From 051af130e19e2e341477ed842271963d172cc1c9 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 1 Oct 2025 15:57:53 +0900 Subject: [PATCH] CI: add AlmaLinux 8 VM for cgroup v1 testing Fix issue 3942 Signed-off-by: Akihiro Suda --- .github/workflows/vm.yaml | 38 +++++++++++++++++++++--------- hack/ci/init-fedora.sh | 18 -------------- hack/ci/init-vm.sh | 49 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+), 29 deletions(-) delete mode 100755 hack/ci/init-fedora.sh create mode 100755 hack/ci/init-vm.sh diff --git a/.github/workflows/vm.yaml b/.github/workflows/vm.yaml index 08e84190..d3ac269d 100644 --- a/.github/workflows/vm.yaml +++ b/.github/workflows/vm.yaml @@ -13,20 +13,36 @@ permissions: jobs: vm: - # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc. - name: "CGroupv2 (Fedora)" + name: "VM" runs-on: ubuntu-24.04 timeout-minutes: 30 strategy: fail-fast: false matrix: - provider: [docker, podman] - rootless: ["rootful", "rootless"] + include: + # Fedora is different from Ubuntu in LSM (SELinux), filesystem (btrfs), kernel version, etc. + - template: fedora + provider: docker + rootless: rootful + - template: fedora + provider: docker + rootless: rootless + - template: fedora + provider: podman + rootless: rootful + - template: fedora + provider: podman + rootless: rootless + # AlmaLinux 8 is used for testing kind with cgroup v1. + # Do not upgrade this to AlmaLinux 9 until dropping cgroup v1 support. + - template: almalinux-8 + provider: docker + rootless: rootful env: KIND_EXPERIMENTAL_PROVIDER: "${{ matrix.provider }}" ROOTLESS: "${{ matrix.rootless }}" HELPER: "./hack/ci/lima-helper.sh" - JOB_NAME: "cgroup2-${{ matrix.provider }}-${{ matrix.rootless }}" + JOB_NAME: "vm-${{ matrix.template }}-${{ matrix.provider }}-${{ matrix.rootless }}" steps: - name: Check out code uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 @@ -51,24 +67,24 @@ jobs: uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: ~/.cache/lima - key: lima-${{ steps.lima-actions-setup.outputs.version }} + key: lima-${{ steps.lima-actions-setup.outputs.version }}-${{ matrix.template }} - - name: "Start Fedora" + - name: "Start VM" # --plain is set to disable file sharing, port forwarding, built-in containerd, etc. - run: limactl start --name=default --plain template://fedora + run: limactl start --name=default --plain template://${{ matrix.template }} - - name: "Initialize Fedora" + - name: "Initialize VM" run: | set -eux -o pipefail # Sync the current directory to /tmp/kind in the guest limactl cp -r . default:/tmp/kind # Install packages - lima sudo /tmp/kind/hack/ci/init-fedora.sh + lima sudo /tmp/kind/hack/ci/init-vm.sh # Enable systemd lingering for rootless lima sudo loginctl enable-linger "$USER" # Install kind lima sudo git config --global --add safe.directory /tmp/kind - lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/local/bin + lima sudo make -C /tmp/kind install INSTALL_DIR=/usr/bin - name: Set up Rootless Docker if: ${{ matrix.provider == 'docker' && matrix.rootless == 'rootless' }} diff --git a/hack/ci/init-fedora.sh b/hack/ci/init-fedora.sh deleted file mode 100755 index 8574e6a8..00000000 --- a/hack/ci/init-fedora.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -set -eux -o pipefail -# Ensure network-related modules to be loaded -modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat - -# The moby-engine package included in Fedora lacks support for rootless, -# So we need to install docker-ce and docker-ce-rootless-extras from the upstream. -curl -fsSL https://get.docker.com | sh -dnf install -y golang-go make kubernetes-client podman docker-ce-rootless-extras -systemctl enable --now docker - -# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/ -mkdir -p "/etc/systemd/system/user@.service.d" -cat <"/etc/systemd/system/user@.service.d/delegate.conf" -[Service] -Delegate=yes -EOF -systemctl daemon-reload diff --git a/hack/ci/init-vm.sh b/hack/ci/init-vm.sh new file mode 100755 index 00000000..84a825a4 --- /dev/null +++ b/hack/ci/init-vm.sh @@ -0,0 +1,49 @@ +#!/bin/bash +set -eux -o pipefail +# Ensure network-related modules to be loaded +modprobe tap ip_tables iptable_nat ip6_tables ip6table_nat + +# The moby-engine package included in Fedora lacks support for rootless, +# So we need to install docker-ce and docker-ce-rootless-extras from the upstream. +DNF_REPO="" +INSTALL_PODMAN="1" +if grep -q centos /etc/os-release; then + # Works with Rocky and Alma too + DNF_REPO="https://download.docker.com/linux/centos/docker-ce.repo" + if grep -q el8 /etc/os-release; then + # podman seems to conflict with docker-ce on EL8 + INSTALL_PODMAN="" + fi +elif grep -q fedora /etc/os-release; then + DNF_REPO="https://download.docker.com/linux/fedora/docker-ce.repo" +else + echo >&2 "Unsupported OS" + exit 1 +fi +DNF="dnf" +if command -v dnf5 &>/dev/null; then + # DNF 5 (Fedora 41 or later) + DNF="dnf5" + "$DNF" config-manager addrepo --from-repofile="${DNF_REPO}" +else + # DNF 4 + "$DNF" config-manager --add-repo="${DNF_REPO}" +fi +"$DNF" install -y git golang make docker-ce docker-ce-rootless-extras +systemctl enable --now docker +if [ -n "${INSTALL_PODMAN}" ]; then + "$DNF" install -y podman +fi + +# Install kubectl +GOARCH="$(uname -m | sed -e 's/aarch64/arm64/' -e 's/x86_64/amd64/')" +curl -L -o /usr/bin/kubectl "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${GOARCH}/kubectl" +chmod +x /usr/bin/kubectl + +# Configuration for rootless: https://kind.sigs.k8s.io/docs/user/rootless/ +mkdir -p "/etc/systemd/system/user@.service.d" +cat <"/etc/systemd/system/user@.service.d/delegate.conf" +[Service] +Delegate=yes +EOF +systemctl daemon-reload