415 lines
13 KiB
Bash
Executable file
415 lines
13 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
set -e
|
|
IMAGE="$1"
|
|
|
|
YUM_INSTALL="yum --setopt=skip_missing_names_on_install=False -y install"
|
|
|
|
# HACK - virt-resize might not be able to resize our xfs rootfs,
|
|
# depending on how it was compiled and which plugins are installed,
|
|
# and will just silently not do it. So we do it here.
|
|
#
|
|
df --output=source,fstype / | tail -n1 | while read source fstype; do
|
|
case $fstype in
|
|
ext*)
|
|
resize2fs $source
|
|
;;
|
|
xfs*)
|
|
xfs_growfs /
|
|
;;
|
|
esac
|
|
done
|
|
|
|
df -Th /
|
|
|
|
# If the file /root/.skip_repos is present on the machine,
|
|
# all actions regarding the repositories will be skipped:
|
|
# subscriptions, adding repos, deleting existing entries
|
|
SKIP_REPO_FLAG="/root/.skip_repos"
|
|
|
|
# Only start logging here. Otherwise the subscription credentials
|
|
# appear in the output above.
|
|
#
|
|
set -x
|
|
|
|
if [ ! -f "$SKIP_REPO_FLAG" ]; then
|
|
# Configure repositories.
|
|
|
|
if [ "$IMAGE" = "rhel-7-7" ]; then
|
|
# disable all default repos
|
|
rm -f --verbose /etc/yum.repos.d/*.repo
|
|
cat <<EOF > /etc/yum.repos.d/internal.repo
|
|
[RHEL-7.7]
|
|
name=base-rhel
|
|
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/os
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[EXTRAS-7.7-LATEST]
|
|
name=rhel-extras-compose
|
|
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/os/
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[RHEL-7.7-DEBUG]
|
|
name=base-rhel-debug
|
|
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-7/rel-eng/latest-RHEL-7.7/compose/Server/x86_64/debug/tree/
|
|
enabled=0
|
|
gpgcheck=0
|
|
|
|
[EXTRAS-7.7-DEBUG]
|
|
name=rhel-extras-compose-debug
|
|
baseurl=http://download.devel.redhat.com/rhel-7/rel-eng/latest-EXTRAS-7.7-RHEL-7/compose/Server/x86_64/debug/tree/
|
|
enabled=0
|
|
gpgcheck=0
|
|
EOF
|
|
$YUM_INSTALL yum-utils
|
|
|
|
elif [ "$IMAGE" = "rhel-7-8" ]; then
|
|
# disable all default repos
|
|
rm -f --verbose /etc/yum.repos.d/*.repo
|
|
cat <<EOF > /etc/yum.repos.d/nightly.repo
|
|
[RHEL-7.8]
|
|
name=base-rhel
|
|
baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/os
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[EXTRAS-7.8]
|
|
name=rhel-extras-compose
|
|
baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/os
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[RHEL-7.8-DEBUG]
|
|
name=base-rhel-debug
|
|
baseurl=http://download.devel.redhat.com/nightly/latest-RHEL-7/compose/Server/x86_64/debug/tree
|
|
enabled=0
|
|
gpgcheck=0
|
|
|
|
[EXTRAS-7.8-DEBUG]
|
|
name=rhel-extras-compose-debug
|
|
baseurl=http://download.devel.redhat.com/rhel-7/nightly/EXTRAS-7/latest-EXTRAS-7.8-RHEL-7/compose/Server/x86_64/debug/tree
|
|
enabled=0
|
|
gpgcheck=0
|
|
EOF
|
|
$YUM_INSTALL yum-utils
|
|
|
|
elif [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
|
|
case "$IMAGE" in
|
|
rhel-8-0) REPO="latest-RHEL-8.0" ;;
|
|
rhel-8-1) REPO="latest-RHEL-8.1" ;;
|
|
*) echo "Unknown image $IMAGE"; exit 1
|
|
esac
|
|
cat <<EOF > /etc/yum.repos.d/nightly.repo
|
|
[RHEL-8-NIGHTLY-BaseOS]
|
|
name=baseos
|
|
baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/os/
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[RHEL-8-NIGHTLY-AppStream]
|
|
name=appstream
|
|
baseurl=http://download.devel.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/os/
|
|
enabled=1
|
|
gpgcheck=0
|
|
|
|
[RHEL-8-NIGHTLY-BaseOS-Debug]
|
|
name=baseos-debug
|
|
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/BaseOS/x86_64/debug/tree/
|
|
enabled=0
|
|
gpgcheck=0
|
|
|
|
[RHEL-8-NIGHTLY-AppStream-Debug]
|
|
name=appstream-debug
|
|
baseurl=http://download-ipv4.eng.brq.redhat.com/rhel-8/nightly/RHEL-8/$REPO/compose/AppStream/x86_64/debug/tree/
|
|
enabled=0
|
|
gpgcheck=0
|
|
EOF
|
|
# make ipa-client available
|
|
dnf module enable -y idm:client
|
|
fi
|
|
|
|
if [ "${IMAGE#rhel-7*}" != "$IMAGE" ]; then
|
|
# the following don't necessarily need to work
|
|
yum-config-manager --disable rhel-sjis-for-rhel-7-server-rpms || true
|
|
yum-config-manager --disable rhel-7-server-htb-rpms || true
|
|
yum-config-manager --disable rhel-7-server-rt-beta-rpms || true
|
|
fi
|
|
fi
|
|
|
|
yum --nogpgcheck -y update
|
|
|
|
echo foobar | passwd --stdin root
|
|
|
|
# We install all dependencies of the cockpit packages since we want
|
|
# them to not spontaneously change from one test run to the next when
|
|
# the distribution repository is updated.
|
|
COCKPIT_DEPS="\
|
|
atomic \
|
|
device-mapper-multipath \
|
|
docker \
|
|
glib-networking \
|
|
json-glib \
|
|
kexec-tools \
|
|
libssh \
|
|
libvirt-client \
|
|
libvirt-daemon-kvm \
|
|
NetworkManager-team \
|
|
openssl \
|
|
PackageKit \
|
|
pcp-libs \
|
|
pcp \
|
|
realmd \
|
|
redhat-logos \
|
|
selinux-policy-targeted \
|
|
setroubleshoot-server \
|
|
subscription-manager \
|
|
sos \
|
|
tuned \
|
|
udisks2 \
|
|
udisks2-lvm2 \
|
|
udisks2-iscsi \
|
|
"
|
|
|
|
# We also install the packages necessary to join a FreeIPA domain so
|
|
# that we don't have to go to the network during a test run.
|
|
# on epel/rhel we have ipa-client instead of freeipa-client
|
|
IPA_CLIENT_PACKAGES="\
|
|
ipa-client \
|
|
oddjob \
|
|
oddjob-mkhomedir \
|
|
sssd \
|
|
sssd-dbus \
|
|
"
|
|
|
|
TEST_PACKAGES="\
|
|
valgrind \
|
|
gdb \
|
|
nmap-ncat \
|
|
targetcli \
|
|
yum-utils \
|
|
virt-install \
|
|
libvirt-daemon-config-network \
|
|
cryptsetup \
|
|
qemu-kvm \
|
|
socat \
|
|
vdo \
|
|
kmod-kvdo \
|
|
dracut-fips \
|
|
clevis-luks \
|
|
tang \
|
|
boom-boot \
|
|
"
|
|
|
|
if [ "$IMAGE" = "centos-7" ]; then
|
|
COCKPIT_DEPS="${COCKPIT_DEPS/redhat-logos/}"
|
|
fi
|
|
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "$IMAGE" == "centos-7" ]; then
|
|
COCKPIT_DEPS="$COCKPIT_DEPS kubernetes-client"
|
|
fi
|
|
if [ "$IMAGE" = "rhel-7-7" ]; then
|
|
COCKPIT_DEPS="$COCKPIT_DEPS libvirt-dbus"
|
|
fi
|
|
if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then
|
|
# needed for composer testing
|
|
TEST_PACKAGES="${TEST_PACKAGES} gcc-c++ lorax-composer"
|
|
fi
|
|
if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
|
|
TEST_PACKAGES="${TEST_PACKAGES/yum-utils/dnf-utils}"
|
|
TEST_PACKAGES="${TEST_PACKAGES} dnf-automatic"
|
|
# Atomic/docker are not on RHEL 8
|
|
COCKPIT_DEPS="${COCKPIT_DEPS/atomic /}"
|
|
COCKPIT_DEPS="${COCKPIT_DEPS/docker /}"
|
|
COCKPIT_DEPS="${COCKPIT_DEPS} podman"
|
|
COCKPIT_DEPS="${COCKPIT_DEPS} libvirt-dbus"
|
|
TEST_PACKAGES="${TEST_PACKAGES} libvirt-daemon-config-network"
|
|
# Install node for external Composer tests, they use our rhel-* images
|
|
TEST_PACKAGES="${TEST_PACKAGES} nodejs"
|
|
TEST_PACKAGES="${TEST_PACKAGES} subscription-manager-cockpit"
|
|
# Install insights-client for external subscription-manager tests
|
|
TEST_PACKAGES="${TEST_PACKAGES} insights-client"
|
|
fi
|
|
|
|
# in RHEL/CentOS 7, boom is shipped in a different package
|
|
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then
|
|
TEST_PACKAGES="${TEST_PACKAGES/boom-boot/lvm2-python-boom}"
|
|
fi
|
|
|
|
pkgs="$TEST_PACKAGES $COCKPIT_DEPS $IPA_CLIENT_PACKAGES"
|
|
$YUM_INSTALL $pkgs
|
|
|
|
# Pre-install cockpit packages from base preinstalled, to check for API breakages
|
|
# and more convenient interactive debugging
|
|
if [ "${IMAGE#rhel-7}" != "$IMAGE" ] || [ "${IMAGE#centos-7}" != "$IMAGE" ] ; then
|
|
$YUM_INSTALL cockpit
|
|
else
|
|
# >= 8 supports weak dependencies
|
|
sudo dnf --setopt=install_weak_deps=False install -y cockpit
|
|
fi
|
|
|
|
# For debugging udisks/storaged crashes
|
|
debuginfo-install -y udisks2
|
|
|
|
# Prepare for building
|
|
|
|
# only install mock and build if DO_BUILD is 1
|
|
if [ "$DO_BUILD" -eq 1 ]; then
|
|
if [ "${IMAGE#rhel-8*}" != "$IMAGE" ]; then
|
|
# no EPEL for rhel-8-0 yet, so install mock from Fedora 28
|
|
dnf install -y rpm-build
|
|
|
|
cat <<EOF > /etc/yum.repos.d/fedora.repo
|
|
[fedora]
|
|
name=Fedora 28 - \$basearch
|
|
baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/28/Everything/\$basearch/os/
|
|
enabled=1
|
|
gpgcheck=0
|
|
EOF
|
|
dnf install -y --setopt=install_weak_deps=False mock
|
|
rm /etc/yum.repos.d/fedora.repo
|
|
|
|
case "$IMAGE" in
|
|
rhel-8-0) REPO="rhel-8.0.0-build" ;;
|
|
rhel-8-1) REPO="rhel-8.1.0-build" ;;
|
|
*) echo "Unknown image $IMAGE"; exit 1
|
|
esac
|
|
|
|
cat <<EOF > /etc/mock/default.cfg
|
|
config_opts['chroothome'] = '/builddir'
|
|
config_opts['use_host_resolv'] = False
|
|
config_opts['basedir'] = '/var/lib/mock'
|
|
config_opts['rpmbuild_timeout'] = 86400
|
|
config_opts['yum.conf'] = '[main]\\ncachedir=/var/cache/yum\\ndebuglevel=1\\nlogfile=/var/log/yum.log\\nreposdir=/dev/null\\nretries=20\\nobsoletes=1\\ngpgcheck=0\\nassumeyes=1\\nkeepcache=1\\ninstall_weak_deps=0\\nstrict=1\\n\\n# repos\\n\\n[build]\\nname=build\\nbaseurl=http://download.devel.redhat.com/brewroot/repos/$REPO/latest/x86_64/\\n'
|
|
config_opts['chroot_setup_cmd'] = 'groupinstall build'
|
|
config_opts['target_arch'] = 'x86_64'
|
|
config_opts['root'] = u'rhel-8-candidate-x86_64'
|
|
|
|
config_opts['macros']['%_topdir'] = '/builddir/build'
|
|
config_opts['macros']['%_rpmfilename'] = '%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm'
|
|
EOF
|
|
else
|
|
# enable epel for mock
|
|
if [ ! -f "$SKIP_REPO_FLAG" ]; then
|
|
mkdir /tmp/dep
|
|
cd /tmp/dep
|
|
$YUM_INSTALL wget
|
|
wget -T 15 -t 4 http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
|
|
yum -y remove wget
|
|
rpm -Uvh epel-release-*.rpm
|
|
cd
|
|
rm -rf /tmp/dep
|
|
fi
|
|
|
|
$YUM_INSTALL rpm-build mock
|
|
|
|
# disable epel again
|
|
yum-config-manager --disable 'epel*'
|
|
fi
|
|
|
|
useradd -c Builder -G mock builder
|
|
opsys=$(cut -d '-' -f 1 <<< "$IMAGE")
|
|
version=$(cut -d '-' -f 2 <<< "$IMAGE")
|
|
su builder -c "/usr/bin/mock --verbose -i $(/var/lib/testvm/build-deps.sh "$opsys $version")"
|
|
su builder -c "/usr/bin/mock --install --verbose rpmlint"
|
|
fi
|
|
|
|
yum clean all || true
|
|
|
|
# For the D-Bus test server
|
|
if type "firewall-cmd" >/dev/null 2>&1; then
|
|
FIREWALL_STATE=$(firewall-cmd --state || true)
|
|
if [ "$FIREWALL_STATE" == "running" ]; then
|
|
firewall-cmd --permanent --add-port 8765/tcp
|
|
fi
|
|
fi
|
|
|
|
echo 'NETWORKING=yes' > /etc/sysconfig/network
|
|
|
|
useradd -c Administrator -G wheel admin
|
|
echo foobar | passwd --stdin admin
|
|
|
|
# To enable persistent logging
|
|
mkdir -p /var/log/journal
|
|
|
|
if type "docker" >/dev/null 2>&1; then
|
|
# HACK: docker falls over regularly, print its log if it does
|
|
systemctl start docker || journalctl -u docker
|
|
|
|
# docker images that we need for integration testing
|
|
/var/lib/testvm/docker-images.setup
|
|
fi
|
|
|
|
/var/lib/testvm/zero-disk.setup --keep-mock-cache
|
|
|
|
# HACK - kdump.service interferes with our storage tests, by loading
|
|
# the system for some time after boot and thereby causing a race
|
|
# between parted and udevd to turn out for the worse. Disabling
|
|
# kdump.service helps somewhat, but the race is still there, and
|
|
# parted still fails occasionally.
|
|
#
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1245144
|
|
# Fixed in parted-3.1-23.el7
|
|
#
|
|
systemctl disable kdump.service
|
|
|
|
# Install node for external Composer tests, they use our rhel-* images
|
|
if [ "${IMAGE#rhel-7}" != "$IMAGE" ]; then
|
|
NODE_VERSION="8.12.0"
|
|
# key 7E37093B: public key "Christopher Dickinson <christopher.s.dickinson@gmail.com>" imported
|
|
# key DBE9B9C5: public key "Colin Ihrig <cjihrig@gmail.com>" imported
|
|
# key D2306D93: public key "keybase.io/octetcloud <octetcloud@keybase.io>" imported
|
|
# key 4EB7990E: public key "Jeremiah Senkpiel <fishrock123@rocketmail.com>" imported
|
|
# key 7EDE3FC1: public key "keybase.io/jasnell <jasnell@keybase.io>" imported
|
|
# key 7D83545D: public key "Rod Vagg <rod@vagg.org>" imported
|
|
# key 4C206CA9: public key "Evan Lucas <evanlucas@me.com>" imported
|
|
# key CC11F4C8: public key "Myles Borins <myles.borins@gmail.com>" imported
|
|
|
|
for key in \
|
|
9554F04D7259F04124DE6B476D5A82AC7E37093B \
|
|
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
|
|
0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93 \
|
|
FD3A5288F042B6850C66B31F09FE44734EB7990E \
|
|
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
|
|
DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
|
|
B9AE9905FFD7803F25714661B63B535A4C206CA9 \
|
|
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
|
|
; do
|
|
# this is very flaky from our internal network; retry a few times
|
|
retry=0
|
|
until gpg --keyserver pool.sks-keyservers.net --recv-keys "$key"; do
|
|
retry=$((retry + 1))
|
|
if [ $retry -eq 10 ]; then
|
|
echo "Repeatedly failed to retrieve key, giving up." >&2
|
|
exit 1
|
|
fi
|
|
sleep 5
|
|
done
|
|
done
|
|
|
|
curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-x64.tar.xz"
|
|
curl -SLO "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"
|
|
gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc
|
|
grep " node-v$NODE_VERSION-linux-x64.tar.xz\$" SHASUMS256.txt | sha256sum -c -
|
|
tar -xJf "node-v$NODE_VERSION-linux-x64.tar.xz" -C /usr/local --strip-components=1
|
|
rm "node-v$NODE_VERSION-linux-x64.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt
|
|
fi
|
|
|
|
# Final tweaks
|
|
|
|
rm -rf /var/log/journal/*
|
|
# RHEL 7 does not enable systemd-coredump by default, later versions do
|
|
if ! grep -qr core_pattern /usr/lib/sysctl.d/; then
|
|
echo "kernel.core_pattern=|/usr/lib/systemd/systemd-coredump %p %u %g %s %t %e" > /etc/sysctl.d/50-coredump.conf
|
|
fi
|
|
|
|
# Prevent SSH from hanging for a long time when no external network access
|
|
echo 'UseDNS no' >> /etc/ssh/sshd_config
|
|
|
|
# Audit events to the journal
|
|
if [ ! -f /root/.keep-audit ]; then
|
|
rm -f '/etc/systemd/system/multi-user.target.wants/auditd.service'
|
|
rm -rf /var/log/audit/
|
|
else
|
|
echo "Keeping audit enabled as /root/.keep-audit exists"
|
|
fi
|