# put proper version into changelog, as we have versioned dependencies
sed -i "1 s/(.*)/($upstream_ver-1)/" debian/changelog
# Hack: Remove PCP build dependencies while pcp is not in testing
# (https://tracker.debian.org/pcp)
sed -i '/libpcp.*-dev/d' debian/control
dpkg-buildpackage -S -uc -us -nc
)
# Some unit tests want a real network interface
echo USENETWORK=yes >>~/.pbuilderrc
# pbuilder < 0.228.6 has broken /dev/pts/ptmx permissions; affects Ubuntu < 17.04
# see https://bugs.debian.org/841935
if ! grep -q ptmxmode /usr/lib/pbuilder/pbuilder-modules; then
echo "Fixing /dev/pts/ptmx mode in pbuilder"
sed -i '/mount -t devpts none/ s/$/,ptmxmode=666,newinstance/' /usr/lib/pbuilder/pbuilder-modules
fi
pbuilder build --buildresult "$resultdir" \
--logfile "$resultdir/build.log" \
cockpit_${upstream_ver}-1.dsc >$stdout_dest
lintian $resultdir/cockpit_*_$(dpkg --print-architecture).changes >&2
fi
# Install
if [ -n "$do_install" ]; then
packages=$(find build-results -name "*.deb")
dpkg --install $packages
# FIXME: our tests expect cockpit.socket to not be running after boot, only
# after start_cockpit().
systemctl disable cockpit.socket
# HACK: tuned breaks QEMU (https://launchpad.net/bugs/1774000)
systemctl disable tuned.service 2>/dev/null || true
firewall-cmd --add-service=cockpit --permanent
journalctl --flush
journalctl --sync || killall systemd-journald
rm -rf /var/log/journal/*
fi

36
bots/images/scripts/lib/docker-images.setup Executable file
View file

@ -0,0 +1,36 @@
#!/bin/bash
set -ex
# This file is part of Cockpit.
#
# Copyright (C) 2016 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
if [ $(uname -m) = x86_64 ]; then
docker pull busybox:latest
docker pull busybox:buildroot-2014.02
docker pull gcr.io/google_containers/pause:0.8.0
docker pull k8s.gcr.io/pause-amd64:3.1
# some aliases for different k8s variants
docker tag k8s.gcr.io/pause-amd64:3.1 gcr.io/google_containers/pause-amd64:3.0
docker tag k8s.gcr.io/pause-amd64:3.1 k8s.gcr.io/pause:3.1
fi
# Download the i386 image and rename it
if [ $(uname -m) = i686 ]; then
docker pull i386/busybox:latest
docker tag docker.io/i386/busybox busybox
docker rmi docker.io/i386/busybox
fi

116
bots/images/scripts/lib/fedora.install Executable file
View file

@ -0,0 +1,116 @@
#! /bin/bash
set -ex
# don't update already installed cockpit packages
installed=$(rpm --query --all --queryformat "%{NAME}-\[0-9\]\n" "cockpit*")
skip="cockpit-doc-[0-9]"
if [ -n "$installed" ]; then
skip="$skip
$installed"
fi
do_build=
do_install=
# we build RHEL 7.x in a CentOS mock, thus we can't parse os-release in the .spec
mock_opts="--define='os_version_id $(. /etc/os-release; echo $VERSION_ID)'"
args=$(getopt -o "vqs:" -l "verbose,quick,skip:,build,install,rhel,HACK-no-bootstrap-chroot" -- "$@")
eval set -- "$args"
while [ $# -gt 0 ]; do
case $1 in
-v|--verbose)
mock_opts="$mock_opts --verbose"
;;
-q|--quick)
mock_opts="$mock_opts --nocheck --define='selinux 0'"
;;
-s|--skip)
skip="$skip
$2"
shift
;;
--build)
do_build=t
;;
--install)
do_install=t
;;
--rhel)
# For RHEL we actually build in EPEL, which is based
# on CentOS. On CentOS, the spec file has both
# %centos and %rhel defined, but it gives precedence
# to %centos, as it must. To make it produce the RHEL
# packages, we explicitly undefine %centos here.
mock_opts="$mock_opts --define='centos 0'"
;;
--HACK-no-bootstrap-chroot)
mock_opts="$mock_opts --no-bootstrap-chroot"
;;
--)
shift
break
;;
esac
shift
done
tar=$1
# Build
if [ -n "$do_build" ]; then
# Some tests need a non-loopback internet address, so we allow
# networking during build. Note that we use "--offline" below, so
# we should still be protected against unexpected package
# installations.
echo "config_opts['rpmbuild_networking'] = True" >>/etc/mock/site-defaults.cfg
# don't destroy the mock after building, we want to run rpmlint
echo "config_opts['cleanup_on_success'] = False" >>/etc/mock/site-defaults.cfg
# HACK: don't fall over on unavailable repositories, as we are offline
# (https://bugzilla.redhat.com/show_bug.cgi?id=1549291)
sed --follow-symlinks -i '/skip_if_unavailable=False/d' /etc/mock/default.cfg
rm -rf build-results
srpm=$(/var/lib/testvm/make-srpm "$tar")
LC_ALL=C.UTF-8 su builder -c "/usr/bin/mock --offline --no-clean --resultdir build-results $mock_opts --rebuild $srpm"
su builder -c "/usr/bin/mock --offline --shell" <<EOF
rm -rf /builddir/build
if type rpmlint >/dev/null 2>&1; then
# blacklist "E: no-changelogname-tag" rpmlint error, expected due to our template cockpit.spec
mkdir -p ~/.config
echo 'addFilter("E: no-changelogname-tag")' > ~/.config/rpmlint
# we expect the srpm to be clean
echo
echo '====== rpmlint on srpm ====='
rpmlint /builddir/build/SRPMS/*.src.rpm
# this still has lots of errors, run it for information only
echo
echo '====== rpmlint binary rpms (advisory) ====='
rpmlint /builddir/build/RPMS/ || true
else
echo '====== skipping rpmlint check, not installed ====='
fi
EOF
fi
# Install
if [ -n "$do_install" ]; then
packages=$(find build-results -name "*.rpm" -not -name "*.src.rpm" | grep -vG "$skip")
rpm -U --force $packages
if type firewall-cmd > /dev/null 2> /dev/null; then
systemctl start firewalld
firewall-cmd --add-service=cockpit --permanent
fi
# Make sure we clean out the journal
journalctl --flush
journalctl --sync || killall systemd-journald
rm -rf /var/log/journal/*
rm -rf /var/lib/NetworkManager/dhclient-*.lease
fi
if [ -n "$do_build" ]; then
su builder -c "/usr/bin/mock --clean"
fi

46
bots/images/scripts/lib/kubernetes.setup Executable file
View file

@ -0,0 +1,46 @@
#!/bin/bash
# Kubernetes is delivered in a non-functional state on Fedora and similar operating systems
# The following commands are needed to get it running.
cd /etc/kubernetes/
cat <<EOF > openssl.conf
oid_section = new_oids
[new_oids]
[req]
encrypt_key = no
string_mask = nombstr
req_extensions = v3_req
distinguished_name = v3_name
[v3_name]
commonName = kubernetes
[v3_req]
basicConstraints = CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
IP.1 = 127.0.0.1
IP.2 = 10.254.0.1
EOF
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 3072 -out ca.crt -subj '/CN=kubernetes'
openssl genrsa -out server.key 2048
openssl req -config openssl.conf -new -key server.key -out server.csr -subj '/CN=kubernetes'
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3072 -extensions v3_req -extfile openssl.conf
# make keys readable for "kube" group and thus for kube-apiserver.service on newer OSes
if getent group kube >/dev/null; then
chgrp kube ca.key server.key
chmod 640 ca.key server.key
fi
echo -e '{"user":"admin"}\n{"user":"scruffy","readonly": true}' > /etc/kubernetes/authorization
echo -e 'fubar,admin,10101\nscruffy,scruffy,10102' > /etc/kubernetes/passwd
echo 'KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/server.key --client-ca-file=/etc/kubernetes/ca.crt --tls-cert-file=/etc/kubernetes/server.crt --tls-private-key-file=/etc/kubernetes/server.key --basic-auth-file=/etc/kubernetes/passwd --authorization-mode=ABAC --authorization-policy-file=/etc/kubernetes/authorization"' >> apiserver
echo 'KUBE_CONTROLLER_MANAGER_ARGS="--root-ca-file=/etc/kubernetes/ca.crt --service-account-private-key-file=/etc/kubernetes/server.key"' >> controller-manager

33
bots/images/scripts/lib/make-srpm Executable file
View file

@ -0,0 +1,33 @@
#!/bin/bash
set -eu
tar=$1
version=$(echo "$1" | sed -n 's|.*cockpit-\([^ /-]\+\)\.tar\..*|\1|p')
if [ -z "$version" ]; then
echo "make-srpm: couldn't parse version from tarball: $1"
exit 2
fi
# We actually modify the spec so that the srpm is standalone buildable
modify_spec() {
sed -e "/^Version:.*/d" -e "1i\
%define wip wip\nVersion: $version\n"
}
tmpdir=$(mktemp -d $PWD/srpm-build.XXXXXX)
tar xaf "$1" -O cockpit-$version/tools/cockpit.spec | modify_spec > $tmpdir/cockpit.spec
rpmbuild -bs \
--quiet \
--define "_sourcedir $(dirname $1)" \
--define "_specdir $tmpdir" \
--define "_builddir $tmpdir" \
--define "_srcrpmdir `pwd`" \
--define "_rpmdir $tmpdir" \
--define "_buildrootdir $tmpdir/.build" \
$tmpdir/cockpit.spec
rpm --qf '%{Name}-%{Version}-%{Release}.src.rpm\n' -q --specfile $tmpdir/cockpit.spec | head -n1
rm -rf $tmpdir

BIN
bots/images/scripts/lib/pubring.gpg Normal file
View file

Binary file not shown.

BIN
bots/images/scripts/lib/secring.gpg Normal file
View file

Binary file not shown.

51
bots/images/scripts/lib/zero-disk.setup Executable file
View file

@ -0,0 +1,51 @@
#!/bin/bash
# This file is part of Cockpit.
#
# Copyright (C) 2016 Red Hat, Inc.
#
# Cockpit is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Cockpit is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with Cockpit; If not, see <http://www.gnu.org/licenses/>.
# We don't want to delete the pbuilder caches since we need them
# during build. Mock with --offline and dnf is happy without caches,
# but with yum it isn't, so we provide an option to also leave the
# mock caches in place.
#
# We also want to keep cracklib since otherwise password quality
# checks break on Debian.
if [ -f /root/.skip-zero-disk ]; then
echo "Skipping zero-disk.setup as /root/.skip-zero-disk exists"
exit 0
fi
keep="! -path /var/cache/pbuilder ! -path /var/cache/cracklib ! -path /var/cache/tomcat"
while [ $# -gt 0 ]; do
case $1 in
--keep-mock-cache)
keep="$keep ! -path /var/cache/mock"
;;
esac
shift
done
if [ -d "/var/cache" ]; then
find /var/cache/* -maxdepth 0 -depth -name "*" $keep -exec rm -rf {} \;
fi
rm -rf /var/tmp/*
rm -rf /var/log/journal/*
dd if=/dev/zero of=/root/junk || true
sync
rm -f /root/junk

3
bots/images/scripts/network-ifcfg-eth0 Normal file
View file

@ -0,0 +1,3 @@
BOOTPROTO="dhcp"
DEVICE="eth0"
ONBOOT="yes"

3
bots/images/scripts/network-ifcfg-eth1 Normal file
View file

@ -0,0 +1,3 @@
BOOTPROTO="none"
DEVICE="eth1"
ONBOOT="no"

4
bots/images/scripts/openshift.bootstrap Executable file
View file

@ -0,0 +1,4 @@
#! /bin/bash
BASE=$(dirname $0)
BOOTSTRAP_VOLUME_SIZE="20G" $BASE/virt-builder-fedora "$1" fedora-28 x86_64

2
bots/images/scripts/openshift.install Executable file
View file

@ -0,0 +1,2 @@
#!/bin/sh
# By default this does nothing

334
bots/images/scripts/openshift.setup Executable file
View file

@ -0,0 +1,334 @@
#! /bin/bash
set -eux
# Wait for x for many minutes
function wait() {
for i in $(seq 1 100); do
if eval "$@"; then
return 0
fi
sleep 6
done
exit 6
}
function docker_images_has() {
docker images | tr -s ' ' | cut -d ' ' --output-delimiter=: -f1,2 | grep -q "$1"
}
function docker_pull() {
docker pull $1
echo "$1" >> /tmp/pulledImages
docker_images_has $1
}
rm -f /tmp/pulledImages # will be populated by pulled images names
# Cleanup the file system a bit
rm -rf /var/cache/dnf /var/cache/yum
xfs_growfs /
echo foobar | passwd --stdin root
nmcli con add con-name "static-eth1" ifname eth1 type ethernet ip4 "10.111.112.101/20" gw4 10.111.112.1 ipv4.dns "10.111.112.1"
nmcli con up "static-eth1"
echo "10.111.112.101 f1.cockpit.lan" >> /etc/hosts
printf "OPENSHIFT CONSOLE\n https://10.111.112.101:8443\n Login: scruffy Password: scruffy\n\n" >> /etc/issue
printf "OPENSHIFT LISTENING ON LOCALHOST\n $ ssh -NL 8443:localhost:8443 root@10.111.112.101\n\n" >> /etc/issue
# Disable these things
ln -sf ../selinux/config /etc/sysconfig/selinux
printf 'SELINUX=permissive\nSELINUXTYPE=targeted\n' > /etc/selinux/config
setenforce 0
systemctl stop firewalld
dnf mark install iptables
dnf -y remove firewalld
iptables -F
wait dnf -y install docker python libselinux-python
hostnamectl set-hostname f1.cockpit.lan
# Setup a nfs server
wait dnf install -y nfs-utils
mkdir /nfsexport
echo "/nfsexport *(rw,sync)" > /etc/exports
# This name is put into /etc/hosts later
echo "INSECURE_REGISTRY='--insecure-registry registry:5000'" >> /etc/sysconfig/docker
systemctl enable docker
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
# Can't use latest because release on older versions are done out of order
RELEASES_JSON=$(curl -s https://api.github.com/repos/openshift/origin/releases)
set +x
VERSION=$(echo "$RELEASES_JSON" | LC_ALL=C.UTF-8 python3 -c "import json, sys, distutils.version; obj=json.load(sys.stdin); releases = [x.get('tag_name', '') for x in obj if not x.get('prerelease')]; print(sorted (releases, reverse=True, key=distutils.version.LooseVersion)[0])") || {
echo "Failed to parse latest release:" >&2
echo "$RELEASES_JSON" >&2
echo "------------------------------------" >&2
exit 1
}
set -x
# origin is too rotund to build in a normal sized VM. The linker
# step runs out of memory. In addition origin has no Fedora packages
docker_pull "openshift/origin:$VERSION"
docker run --rm --entrypoint tar "openshift/origin:$VERSION" -C /usr/bin -c openshift oc kubectl | tar -C /usr/bin -xv
# Runs a master if on the right address, otherwise runs a node
cat > /openshift-prep <<EOF
#!/bin/sh -ex
/usr/bin/hostnamectl set-hostname f1.cockpit.lan
/usr/bin/systemctl enable rpcbind
/usr/bin/systemctl start rpcbind
/usr/bin/systemctl start nfs-server
cmd="/usr/bin/openshift start --master=10.111.112.101 --listen=https://0.0.0.0:8443"
echo "#!/bin/sh -ex
\$cmd" > /openshift-run
EOF
chmod +x /openshift-prep
touch /openshift-run
chmod +x /openshift-run
cat > /etc/systemd/system/openshift.service <<EOF
[Unit]
Description=Openshift
Wants=network-online.target
After=network-online.target docker.service
Requires=docker.service
[Service]
ExecStartPre=/openshift-prep
ExecStart=/openshift-run
Restart=always
RestartSec=60
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable systemd-networkd-wait-online
systemctl enable openshift
systemctl start openshift || journalctl -u openshift
# Now pull all the images we're going to use with openshift
docker_pull "openshift/origin-deployer:$VERSION"
docker_pull "openshift/origin-docker-registry:$VERSION"
docker_pull "openshift/origin-pod:$VERSION"
# Now pull images used for integration tests
docker_pull registry:2
# HACK: Make openshift registry recognize docker registrys with the OpenShift CA
# (https://github.com/openshift/origin/issues/1753)
mkdir /tmp/registry
cd /tmp/registry
cat << EOF > Dockerfile
FROM openshift/origin-docker-registry:$VERSION
ADD *.crt /etc/pki/ca-trust/source/anchors/
USER 0
RUN update-ca-trust extract
USER 1001
EOF
cp /openshift.local.config/master/ca.crt openshift-ca.crt
docker build --tag openshift/origin-docker-registry:$VERSION .
cd /tmp/
rm -r /tmp/registry
cp /openshift.local.config/master/ca.crt /etc/pki/ca-trust/source/anchors/openshift-ca.crt
update-ca-trust extract
# HACK: Work around GnuTLS (client-side) or Go TLS (server-side) bug with
# multiple O= RDNs; if it's in the "wrong" order, create a new admin
# certificate that swaps it around
# See https://github.com/openshift/origin/issues/18715
dnf install -y openssl
if openssl x509 -in /openshift.local.config/master/admin.crt -text | grep -q 'Subject:.*system:cluster-admins.*system:masters'; then
echo "Regenerating admin certificate to work around https://github.com/openshift/origin/issues/18715"
pushd /openshift.local.config/master/
mv admin.key admin.key.orig
mv admin.crt admin.crt.orig
mv admin.kubeconfig admin.kubeconfig.orig
openssl genrsa -out admin.key 2048
openssl req -new -nodes -key admin.key -out admin.csr -subj '/O=system:masters/O=system:cluster-admins/CN=system:admin'
openssl x509 -req -in admin.csr -CA ca.crt -CAkey ca.key -CAcreateserial -days 730 -out admin.crt
rm admin.csr
oc adm create-kubeconfig --certificate-authority=ca.crt --client-certificate=admin.crt --client-key=admin.key --master="https://10.111.112.101:8443" --kubeconfig=admin.kubeconfig
popd
fi
mkdir -p /root/.kube
cp /openshift.local.config/master/admin.kubeconfig /root/.kube/config
# Check if we can connect to openshift
wait oc get namespaces
wait oc get scc/restricted
# Tell openshift to allow root containers by default. Otherwise most
# development examples just plain fail to work
oc patch scc restricted -p '{ "runAsUser": { "type": "RunAsAny" } }'
# Tell openshift to allow logins from the openshift web console on a localhost system
oc patch oauthclient/openshift-web-console -p '{"redirectURIs":["https://10.111.112.101:8443/console/", "https://localhost:9000/"]}'
# Deploy the registry
# --credentials deprecated
rm -rf /usr/share/rhel/secrets
oc adm registry
function endpoint_has_address() {
oc get endpoints $1 --template='{{.subsets}}' | grep -q addresses
}
function images_has() {
oc get images | grep -q "$1"
}
# Wait for registry deployment to happen
wait oc get endpoints docker-registry
wait endpoint_has_address docker-registry
# Load in some remote images
echo '{"apiVersion":"v1","kind":"ImageStream","metadata": {"name":"busybox"},"spec":{"dockerImageRepository": "busybox"}}' > /tmp/imagestream.json
oc create -f /tmp/imagestream.json
# Get registry address and configure docker for it
address="$(oc get services docker-registry | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}')"
echo "$address registry registry.cockpit.lan" >> /etc/hosts
echo "INSECURE_REGISTRY='--insecure-registry registry:5000 --insecure-registry $address'" >> /etc/sysconfig/docker
# Log in as another user
printf "scruffy\r\nscruffy\r\n" | oc login
oc new-project marmalade
token=$(oc whoami -t)
docker login -p "$token" -u unneeded registry:5000
echo '{"apiVersion":"v1","kind":"ImageStream","metadata": {"name":"busybee"}}' > /tmp/imagestream.json
oc create -f /tmp/imagestream.json
echo '{"apiVersion":"v1","kind":"ImageStream","metadata": {"name":"juggs"}}' > /tmp/imagestream.json
oc create -f /tmp/imagestream.json
echo '{"apiVersion":"v1","kind":"ImageStream","metadata": {"name":"origin"}}' > /tmp/imagestream.json
oc create -f /tmp/imagestream.json
# Get ready to push busybox into place
docker_pull busybox
docker tag busybox registry:5000/marmalade/busybee:latest
docker tag busybox registry:5000/marmalade/busybee:0.x
docker push registry:5000/marmalade/busybee
mkdir /tmp/juggs
cd /tmp/juggs
printf '#!/bin/sh\necho hello from container\nsleep 100000\n' > echo-script
printf 'FROM busybox\nMAINTAINER cockpit@example.com\nEXPOSE 8888\nADD echo-script /\nRUN chmod +x /echo-script\nCMD \"/echo-script\"' > Dockerfile
docker build -t registry:5000/marmalade/juggs:latest .
printf "FROM registry:5000/marmalade/juggs:latest\nVOLUME /test\nVOLUME /another\nWORKDIR /tmp" > Dockerfile
docker build -t registry:5000/marmalade/juggs:2.11 .
cp /usr/bin/openshift .
printf "FROM registry:5000/marmalade/juggs:latest\nADD openshift /usr/bin\nUSER nobody:wheel\nENTRYPOINT [\"top\", \"-b\"]\nCMD [\"-c\"]" > Dockerfile
docker build -t registry:5000/marmalade/juggs:2.5 .
printf "FROM registry:5000/marmalade/juggs:2.5\nSTOPSIGNAL SIGKILL\nONBUILD ADD . /app/src\nARG hello=test\nARG simple\nLABEL Test=Value\nLABEL version=\"1.0\"" > Dockerfile
docker build -t registry:5000/marmalade/juggs:2.8 .
printf "FROM registry:5000/marmalade/juggs:2.8\nLABEL description=\"This is a test description of an image. It can be as long as a paragraph, featuring a nice brogrammer sales pitch.\"\nLABEL name=\"Juggs Image\"\nLABEL build-date=2016-03-04\nLABEL url=\"http://hipsum.co/\"" > Dockerfile
docker build -t registry:5000/marmalade/juggs:2.9 .
cd /tmp
rm -r /tmp/juggs
docker push registry:5000/marmalade/juggs
# Tag this image twice
docker tag docker.io/busybox:latest registry:5000/marmalade/origin
docker push registry:5000/marmalade/origin
docker tag "openshift/origin:$VERSION" registry:5000/marmalade/origin
docker push registry:5000/marmalade/origin
oc new-project pizzazz
# Some big image streams
for i in $(seq 1 15); do
for j in $(seq 1 10); do
docker tag docker.io/busybox:latest registry:5000/pizzazz/stream$i:tag$j
done
docker push registry:5000/pizzazz/stream$i
done
# And a monster sized one
for j in $(seq 1 100); do
docker tag docker.io/busybox:latest registry:5000/pizzazz/monster:tag$j
done
docker push registry:5000/pizzazz/monster
# Use the admin context by default
oc config use-context default/10-111-112-101:8443/system:admin
# Some roles for testing against
printf '{"kind":"List","apiVersion":"v1","items":[{"kind":"RoleBinding","apiVersion":"v1","metadata":{"name":"registry-editor","namespace":"marmalade","resourceVersion":"1"},"userNames":["scruffy","amanda"],"groupNames":null,"subjects":[{"kind":"User","name":"scruffy"},{"kind":"User","name":"amanda"}],"roleRef":{"name":"registry-editor"}},{"kind":"RoleBinding","apiVersion":"v1","metadata":{"name":"registry-viewer","namespace":"marmalade","resourceVersion":"1"},"userNames":["scruffy","tom","amanda"],"groupNames":["sports"],"subjects":[{"kind":"User","name":"scruffy"},{"kind":"User","name":"tom"},{"kind":"User","name":"amanda"},{"kind":"Group","name":"sports"}],"roleRef":{"name":"registry-viewer"}}]}' | oc create -f -
oc patch rolebinding/admin --namespace=marmalade -p '{"kind": "RoleBinding", "metadata":{"name":"admin","namespace":"marmalade"},"userNames":["scruffy"],"groupNames":null,"subjects":[{"kind":"User","name":"scruffys"}],"roleRef":{"name":"admin"}}' || true
# For testing the Cockpit OAuth client
printf '{"kind":"OAuthClient","apiVersion":"v1","metadata":{"name":"cockpit-oauth-devel"},"respondWithChallenges":false,"secret":"secret","allowAnyScope":true,"redirectURIs":["http://localhost:9001"] }' | oc create -f -
# Wait for it to download
wait images_has busybox
# Setup basics for building images
docker build -t cockpit/base /var/tmp/cockpit-base
# Print out the kubeconfig file for copy paste
echo "---------------------------------------------------------------"
cat /root/.kube/config
# Wait a bit in case an operator wants to copy some info
sleep 20
# Use standard locations for kubelet kubeconfig. f1.cockpit.lan is the master hostname, which
# is its own node and we just copy that for the others
mkdir -p /var/lib/kubelet
cp /openshift.local.config/node-f1.cockpit.lan/node.kubeconfig /var/lib/kubelet/kubeconfig
# Turn this on in sshd_config, not in use until binary is in place
printf 'AuthorizedKeysCommand /usr/local/bin/authorized-kube-keys --kubeconfig=/var/lib/kubelet/kubeconfig\nAuthorizedKeysCommandUser root' >> /etc/ssh/sshd_config
# Pull down remaining images
/var/lib/testvm/docker-images.setup
dnf install -y cockpit-system
docker info
# reduce image size
dnf clean all
systemctl stop docker
# write all changes before filling the disk
sync
/var/lib/testvm/zero-disk.setup
systemctl start docker && sleep 10
# Verify all pulled docker images are really present
echo All present images:
docker images
echo "Total docker images:"
docker images | wc
docker images --format "{{.Repository}}:{{.Tag}}" > /tmp/presentImages
echo
echo All images actually pulled
cat /tmp/presentImages
echo
echo
echo All images expected to be pulled
cat /tmp/pulledImages
echo
# Verify all expected are actually pulled
while read img ; do
echo Verify "$img"
grep "$img" /tmp/presentImages || (echo "Error: Image $img is missing" && exit 10)
done < /tmp/pulledImages

1
bots/images/scripts/ovirt.bootstrap Symbolic link
View file

@ -0,0 +1 @@
centos-7.bootstrap

5
bots/images/scripts/ovirt.install Executable file
View file

@ -0,0 +1,5 @@
#! /bin/bash
set -e
/var/lib/testvm/fedora.install "$@"

10
bots/images/scripts/rhel-7-7.bootstrap Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
set -ex
if [ -z "$SUBSCRIPTION_PATH" ] && [ -e ~/.rhel/login ]; then
SUBSCRIPTION_PATH=~/.rhel
fi
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "http://download.eng.bos.redhat.com/nightly/latest-RHEL-7.7/compose/Server/x86_64/os/" $SUBSCRIPTION_PATH

8
bots/images/scripts/rhel-7-7.install Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
set -e
# remove cockpit distro packages, testing with upstream master
rpm --erase --verbose cockpit cockpit-ws cockpit-bridge cockpit-system
/var/lib/testvm/fedora.install --rhel "$@"

1
bots/images/scripts/rhel-7-7.setup Symbolic link
View file

@ -0,0 +1 @@
rhel.setup

5
bots/images/scripts/rhel-8-0-distropkg.install Executable file
View file

@ -0,0 +1,5 @@
#! /bin/bash
set -e
/var/lib/testvm/fedora.install --rhel "$@"

11
bots/images/scripts/rhel-8-0.bootstrap Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
set -ex
if [ -z "$SUBSCRIPTION_PATH" ] && [ -e ~/.rhel/login ]; then
SUBSCRIPTION_PATH=~/.rhel
fi
BASE=$(dirname $0)
# last URL for 8.0.0, later nightlies are for z-stream and have no images
$BASE/virt-install-fedora "$1" x86_64 "http://download.devel.redhat.com/rhel-8/rel-eng/RHEL-8/latest-RHEL-8.0/compose/BaseOS/x86_64/os/" $SUBSCRIPTION_PATH

9
bots/images/scripts/rhel-8-0.install Executable file
View file

@ -0,0 +1,9 @@
#! /bin/bash
set -e
# remove cockpit distro packages, testing with upstream master
# subscription-manager-cockpit needs these, thus --nodeps
rpm --erase --nodeps --verbose cockpit cockpit-ws cockpit-bridge cockpit-system
/var/lib/testvm/fedora.install --rhel "$@"

1
bots/images/scripts/rhel-8-0.setup Symbolic link
View file

@ -0,0 +1 @@
rhel.setup

10
bots/images/scripts/rhel-8-1.bootstrap Executable file
View file

@ -0,0 +1,10 @@
#!/bin/bash
set -ex
if [ -z "$SUBSCRIPTION_PATH" ] && [ -e ~/.rhel/login ]; then
SUBSCRIPTION_PATH=~/.rhel
fi
BASE=$(dirname $0)
$BASE/virt-install-fedora "$1" x86_64 "http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/latest-RHEL-8.1/compose/BaseOS/x86_64/os/" $SUBSCRIPTION_PATH

9
bots/images/scripts/rhel-8-1.install Executable file
View file

@ -0,0 +1,9 @@
#! /bin/bash
set -e
# remove cockpit distro packages, testing with upstream master
# subscription-manager-cockpit needs these, thus --nodeps
rpm --erase --nodeps --verbose cockpit cockpit-ws cockpit-bridge cockpit-system
/var/lib/testvm/fedora.install --rhel "$@"

1
bots/images/scripts/rhel-8-1.setup Symbolic link
View file

@ -0,0 +1 @@
rhel.setup

8
bots/images/scripts/rhel-atomic.bootstrap Executable file
View file

@ -0,0 +1,8 @@
#! /bin/bash
set -e
url="http://cdn.stage.redhat.com/content/dist/rhel/atomic/7/7Server/x86_64/images/"
BASE=$(dirname $0)
$BASE/atomic.bootstrap "$1" "$url" sort 1 "rhel-atomic-cloud-([0-9\.-]+).x86_64.qcow2"

5
bots/images/scripts/rhel-atomic.install Executable file
View file

@ -0,0 +1,5 @@
#! /bin/bash
set -e
/var/lib/testvm/atomic.install --skip cockpit-sosreport "$@"

17
bots/images/scripts/rhel-atomic.setup Executable file
View file

@ -0,0 +1,17 @@
#!/bin/bash
set -e
# subscribe
subscription-manager register --auto-attach --username=`cat ~/.rhel/login` --password=`cat ~/.rhel/pass`
rm -rf ~/.rhel
trap "subscription-manager unregister" EXIT
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
docker pull rhel7/support-tools
docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest
docker pull registry.access.redhat.com/rhel7/cockpit-ws
docker tag registry.access.redhat.com/rhel7/cockpit-ws cockpit/ws
/var/lib/testvm/atomic.setup

415
bots/images/scripts/rhel.setup Executable file
View file

@ -0,0 +1,415 @@
#!/bin/bash
set -e
IMAGE="$1"
YUM_INSTALL="yum --setopt=skip_missing_names_on_install=False -y install"
# HACK - virt-resize might not be able to resize our xfs rootfs,
# depending on how it was compiled and which plugins are installed,
# and will just silently not do it. So we do it here.
#
df --output=source,fstype / | tail -n1 | while read source fstype; do
case $fstype in
ext*)
resize2fs $source
;;
xfs*)
xfs_growfs /
;;
esac
done
df -Th /
# If the file /root/.skip_repos is present on the machine,
# all actions regarding the repositories will be skipped:
# subscriptions, adding repos, deleting existing entries
SKIP_REPO_FLAG="/root/.skip_repos"
# Only start logging here. Otherwise the subscription credentials
# appear in the output above.
#
set -x
if [ ! -f "$SKIP_REPO_FLAG" ]; then
# Configure repositories.
if [ "$IMAGE" = "rhel-7-7" ]; then
# disable all default repos
rm -f --verbose /etc/yum.repos.d/*.repo
cat <<EOF > /etc/yum.repos.d/internal.repo
[RHEL-7.7]
name=base-rhel
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/os
enabled=1
gpgcheck=0
[EXTRAS-7.7-LATEST]
name=rhel-extras-compose
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/os/
enabled=1
gpgcheck=0
[RHEL-7.7-DEBUG]
name=base-rhel-debug
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/debug/tree/
enabled=0
gpgcheck=0
[EXTRAS-7.7-DEBUG]
name=rhel-extras-compose-debug
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/debug/tree/
enabled=0
gpgcheck=0
EOF
$YUM_INSTALL yum-utils
elif [ "$IMAGE" = "rhel-7-8" ]; then
# disable all default repos
rm -f --verbose /etc/yum.repos.d/*.repo
cat <<EOF > /etc/yum.repos.d/nightly.repo
[RHEL-7.8]
name=base-rhel
baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/os
enabled=1
gpgcheck=0
[EXTRAS-7.8]
name=rhel-extras-compose
baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/os
enabled=1
gpgcheck=0
[RHEL-7.8-DEBUG]
name=base-rhel-debug
baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/debug/tree
enabled=0
gpgcheck=0
[EXTRAS-7.8-DEBUG]
name=rhel-extras-compose-debug
baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/debug/tree
enabled=0
gpgcheck=0
EOF
$YUM_INSTALL yum-utils
elif [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
case "$IMAGE" in
rhel-8-0) REPO="latest-RHEL-8.0" ;;
rhel-8-1) REPO="latest-RHEL-8.1" ;;
*) echo "Unknown image $IMAGE"; exit 1
esac
cat <<EOF > /etc/yum.repos.d/nightly.repo
[RHEL-8-NIGHTLY-BaseOS]
name=baseos
baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/os/
enabled=1
gpgcheck=0
[RHEL-8-NIGHTLY-AppStream]
name=appstream
baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/os/
enabled=1
gpgcheck=0
[RHEL-8-NIGHTLY-BaseOS-Debug]
name=baseos-debug
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/debug/tree/
enabled=0
gpgcheck=0
[RHEL-8-NIGHTLY-AppStream-Debug]
name=appstream-debug
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/debug/tree/
enabled=0
gpgcheck=0
EOF
# make ipa-client available
dnf module enable -y idm:client
fi
if [ "${IMAGE#rhel-7*}" != "$IMAGE" ]; then
# the following don't necessarily need to work
yum-config-manager --disable rhel-sjis-for-rhel-7-server-rpms || true
yum-config-manager --disable rhel-7-server-htb-rpms || true
yum-config-manager --disable rhel-7-server-rt-beta-rpms || true
fi
fi
yum --nogpgcheck -y update
echo foobar | passwd --stdin root
# We install all dependencies of the cockpit packages since we want
# them to not spontaneously change from one test run to the next when
# the distribution repository is updated.
COCKPIT_DEPS="\
atomic \
device-mapper-multipath \
docker \
glib-networking \
json-glib \
kexec-tools \
libssh \
libvirt-client \
libvirt-daemon-kvm \
NetworkManager-team \
openssl \
PackageKit \
pcp-libs \
pcp \
realmd \
redhat-logos \
selinux-policy-targeted \
setroubleshoot-server \
subscription-manager \
sos \
tuned \
udisks2 \
udisks2-lvm2 \
udisks2-iscsi \
"
# We also install the packages necessary to join a FreeIPA domain so
# that we don't have to go to the network during a test run.
# on epel/rhel we have ipa-client instead of freeipa-client
IPA_CLIENT_PACKAGES="\
ipa-client \
oddjob \
oddjob-mkhomedir \
sssd \
sssd-dbus \
"
TEST_PACKAGES="\
valgrind \
gdb \
nmap-ncat \
targetcli \
yum-utils \
virt-install \
libvirt-daemon-config-network \
cryptsetup \
qemu-kvm \
socat \
vdo \
kmod-kvdo \
dracut-fips \
clevis-luks \
tang \
boom-boot \
"
if [ "$IMAGE" = "centos-7" ]; then
COCKPIT_DEPS="${COCKPIT_DEPS/redhat-logos/}"
fi
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "$IMAGE" == "centos-7" ]; then
COCKPIT_DEPS="$COCKPIT_DEPS kubernetes-client"
fi
if [ "$IMAGE" = "rhel-7-7" ]; then
COCKPIT_DEPS="$COCKPIT_DEPS libvirt-dbus"
fi
if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then
# needed for composer testing
TEST_PACKAGES="${TEST_PACKAGES} gcc-c++ lorax-composer"
fi
if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
TEST_PACKAGES="${TEST_PACKAGES/yum-utils/dnf-utils}"
TEST_PACKAGES="${TEST_PACKAGES} dnf-automatic"
# Atomic/docker are not on RHEL 8
COCKPIT_DEPS="${COCKPIT_DEPS/atomic /}"
COCKPIT_DEPS="${COCKPIT_DEPS/docker /}"
COCKPIT_DEPS="${COCKPIT_DEPS} podman"
COCKPIT_DEPS="${COCKPIT_DEPS} libvirt-dbus"
TEST_PACKAGES="${TEST_PACKAGES} libvirt-daemon-config-network"
# Install node for external Composer tests, they use our rhel-* images
TEST_PACKAGES="${TEST_PACKAGES} nodejs"
TEST_PACKAGES="${TEST_PACKAGES} subscription-manager-cockpit"
# Install insights-client for external subscription-manager tests
TEST_PACKAGES="${TEST_PACKAGES} insights-client"
fi
# in RHEL/CentOS 7, boom is shipped in a different package
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then
TEST_PACKAGES="${TEST_PACKAGES/boom-boot/lvm2-python-boom}"
fi
pkgs="$TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES"
$YUM_INSTALL $pkgs
# Pre-install cockpit packages from base preinstalled, to check for API breakages
# and more convenient interactive debugging
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then
$YUM_INSTALL cockpit
else
# >= 8 supports weak dependencies
sudo dnf --setopt=install_weak_deps=False install -y cockpit
fi
# For debugging udisks/storaged crashes
debuginfo-install -y udisks2
# Prepare for building
# only install mock and build if DO_BUILD is 1
if [ "$DO_BUILD" -eq 1 ]; then
if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
# no EPEL for rhel-8-0 yet, so install mock from Fedora 28
dnf install -y rpm-build
cat <<EOF > /etc/yum.repos.d/fedora.repo
[fedora]
name=Fedora 28 - \$basearch
baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/28/Everything/\$basearch/os/
enabled=1
gpgcheck=0
EOF
dnf install -y --setopt=install_weak_deps=False mock
rm /etc/yum.repos.d/fedora.repo
case "$IMAGE" in
rhel-8-0) REPO="rhel-8.0.0-build" ;;
rhel-8-1) REPO="rhel-8.1.0-build" ;;
*) echo "Unknown image $IMAGE"; exit 1
esac
cat <<EOF > /etc/mock/default.cfg
config_opts['chroothome'] = '/builddir'
config_opts['use_host_resolv'] = False
config_opts['basedir'] = '/var/lib/mock'
config_opts['rpmbuild_timeout'] = 86400
config_opts['yum.conf'] = '[main]\\ncachedir=/var/cache/yum\\ndebuglevel=1\\nlogfile=/var/log/yum.log\\nreposdir=/dev/null\\nretries=20\\nobsoletes=1\\ngpgcheck=0\\nassumeyes=1\\nkeepcache=1\\ninstall_weak_deps=0\\nstrict=1\\n\\n# repos\\n\\n[build]\\nname=build\\nbaseurl=http://download.devel.redhat.com/brewroot/repos/$REPO/latest/x86_64/\\n'
config_opts['chroot_setup_cmd'] = 'groupinstall build'
config_opts['target_arch'] = 'x86_64'
config_opts['root'] = u'rhel-8-candidate-x86_64'
config_opts['macros']['%_topdir'] = '/builddir/build'
config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
EOF
else
# enable epel for mock
if [ ! -f "$SKIP_REPO_FLAG" ]; then
mkdir /tmp/dep
cd /tmp/dep
$YUM_INSTALL wget
wget -T 15 -t 4 http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y remove wget
rpm -Uvh epel-release-*.rpm
cd
rm -rf /tmp/dep
fi
$YUM_INSTALL rpm-build mock
# disable epel again
yum-config-manager --disable 'epel*'
fi
useradd -c Builder -G mock builder
opsys=$(cut -d '-' -f 1 <<< "$IMAGE")
version=$(cut -d '-' -f 2 <<< "$IMAGE")
su builder -c "/usr/bin/mock --verbose -i $(/var/lib/testvm/build-deps.sh "$opsys $version")"
su builder -c "/usr/bin/mock --install --verbose rpmlint"
fi
yum clean all || true
# For the D-Bus test server
if type "firewall-cmd" >/dev/null 2>&1; then
FIREWALL_STATE=$(firewall-cmd --state || true)
if [ "$FIREWALL_STATE" == "running" ]; then
firewall-cmd --permanent --add-port 8765/tcp
fi
fi
echo 'NETWORKING=yes' > /etc/sysconfig/network
useradd -c Administrator -G wheel admin
echo foobar | passwd --stdin admin
# To enable persistent logging
mkdir -p /var/log/journal
if type "docker" >/dev/null 2>&1; then
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
# docker images that we need for integration testing
/var/lib/testvm/docker-images.setup
fi
/var/lib/testvm/zero-disk.setup --keep-mock-cache
# HACK - kdump.service interferes with our storage tests, by loading
# the system for some time after boot and thereby causing a race
# between parted and udevd to turn out for the worse. Disabling
# kdump.service helps somewhat, but the race is still there, and
# parted still fails occasionally.
#
# https://bugzilla.redhat.com/show_bug.cgi?id=1245144
# Fixed in parted-3.1-23.el7
#
systemctl disable kdump.service
# Install node for external Composer tests, they use our rhel-* images
if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then
NODE_VERSION="8.12.0"
# key 7E37093B: public key "Christopher Dickinson <christopher.s.dickinson@gmail.com>" imported
# key DBE9B9C5: public key "Colin Ihrig <cjihrig@gmail.com>" imported
# key D2306D93: public key "keybase.io/octetcloud <octetcloud@keybase.io>" imported
# key 4EB7990E: public key "Jeremiah Senkpiel <fishrock123@rocketmail.com>" imported
# key 7EDE3FC1: public key "keybase.io/jasnell <jasnell@keybase.io>" imported
# key 7D83545D: public key "Rod Vagg <rod@vagg.org>" imported
# key 4C206CA9: public key "Evan Lucas <evanlucas@me.com>" imported
# key CC11F4C8: public key "Myles Borins <myles.borins@gmail.com>" imported
for key in \
9554F04D7259F04124DE6B476D5A82AC7E37093B \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
FD3A5288F042B6850C66B31F09FE44734EB7990E \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
; do
# this is very flaky from our internal network; retry a few times
retry=0
until gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"; do
retry=$((retry + 1))
if [ $retry -eq 10 ]; then
echo "Repeatedly failed to retrieve key, giving up." >&2
exit 1
fi
sleep 5
done
done
curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz"
curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"
gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc
grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c -
tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1
rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt
fi
# Final tweaks
rm -rf /var/log/journal/*
# RHEL 7 does not enable systemd-coredump by default, later versions do
if ! grep -qr core_pattern /usr/lib/sysctl.d/; then
echo "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e" > /etc/sysctl.d/50-coredump.conf
fi
# Prevent SSH from hanging for a long time when no external network access
echo 'UseDNS no' >> /etc/ssh/sshd_config
# Audit events to the journal
if [ ! -f /root/.keep-audit ]; then
rm -f '/etc/systemd/system/multi-user.target.wants/auditd.service'
rm -rf /var/log/audit/
else
echo "Keeping audit enabled as /root/.keep-audit exists"
fi

25
bots/images/scripts/selenium.bootstrap Executable file
View file

@ -0,0 +1,25 @@
#!/bin/bash
#
# Copyright (C) 2015 Red Hat Inc.
# Author: Dominik Perpeet <dperpeet@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
set -ex
BASE=$(dirname $0)
$BASE/virt-builder-fedora "$1" fedora-30 x86_64

44
bots/images/scripts/selenium.setup Executable file
View file

@ -0,0 +1,44 @@
#!/bin/bash
#
# Copyright (C) 2015 Red Hat Inc.
# Author: Dominik Perpeet <dperpeet@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
# 02110-1301 USA.
set -ex
SELENIUM_DEPS="\
docker \
"
dnf -y upgrade
dnf -y install $SELENIUM_DEPS
systemctl disable firewalld
# HACK: docker falls over regularly, print its log if it does
systemctl start docker || journalctl -u docker
systemctl enable docker
# docker images that we need for integration testing
docker pull selenium/hub:3
docker pull selenium/node-chrome-debug:3
docker pull selenium/node-firefox-debug:3
# reduce image size
dnf clean all
/var/lib/testvm/zero-disk.setup

2
bots/images/scripts/ubuntu-1804.bootstrap Executable file
View file

@ -0,0 +1,2 @@
#! /bin/sh -ex
exec $(dirname $0)/lib/debian.bootstrap "$1" "$2" ubuntu-18.04 ""

Some files were not shown because too many files have changed in this diff Show more