#!/bin/bash set -e IMAGE="$1" YUM_INSTALL="yum --setopt=skip_missing_names_on_install=False -y install" # HACK - virt-resize might not be able to resize our xfs rootfs, # depending on how it was compiled and which plugins are installed, # and will just silently not do it. So we do it here. # df --output=source,fstype / | tail -n1 | while read source fstype; do case $fstype in ext*) resize2fs $source ;; xfs*) xfs_growfs / ;; esac done df -Th / # If the file /root/.skip_repos is present on the machine, # all actions regarding the repositories will be skipped: # subscriptions, adding repos, deleting existing entries SKIP_REPO_FLAG="/root/.skip_repos" # Only start logging here. Otherwise the subscription credentials # appear in the output above. # set -x if [ ! -f "$SKIP_REPO_FLAG" ]; then # Configure repositories. if [ "$IMAGE" = "rhel-7-7" ]; then # disable all default repos rm -f --verbose /etc/yum.repos.d/*.repo cat < /etc/yum.repos.d/internal.repo [RHEL-7.7] name=base-rhel baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/os enabled=1 gpgcheck=0 [EXTRAS-7.7-LATEST] name=rhel-extras-compose baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/os/ enabled=1 gpgcheck=0 [RHEL-7.7-DEBUG] name=base-rhel-debug baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/debug/tree/ enabled=0 gpgcheck=0 [EXTRAS-7.7-DEBUG] name=rhel-extras-compose-debug baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/debug/tree/ enabled=0 gpgcheck=0 EOF $YUM_INSTALL yum-utils elif [ "$IMAGE" = "rhel-7-8" ]; then # disable all default repos rm -f --verbose /etc/yum.repos.d/*.repo cat < /etc/yum.repos.d/nightly.repo [RHEL-7.8] name=base-rhel baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/os enabled=1 gpgcheck=0 [EXTRAS-7.8] name=rhel-extras-compose baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/os enabled=1 gpgcheck=0 [RHEL-7.8-DEBUG] name=base-rhel-debug baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/debug/tree enabled=0 gpgcheck=0 [EXTRAS-7.8-DEBUG] name=rhel-extras-compose-debug baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/debug/tree enabled=0 gpgcheck=0 EOF $YUM_INSTALL yum-utils elif [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then case "$IMAGE" in rhel-8-0) REPO="latest-RHEL-8.0" ;; rhel-8-1) REPO="latest-RHEL-8.1" ;; *) echo "Unknown image $IMAGE"; exit 1 esac cat < /etc/yum.repos.d/nightly.repo [RHEL-8-NIGHTLY-BaseOS] name=baseos baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/os/ enabled=1 gpgcheck=0 [RHEL-8-NIGHTLY-AppStream] name=appstream baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/os/ enabled=1 gpgcheck=0 [RHEL-8-NIGHTLY-BaseOS-Debug] name=baseos-debug baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/debug/tree/ enabled=0 gpgcheck=0 [RHEL-8-NIGHTLY-AppStream-Debug] name=appstream-debug baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/debug/tree/ enabled=0 gpgcheck=0 EOF # make ipa-client available dnf module enable -y idm:client fi if [ "${IMAGE#rhel-7*}" != "$IMAGE" ]; then # the following don't necessarily need to work yum-config-manager --disable rhel-sjis-for-rhel-7-server-rpms || true yum-config-manager --disable rhel-7-server-htb-rpms || true yum-config-manager --disable rhel-7-server-rt-beta-rpms || true fi fi yum --nogpgcheck -y update echo foobar | passwd --stdin root # We install all dependencies of the cockpit packages since we want # them to not spontaneously change from one test run to the next when # the distribution repository is updated. COCKPIT_DEPS="\ atomic \ device-mapper-multipath \ docker \ glib-networking \ json-glib \ kexec-tools \ libssh \ libvirt-client \ libvirt-daemon-kvm \ NetworkManager-team \ openssl \ PackageKit \ pcp-libs \ pcp \ realmd \ redhat-logos \ selinux-policy-targeted \ setroubleshoot-server \ subscription-manager \ sos \ tuned \ udisks2 \ udisks2-lvm2 \ udisks2-iscsi \ " # We also install the packages necessary to join a FreeIPA domain so # that we don't have to go to the network during a test run. # on epel/rhel we have ipa-client instead of freeipa-client IPA_CLIENT_PACKAGES="\ ipa-client \ oddjob \ oddjob-mkhomedir \ sssd \ sssd-dbus \ " TEST_PACKAGES="\ valgrind \ gdb \ nmap-ncat \ targetcli \ yum-utils \ virt-install \ libvirt-daemon-config-network \ cryptsetup \ qemu-kvm \ socat \ vdo \ kmod-kvdo \ dracut-fips \ clevis-luks \ tang \ boom-boot \ " if [ "$IMAGE" = "centos-7" ]; then COCKPIT_DEPS="${COCKPIT_DEPS/redhat-logos/}" fi if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "$IMAGE" == "centos-7" ]; then COCKPIT_DEPS="$COCKPIT_DEPS kubernetes-client" fi if [ "$IMAGE" = "rhel-7-7" ]; then COCKPIT_DEPS="$COCKPIT_DEPS libvirt-dbus" fi if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then # needed for composer testing TEST_PACKAGES="${TEST_PACKAGES} gcc-c++ lorax-composer" fi if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then TEST_PACKAGES="${TEST_PACKAGES/yum-utils/dnf-utils}" TEST_PACKAGES="${TEST_PACKAGES} dnf-automatic" # Atomic/docker are not on RHEL 8 COCKPIT_DEPS="${COCKPIT_DEPS/atomic /}" COCKPIT_DEPS="${COCKPIT_DEPS/docker /}" COCKPIT_DEPS="${COCKPIT_DEPS} podman" COCKPIT_DEPS="${COCKPIT_DEPS} libvirt-dbus" TEST_PACKAGES="${TEST_PACKAGES} libvirt-daemon-config-network" # Install node for external Composer tests, they use our rhel-* images TEST_PACKAGES="${TEST_PACKAGES} nodejs" TEST_PACKAGES="${TEST_PACKAGES} subscription-manager-cockpit" # Install insights-client for external subscription-manager tests TEST_PACKAGES="${TEST_PACKAGES} insights-client" fi # in RHEL/CentOS 7, boom is shipped in a different package if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then TEST_PACKAGES="${TEST_PACKAGES/boom-boot/lvm2-python-boom}" fi pkgs="$TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES" $YUM_INSTALL $pkgs # Pre-install cockpit packages from base preinstalled, to check for API breakages # and more convenient interactive debugging if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then $YUM_INSTALL cockpit else # >= 8 supports weak dependencies sudo dnf --setopt=install_weak_deps=False install -y cockpit fi # For debugging udisks/storaged crashes debuginfo-install -y udisks2 # Prepare for building # only install mock and build if DO_BUILD is 1 if [ "$DO_BUILD" -eq 1 ]; then if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then # no EPEL for rhel-8-0 yet, so install mock from Fedora 28 dnf install -y rpm-build cat < /etc/yum.repos.d/fedora.repo [fedora] name=Fedora 28 - \$basearch baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/28/Everything/\$basearch/os/ enabled=1 gpgcheck=0 EOF dnf install -y --setopt=install_weak_deps=False mock rm /etc/yum.repos.d/fedora.repo case "$IMAGE" in rhel-8-0) REPO="rhel-8.0.0-build" ;; rhel-8-1) REPO="rhel-8.1.0-build" ;; *) echo "Unknown image $IMAGE"; exit 1 esac cat < /etc/mock/default.cfg config_opts['chroothome'] = '/builddir' config_opts['use_host_resolv'] = False config_opts['basedir'] = '/var/lib/mock' config_opts['rpmbuild_timeout'] = 86400 config_opts['yum.conf'] = '[main]\\ncachedir=/var/cache/yum\\ndebuglevel=1\\nlogfile=/var/log/yum.log\\nreposdir=/dev/null\\nretries=20\\nobsoletes=1\\ngpgcheck=0\\nassumeyes=1\\nkeepcache=1\\ninstall_weak_deps=0\\nstrict=1\\n\\n# repos\\n\\n[build]\\nname=build\\nbaseurl=http://download.devel.redhat.com/brewroot/repos/$REPO/latest/x86_64/\\n' config_opts['chroot_setup_cmd'] = 'groupinstall build' config_opts['target_arch'] = 'x86_64' config_opts['root'] = u'rhel-8-candidate-x86_64' config_opts['macros']['%_topdir'] = '/builddir/build' config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm' EOF else # enable epel for mock if [ ! -f "$SKIP_REPO_FLAG" ]; then mkdir /tmp/dep cd /tmp/dep $YUM_INSTALL wget wget -T 15 -t 4 http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm yum -y remove wget rpm -Uvh epel-release-*.rpm cd rm -rf /tmp/dep fi $YUM_INSTALL rpm-build mock # disable epel again yum-config-manager --disable 'epel*' fi useradd -c Builder -G mock builder opsys=$(cut -d '-' -f 1 <<< "$IMAGE") version=$(cut -d '-' -f 2 <<< "$IMAGE") su builder -c "/usr/bin/mock --verbose -i $(/var/lib/testvm/build-deps.sh "$opsys $version")" su builder -c "/usr/bin/mock --install --verbose rpmlint" fi yum clean all || true # For the D-Bus test server if type "firewall-cmd" >/dev/null 2>&1; then FIREWALL_STATE=$(firewall-cmd --state || true) if [ "$FIREWALL_STATE" == "running" ]; then firewall-cmd --permanent --add-port 8765/tcp fi fi echo 'NETWORKING=yes' > /etc/sysconfig/network useradd -c Administrator -G wheel admin echo foobar | passwd --stdin admin # To enable persistent logging mkdir -p /var/log/journal if type "docker" >/dev/null 2>&1; then # HACK: docker falls over regularly, print its log if it does systemctl start docker || journalctl -u docker # docker images that we need for integration testing /var/lib/testvm/docker-images.setup fi /var/lib/testvm/zero-disk.setup --keep-mock-cache # HACK - kdump.service interferes with our storage tests, by loading # the system for some time after boot and thereby causing a race # between parted and udevd to turn out for the worse. Disabling # kdump.service helps somewhat, but the race is still there, and # parted still fails occasionally. # # https://bugzilla.redhat.com/show_bug.cgi?id=1245144 # Fixed in parted-3.1-23.el7 # systemctl disable kdump.service # Install node for external Composer tests, they use our rhel-* images if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then NODE_VERSION="8.12.0" # key 7E37093B: public key "Christopher Dickinson " imported # key DBE9B9C5: public key "Colin Ihrig " imported # key D2306D93: public key "keybase.io/octetcloud " imported # key 4EB7990E: public key "Jeremiah Senkpiel " imported # key 7EDE3FC1: public key "keybase.io/jasnell " imported # key 7D83545D: public key "Rod Vagg " imported # key 4C206CA9: public key "Evan Lucas " imported # key CC11F4C8: public key "Myles Borins " imported for key in \ 9554F04D7259F04124DE6B476D5A82AC7E37093B \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ 0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \ FD3A5288F042B6850C66B31F09FE44734EB7990E \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ B9AE9905FFD7803F25714661B63B535A4C206CA9 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ ; do # this is very flaky from our internal network; retry a few times retry=0 until gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"; do retry=$((retry + 1)) if [ $retry -eq 10 ]; then echo "Repeatedly failed to retrieve key, giving up." >&2 exit 1 fi sleep 5 done done curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz" curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c - tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1 rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt fi # Final tweaks rm -rf /var/log/journal/* # RHEL 7 does not enable systemd-coredump by default, later versions do if ! grep -qr core_pattern /usr/lib/sysctl.d/; then echo "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e" > /etc/sysctl.d/50-coredump.conf fi # Prevent SSH from hanging for a long time when no external network access echo 'UseDNS no' >> /etc/ssh/sshd_config # Audit events to the journal if [ ! -f /root/.keep-audit ]; then rm -f '/etc/systemd/system/multi-user.target.wants/auditd.service' rm -rf /var/log/audit/ else echo "Keeping audit enabled as /root/.keep-audit exists" fi