From c5e266769c894c294700614a3a81be7ea292c098 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 16:59:46 -0400 Subject: [PATCH 01/40] Revert "github: workaround bug with needrestart (LP: #2067800)" This reverts commit c60bb945a5722994479724101ddbc69157a13a5e. GitHub fixed their base images. Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 4efd4731a..f98e38f0e 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -160,18 +160,6 @@ jobs: sudo ip link delete docker0 sudo nft flush ruleset - - name: Remove needrestart - run: | - # XXX: workaround https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2067800 - # needrestart restarting runner-provisioner.service causes an immediate job failure: - # - #Restarting services... - # /etc/needrestart/restart.d/systemd-manager - # systemctl restart packagekit.service php8.3-fpm.service runner-provisioner.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-udevd.service udisks2.service walinuxagent.service - #Terminated - #++ cleanup - sudo apt-get autopurge -y needrestart - - name: Checkout uses: actions/checkout@v4 From 101784abde82f00cab814710e8764c7bf497fd15 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 16:52:34 -0400 Subject: [PATCH 02/40] bin/helpers: 4.0 doesn't support listing on --all-projects Signed-off-by: Simon Deziel --- bin/helpers | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/helpers b/bin/helpers index b47bc9731..4624f3a1c 100644 --- a/bin/helpers +++ b/bin/helpers @@ -234,7 +234,7 @@ cleanup() { # Report some more information for diagnostic purposes snap list lxd uname -a - lxc list --all-projects + lxc list --all-projects || lxc list # LXD daemon logs echo "::group::lxd logs" From 355849bec8b1c75b5151c0b1df67d98f7a6cb2ac Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 15:09:48 -0400 Subject: [PATCH 03/40] bin/helpers: add ubuntu-minimal remotes if needed Signed-off-by: Simon Deziel --- bin/helpers | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bin/helpers b/bin/helpers index 4624f3a1c..10c3b1443 100644 --- a/bin/helpers +++ b/bin/helpers @@ -148,7 +148,6 @@ install_lxd() ( else snap remove lxd || true fi - snap install lxd --channel="${LXD_SNAP_CHANNEL}" snap list lxd uname -a @@ -165,6 +164,12 @@ install_lxd() ( cp "${LXD_SIDELOAD_PATH}" /var/snap/lxd/common/lxd.debug systemctl start snap.lxd.daemon fi + + # TODO remove once 4.0.10 is in 4.0/stable + if [ "$(lxc remote list -f csv | grep -cwF "minimal")" -lt 2 ]; then + lxc remote add ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/ --protocol simplestreams || true + lxc remote add ubuntu-minimal-daily https://cloud-images.ubuntu.com/minimal/daily/ --protocol simplestreams || true + fi ) # hasNeededAPIExtension: check if LXD supports the needed extension. From 4603f24a828ccd4453dd211e82c5af4299f17ed9 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 16:48:24 -0400 Subject: [PATCH 04/40] tests/container: add ubuntu-minimal remotes to nested ctn Signed-off-by: Simon Deziel --- tests/container | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/container b/tests/container index 15996f5ac..3f3a9f8ae 100755 --- a/tests/container +++ b/tests/container @@ -98,6 +98,12 @@ for release in 20.04 22.04 24.04; do isSystemdClean n1 || ignore_known_issues "nesting" lxc exec n1 -- snap install lxd --channel="${LXD_SNAP_CHANNEL}" lxc exec n1 -- lxd init --auto + + # 4.0/* doesn't have ubuntu-minimal remotes + if [ "$(lxc exec n1 -- lxc remote list -f csv | grep -cwF "minimal")" -lt 2 ]; then + lxc exec n1 -- lxc remote add ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/ --protocol simplestreams || true + lxc exec n1 -- lxc remote add ubuntu-minimal-daily https://cloud-images.ubuntu.com/minimal/daily/ --protocol simplestreams || true + fi lxc exec n1 -- lxc launch "${IMAGE}" n11 sleep 5 [ "$(lxc exec n1 -- lxc exec n11 -- systemctl --quiet --failed)" = "" ] || ignore_known_issues "nested" From dde56db26f6b75f5b7f1c411b3f6e2575a97b899 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:16:39 -0400 Subject: [PATCH 05/40] tests/cluster: add minimal remotes for 4.0/stable Signed-off-by: Simon Deziel --- tests/cluster | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/cluster b/tests/cluster index 1587b1aa8..7191159b9 100755 --- a/tests/cluster +++ b/tests/cluster @@ -73,6 +73,12 @@ cluster: cluster_token: "${TOKEN}" EOF fi + + # add minimal remotes if needed (TODO: remove once 4.0.10 is in 4.0/stable) + if [ "$(lxc exec "${PREFIX}-$i" -- lxc remote list -f csv | grep -cwF "minimal")" -lt 2 ]; then + lxc exec "${PREFIX}-$i" -- lxc remote add ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/ --protocol simplestreams || true + lxc exec "${PREFIX}-$i" -- lxc remote add ubuntu-minimal-daily https://cloud-images.ubuntu.com/minimal/daily/ --protocol simplestreams || true + fi done echo "==> Validating the cluster" From 66158e65ac74c6055346b41021263370caf2a76b Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 14:36:31 -0400 Subject: [PATCH 06/40] github: tune docker firewall disablement to work on 20.04 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f98e38f0e..46e04d973 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -158,7 +158,7 @@ jobs: set -eux sudo apt-get autopurge -y containerd.io docker-ce podman uidmap sudo ip link delete docker0 - sudo nft flush ruleset + sudo nft flush ruleset || sudo iptables -I DOCKER-USER -j ACCEPT - name: Checkout uses: actions/checkout@v4 From 7e5dd1790f36bfecc7b8cb69730884e5c5e3f433 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 13:30:54 -0400 Subject: [PATCH 07/40] github: tune matrix to exclude some tests on 5.0/stable Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 46e04d973..3d4299fa2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -112,9 +112,13 @@ jobs: os: "24.04" - test: efi-vars-editor-vm # not compatible with 5.0/* track: "5.0/edge" + - test: efi-vars-editor-vm # not compatible with 5.0/* + track: "5.0/stable" - test: "storage-vm ceph" # waiting for integration with microceph - track: "5.0/edge" os: "24.04" + - track: "5.0/stable" + os: "24.04" - track: "latest/edge" os: "22.04" From 80eaadb408f085720318b8fdad7b1b608ded8411 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 15:23:17 -0400 Subject: [PATCH 08/40] tests/interception: check for API support for bpf.devices Signed-off-by: Simon Deziel --- tests/interception | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/interception b/tests/interception index 3785b41f2..b5f52b86c 100755 --- a/tests/interception +++ b/tests/interception @@ -47,11 +47,11 @@ lxc exec c1 -- mknod /dev/mknod-test c 1 3 lxc exec c1 -- mknod /root/mknod-test1 c 1 3 ## bpf (needs 5.9 or higher) -if runsMinimumKernel 5.9; then +if runsMinimumKernel 5.9 && hasNeededAPIExtension container_syscall_intercept_bpf_devices; then lxc config set c1 security.syscalls.intercept.bpf=true security.syscalls.intercept.bpf.devices=true lxc restart c1 -f else - echo "Skipping security.syscalls.intercept.bpf config as the kernel is too old" + echo "Skipping security.syscalls.intercept.bpf config as the kernel is too old or LXD support missing" fi ## mount From 9ad64ae522d6a854dc9cf55352befb6589d3d1ec Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 15:29:47 -0400 Subject: [PATCH 09/40] tests/network-routed: compat with 4.0 missing support for cloud-init.network-config Signed-off-by: Simon Deziel --- tests/network-routed | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/network-routed b/tests/network-routed index e59cc110b..08cebe5cb 100755 --- a/tests/network-routed +++ b/tests/network-routed @@ -32,7 +32,11 @@ lxc config device add v1 eth0 nic \ ipv4.address=192.0.2.2,192.0.2.3 \ ipv6.address=2001:db8::2,2001:db8::3 -lxc config set v1 cloud-init.network-config - << EOF +NET_CONFIG_KEY="cloud-init.network-config" +if ! hasNeededAPIExtension cloud_init; then + NET_CONFIG_KEY="user.network-config" +fi +lxc config set v1 "${NET_CONFIG_KEY}" - << EOF network: version: 2 ethernets: From 6b90d77af86f78d8ebb2802088e977d517138a73 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 16:34:42 -0400 Subject: [PATCH 10/40] github: exclude tests incompat with 4.0/* Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 3d4299fa2..5adc30526 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -114,6 +114,14 @@ jobs: track: "5.0/edge" - test: efi-vars-editor-vm # not compatible with 5.0/* track: "5.0/stable" + - test: efi-vars-editor-vm # not compatible with 4.0/* + track: "4.0/edge" + - test: efi-vars-editor-vm # not compatible with 4.0/* + track: "4.0/stable" + - test: storage-buckets # not compatible with 4.0/* + track: "4.0/edge" + - test: storage-buckets # not compatible with 4.0/* + track: "4.0/stable" - test: "storage-vm ceph" # waiting for integration with microceph - track: "5.0/edge" os: "24.04" From 209b13d96daef69e5cc5eeb6e7ae701d6a38f0db Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 17:25:43 -0400 Subject: [PATCH 11/40] tests/container: skip 24.04 container tests on `4.0/*` Signed-off-by: Simon Deziel --- tests/container | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/container b/tests/container index 3f3a9f8ae..26ed656bb 100755 --- a/tests/container +++ b/tests/container @@ -76,6 +76,11 @@ ignore_known_issues() { } for release in 20.04 22.04 24.04; do + if [ "${release}" = "24.04" ] && echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + echo "Skip 24.04 container tests on ${LXD_SNAP_CHANNEL}" + continue + fi + IMAGE="ubuntu-minimal-daily:${release}" echo "==> unprivileged container (${release})" From f7998ee9c2b3732a5944358dd0219b9ccbdcedec Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 17:50:16 -0400 Subject: [PATCH 12/40] tests/cluster: `4.0/*` doesn't support --quiet token Signed-off-by: Simon Deziel --- tests/cluster | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/cluster b/tests/cluster index 7191159b9..4d196f635 100755 --- a/tests/cluster +++ b/tests/cluster @@ -60,7 +60,12 @@ for i in $(seq "${SIZE}"); do MEMBER_IP=$(lxc exec "${PREFIX}-$i" -- ip -4 addr show dev eth0 scope global | grep inet | cut -d' ' -f6 | cut -d/ -f1) # Get a join token - TOKEN="$(lxc exec "${PREFIX}-1" -- lxc cluster add --quiet "${PREFIX}-${i}")" + if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + # 4.0 doesn't support --quiet + TOKEN="$(lxc exec "${PREFIX}-1" -- lxc cluster add "${PREFIX}-${i}" | tail -n1)" + else + TOKEN="$(lxc exec "${PREFIX}-1" -- lxc cluster add --quiet "${PREFIX}-${i}")" + fi lxc exec "${PREFIX}-$i" -- lxd init --preseed << EOF cluster: From cb60e916395eef483da32e2c4e56a11c254a1419 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:44:15 -0400 Subject: [PATCH 13/40] tests/cluster: conditional testing of project restricted certs Signed-off-by: Simon Deziel --- tests/cluster | 86 +++++++++++++++++++++++++++++++-------------------- 1 file changed, 53 insertions(+), 33 deletions(-) diff --git a/tests/cluster b/tests/cluster index 4d196f635..7cffc10ab 100755 --- a/tests/cluster +++ b/tests/cluster @@ -106,35 +106,51 @@ lxc exec "${PREFIX}-1" -- timeout 30s bash -c "grep -m1 ^SSH < /dev/tcp/${U2_IPV tmp_cert_dir="$(mktemp -d)" -echo "==> Add restricted and unrestricted certificates" +if hasNeededAPIExtension certificate_project; then + TEST_RESTRICTED=1 +else + echo "Skipping restricted certificate test, not supported" + TEST_RESTRICTED=0 +fi + +echo "==> Add unrestricted certificate" createCertificateAndKey "${tmp_cert_dir}/cert.key" "${tmp_cert_dir}/cert.crt" "cert.local" -createCertificateAndKey "${tmp_cert_dir}/cert-restricted.key" "${tmp_cert_dir}/cert-restricted.crt" "cert-restricted.local" lxc config trust add "${tmp_cert_dir}/cert.crt" -lxc config trust add "${tmp_cert_dir}/cert-restricted.crt" --restricted --projects default unrestricted_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/cert.crt")" -restricted_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/cert-restricted.crt")" -echo "==> Check the certificates for its permissions" +if [ "${TEST_RESTRICTED}" = "1" ]; then + echo "==> Add restricted certificate" + createCertificateAndKey "${tmp_cert_dir}/cert-restricted.key" "${tmp_cert_dir}/cert-restricted.crt" "cert-restricted.local" + lxc config trust add "${tmp_cert_dir}/cert-restricted.crt" --restricted --projects default + restricted_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/cert-restricted.crt")" +fi + +echo "==> Check the certificates for their permissions" lxc query "/1.0/certificates/${unrestricted_fingerprint}" | jq -r ".restricted" | grep -xF false lxc query "/1.0/certificates/${unrestricted_fingerprint}" | jq -r ".type" | grep -xF client -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".restricted" | grep -xF true -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".type" | grep -xF client -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".projects[0]" | grep -xF default - -echo "==> Add restricted and unrestricted metrics certificates" -createCertificateAndKey "${tmp_cert_dir}/metrics.key" "${tmp_cert_dir}/metrics.crt" "metrics.local" -createCertificateAndKey "${tmp_cert_dir}/metrics-restricted.key" "${tmp_cert_dir}/metrics-restricted.crt" "metrics-restricted.local" -lxc config trust add "${tmp_cert_dir}/metrics.crt" --type metrics -lxc config trust add "${tmp_cert_dir}/metrics-restricted.crt" --type metrics --restricted --projects default -unrestricted_metrics_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/metrics.crt")" -restricted_metrics_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/metrics-restricted.crt")" - -echo "==> Check the metrics certificates for its permissions" -lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF false -lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF true -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".projects[0]" | grep -xF default + +if [ "${TEST_RESTRICTED}" = "1" ]; then + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".restricted" | grep -xF true + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".type" | grep -xF client + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".projects[0]" | grep -xF default +fi + +if [ "${TEST_RESTRICTED}" = "1" ]; then + echo "==> Add restricted and unrestricted metrics certificates" + createCertificateAndKey "${tmp_cert_dir}/metrics.key" "${tmp_cert_dir}/metrics.crt" "metrics.local" + createCertificateAndKey "${tmp_cert_dir}/metrics-restricted.key" "${tmp_cert_dir}/metrics-restricted.crt" "metrics-restricted.local" + lxc config trust add "${tmp_cert_dir}/metrics.crt" --type metrics + lxc config trust add "${tmp_cert_dir}/metrics-restricted.crt" --type metrics --restricted --projects default + unrestricted_metrics_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/metrics.crt")" + restricted_metrics_fingerprint="$(certificateFingerprintShort "${tmp_cert_dir}/metrics-restricted.crt")" + + echo "==> Check the metrics certificates for its permissions" + lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF false + lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF true + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".projects[0]" | grep -xF default +fi echo "==> Upgrading the cluster" for i in $(seq "${SIZE}"); do @@ -161,16 +177,20 @@ lxc exec "${PREFIX}-1" -- lxc cluster list echo "==> Check the certificates for its permissions after cluster upgrade" lxc query "/1.0/certificates/${unrestricted_fingerprint}" | jq -r ".restricted" | grep -xF false lxc query "/1.0/certificates/${unrestricted_fingerprint}" | jq -r ".type" | grep -xF client -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".restricted" | grep -xF true -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".type" | grep -xF client -lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".projects[0]" | grep -xF default - -echo "==> Check the metrics certificates for its permissions after cluster upgrade" -lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF false -lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF true -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics -lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".projects[0]" | grep -xF default +if [ "${TEST_RESTRICTED}" = "1" ]; then + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".restricted" | grep -xF true + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".type" | grep -xF client + lxc query "/1.0/certificates/${restricted_fingerprint}" | jq -r ".projects[0]" | grep -xF default +fi + +if [ "${TEST_RESTRICTED}" = "1" ]; then + echo "==> Check the metrics certificates for its permissions after cluster upgrade" + lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF false + lxc query "/1.0/certificates/${unrestricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".restricted" | grep -xF true + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".type" | grep -xF metrics + lxc query "/1.0/certificates/${restricted_metrics_fingerprint}" | jq -r ".projects[0]" | grep -xF default +fi echo "==> Deleting the cluster" for i in $(seq "${SIZE}"); do From baafb2fe50d9ec9d9699916ee9b4263d3f43272a Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 17:22:19 -0400 Subject: [PATCH 14/40] tests/cpu-vm: 4.0 does not reject `limits.kernel.*` keys on VM instances Signed-off-by: Simon Deziel --- tests/cpu-vm | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/tests/cpu-vm b/tests/cpu-vm index f993427a9..53e20e5fe 100755 --- a/tests/cpu-vm +++ b/tests/cpu-vm @@ -31,12 +31,18 @@ lxc storage create "${poolName}" "${poolDriver}" # still work lxc profile set default limits.kernel.nofile 50 -! lxc init v0 --vm --empty -c limits.kernel.cpu=46 -s "${poolName}" || false +# 4.0 does not reject `limits.kernel.*` keys on VM instances +if ! echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + ! lxc init v0 --vm --empty -c limits.kernel.cpu=46 -s "${poolName}" || false +fi lxc init v0 --vm --empty -s "${poolName}" -# limits.kernel.* only applies to containers (shouldn't work) -! lxc config set v0 limits.kernel.as=1GiB || false +# 4.0 does not reject `limits.kernel.*` keys on VM instances +if ! echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + # limits.kernel.* only applies to containers (shouldn't work) + ! lxc config set v0 limits.kernel.as=1GiB || false +fi lxc delete v0 From d71861e87a3cdc6fabdff2ab41e232172de62f93 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:46:51 -0400 Subject: [PATCH 15/40] tests/cpu-vm: actually skip if arch cond not met Signed-off-by: Simon Deziel --- tests/cpu-vm | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/cpu-vm b/tests/cpu-vm index 53e20e5fe..d14615c3d 100755 --- a/tests/cpu-vm +++ b/tests/cpu-vm @@ -4,6 +4,7 @@ set -eux architecture="$(uname -m)" if [ "${architecture}" != "x86_64" ] && [ "${architecture}" != "s390x" ]; then echo "Skipping test as CPU hotplugging not supported on ${architecture}" + exit 0 fi # Install LXD From e6db4974cc48404acccede7eb5265fcf1619ae32 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:48:40 -0400 Subject: [PATCH 16/40] tests/cpu-vm: skip if missing support Signed-off-by: Simon Deziel --- tests/cpu-vm | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/cpu-vm b/tests/cpu-vm index d14615c3d..b58c41fa1 100755 --- a/tests/cpu-vm +++ b/tests/cpu-vm @@ -10,6 +10,11 @@ fi # Install LXD install_lxd +if ! hasNeededAPIExtension cpu_hotplug; then + echo "Skipping test as CPU hotplugging not supported on ${LXD_SNAP_CHANNEL}" + exit 0 +fi + # required for "CPU auto pinning" feature check # as we don't have a separate API extension for it # and we rely on the debug output in the LXD daemon logs. From b543a8647100751be71bc83335f79fdb2bbb2fcd Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 17:47:25 -0400 Subject: [PATCH 17/40] tests/interception: container_syscall_intercept_mount_fuse is support with 4.0+ Signed-off-by: Simon Deziel --- tests/interception | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/tests/interception b/tests/interception index b5f52b86c..e444ce877 100755 --- a/tests/interception +++ b/tests/interception @@ -73,17 +73,13 @@ lxc exec c1 -- mount /dev/sda /mnt [ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "0:0" ] lxc exec c1 -- umount /mnt -if hasNeededAPIExtension container_syscall_intercept_mount_fuse; then - lxc config unset c1 security.syscalls.intercept.mount.allowed - lxc config set c1 security.syscalls.intercept.mount.fuse=ext4=fuse2fs - lxc restart c1 -f +lxc config unset c1 security.syscalls.intercept.mount.allowed +lxc config set c1 security.syscalls.intercept.mount.fuse=ext4=fuse2fs +lxc restart c1 -f - lxc exec c1 -- mount /dev/sda /mnt - [ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "0:0" ] - lxc exec c1 -- umount /mnt -else - echo "Skipping mount fuse tests as the container_syscall_intercept_mount_fuse API extension is missing" -fi +lxc exec c1 -- mount /dev/sda /mnt +[ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "0:0" ] +lxc exec c1 -- umount /mnt if hasNeededAPIExtension container_syscall_intercept_finit_module; then # it can be any module which is present in the host filesystem and at the same time not used and can be unloaded From 15bf7b86775b1a3d5438d12b928132c0f07a87fc Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 17:48:06 -0400 Subject: [PATCH 18/40] tests/interception: security.syscalls.intercept.mount.shift is broken on 4.0 Signed-off-by: Simon Deziel --- tests/interception | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/interception b/tests/interception index e444ce877..ff1fe5313 100755 --- a/tests/interception +++ b/tests/interception @@ -68,10 +68,14 @@ lxc exec c1 -- mount /dev/sda /mnt [ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "65534:65534" ] lxc exec c1 -- umount /mnt -lxc config set c1 security.syscalls.intercept.mount.shift=true -lxc exec c1 -- mount /dev/sda /mnt -[ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "0:0" ] -lxc exec c1 -- umount /mnt +if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + echo "Skipping security.syscalls.intercept.mount.shift test, not compatible with ${LXD_SNAP_CHANNEL}" +else + lxc config set c1 security.syscalls.intercept.mount.shift=true + lxc exec c1 -- mount /dev/sda /mnt + [ "$(lxc exec c1 -- stat --format=%u:%g /mnt)" = "0:0" ] + lxc exec c1 -- umount /mnt +fi lxc config unset c1 security.syscalls.intercept.mount.allowed lxc config set c1 security.syscalls.intercept.mount.fuse=ext4=fuse2fs From 27053521d526755c29c8e06c84bab928f41c6452 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 17:34:13 -0400 Subject: [PATCH 19/40] tests/vm-nesting: use LVM if ZFS is not supported Signed-off-by: Simon Deziel --- tests/vm-nesting | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/vm-nesting b/tests/vm-nesting index 42d20733e..060557833 100755 --- a/tests/vm-nesting +++ b/tests/vm-nesting @@ -6,9 +6,17 @@ set -eux # Install LXD. install_lxd +storageDriver="zfs" +if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/" && modinfo zfs | grep -qE '^version:\s*2\.2\.'; then + storageDriver="lvm" + # Allow more time to boot instances + export MAX_WAIT_SECONDS=180 + echo "${LXD_SNAP_CHANNEL} does not support ZFS 2.2, falling back to ${storageDriver}" +fi + # Configure LXD. lxc project switch default -lxc storage create default zfs size=30GiB +lxc storage create default "${storageDriver}" size=30GiB lxc network create lxdbr0 IMAGE="${TEST_IMG:-ubuntu-minimal-daily:24.04}" From afc86de9b7ad4c31dc7182ce9a02e550dc8eae06 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 18:07:23 -0400 Subject: [PATCH 20/40] tests/vm-nesting: compat with 4.0 that doesn't allow override devices during launch Signed-off-by: Simon Deziel --- tests/vm-nesting | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/vm-nesting b/tests/vm-nesting index 060557833..fe32befd4 100755 --- a/tests/vm-nesting +++ b/tests/vm-nesting @@ -94,7 +94,8 @@ start 5 wait 5 cmd 5 "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" cmd 5 "lxd init --auto" -cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB -d root,size=3584MiB" +cmd 5 "lxc profile device set default root size=3584MiB" +cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" delete 5 echo "==> Test 5 containers each with one nested VM" @@ -108,7 +109,8 @@ device_add 5 vsock unix-char source=/dev/vsock start 5 cmd 5 "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" cmd 5 "lxd init --auto" -cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB -d root,size=3584MiB" +cmd 5 "lxc profile device set default root size=3584MiB" +cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" echo "==> Cleaning up" instCount="$(lxc list -f csv -c n t | wc -l)" From caaceff463ff10778f4f4c4d71e3214203e81a7d Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Wed, 3 Jul 2024 07:05:26 -0400 Subject: [PATCH 21/40] tests/vm-nesting: start less VMs in parallel Signed-off-by: Simon Deziel --- tests/vm-nesting | 86 ++++++++++++++++++++++++++---------------------- 1 file changed, 47 insertions(+), 39 deletions(-) diff --git a/tests/vm-nesting b/tests/vm-nesting index fe32befd4..bb87897e0 100755 --- a/tests/vm-nesting +++ b/tests/vm-nesting @@ -6,12 +6,20 @@ set -eux # Install LXD. install_lxd +VMs=10 +nestedVMs=5 storageDriver="zfs" -if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/" && modinfo zfs | grep -qE '^version:\s*2\.2\.'; then - storageDriver="lvm" - # Allow more time to boot instances - export MAX_WAIT_SECONDS=180 - echo "${LXD_SNAP_CHANNEL} does not support ZFS 2.2, falling back to ${storageDriver}" +if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then + # VMs on 4.0 are more resource intensive and slower to boot + export MAX_WAIT_SECONDS=240 + + VMs=3 + nestedVMs=2 + + if modinfo zfs | grep -qE '^version:\s*2\.2\.'; then + storageDriver="lvm" + echo "${LXD_SNAP_CHANNEL} does not support ZFS 2.2, falling back to ${storageDriver}" + fi fi # Configure LXD. @@ -77,40 +85,40 @@ function delete() { lxc delete -f "${instances[@]}" } -echo "==> Test 10 VMs in parallel" -init 10 --vm -start 10 -delete 10 - -echo "==> Test 10 VMs in parallel for vsock ID collision" -init 10 --vm -conf 10 volatile.vsock_id=42 -start 10 -delete 10 - -echo "==> Test 5 VMs each with one nested VM" -init 5 --vm -start 5 -wait 5 -cmd 5 "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" -cmd 5 "lxd init --auto" -cmd 5 "lxc profile device set default root size=3584MiB" -cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" -delete 5 - -echo "==> Test 5 containers each with one nested VM" -init 5 -conf 5 security.devlxd.images=true -conf 5 security.nesting=true -device_add 5 kvm unix-char source=/dev/kvm -device_add 5 vhost-net unix-char source=/dev/vhost-net -device_add 5 vhost-vsock unix-char source=/dev/vhost-vsock -device_add 5 vsock unix-char source=/dev/vsock -start 5 -cmd 5 "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" -cmd 5 "lxd init --auto" -cmd 5 "lxc profile device set default root size=3584MiB" -cmd 5 "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" +echo "==> Test ${VMs} VMs in parallel" +init "${VMs}" --vm +start "${VMs}" +delete "${VMs}" + +echo "==> Test ${VMs} VMs in parallel for vsock ID collision" +init "${VMs}" --vm +conf "${VMs}" volatile.vsock_id=42 +start "${VMs}" +delete "${VMs}" + +echo "==> Test ${nestedVMs} VMs each with one nested VM" +init "${nestedVMs}" --vm +start "${nestedVMs}" +wait "${nestedVMs}" +cmd "${nestedVMs}" "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" +cmd "${nestedVMs}" "lxd init --auto" +cmd "${nestedVMs}" "lxc profile device set default root size=3584MiB" +cmd "${nestedVMs}" "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" +delete "${nestedVMs}" + +echo "==> Test ${VMs} containers each with one nested VM" +init "${VMs}" +conf "${VMs}" security.devlxd.images=true +conf "${VMs}" security.nesting=true +device_add "${VMs}" kvm unix-char source=/dev/kvm +device_add "${VMs}" vhost-net unix-char source=/dev/vhost-net +device_add "${VMs}" vhost-vsock unix-char source=/dev/vhost-vsock +device_add "${VMs}" vsock unix-char source=/dev/vsock +start "${VMs}" +cmd "${VMs}" "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" +cmd "${VMs}" "lxd init --auto" +cmd "${VMs}" "lxc profile device set default root size=3584MiB" +cmd "${VMs}" "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" echo "==> Cleaning up" instCount="$(lxc list -f csv -c n t | wc -l)" From 85d35d87e09211b22cac823cfa0fd334553787ab Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Tue, 2 Jul 2024 21:50:49 -0400 Subject: [PATCH 22/40] tests/vm-nesting: skip VM in container test for 4.0/edge Signed-off-by: Simon Deziel --- tests/vm-nesting | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/tests/vm-nesting b/tests/vm-nesting index bb87897e0..5c595c94d 100755 --- a/tests/vm-nesting +++ b/tests/vm-nesting @@ -6,6 +6,7 @@ set -eux # Install LXD. install_lxd +VM_IN_CTN=1 VMs=10 nestedVMs=5 storageDriver="zfs" @@ -13,6 +14,9 @@ if echo "${LXD_SNAP_CHANNEL}" | grep -qE "^4\.0/"; then # VMs on 4.0 are more resource intensive and slower to boot export MAX_WAIT_SECONDS=240 + # VMs inside containers do not work + VM_IN_CTN=0 + VMs=3 nestedVMs=2 @@ -106,19 +110,23 @@ cmd "${nestedVMs}" "lxc profile device set default root size=3584MiB" cmd "${nestedVMs}" "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" delete "${nestedVMs}" -echo "==> Test ${VMs} containers each with one nested VM" -init "${VMs}" -conf "${VMs}" security.devlxd.images=true -conf "${VMs}" security.nesting=true -device_add "${VMs}" kvm unix-char source=/dev/kvm -device_add "${VMs}" vhost-net unix-char source=/dev/vhost-net -device_add "${VMs}" vhost-vsock unix-char source=/dev/vhost-vsock -device_add "${VMs}" vsock unix-char source=/dev/vsock -start "${VMs}" -cmd "${VMs}" "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" -cmd "${VMs}" "lxd init --auto" -cmd "${VMs}" "lxc profile device set default root size=3584MiB" -cmd "${VMs}" "lxc launch ${IMAGE} nested --vm -c limits.memory=512MiB" +if [ "${VM_IN_CTN}" = "1" ]; then + echo "==> Test ${nestedVMs} containers each with one nested VM" + init "${nestedVMs}" + conf "${nestedVMs}" security.devlxd.images=true + conf "${nestedVMs}" security.nesting=true + device_add "${nestedVMs}" kvm unix-char source=/dev/kvm + device_add "${nestedVMs}" vhost-net unix-char source=/dev/vhost-net + device_add "${nestedVMs}" vhost-vsock unix-char source=/dev/vhost-vsock + device_add "${nestedVMs}" vsock unix-char source=/dev/vsock + start "${nestedVMs}" + cmd "${nestedVMs}" "snap wait system seed.loaded && snap install lxd --channel ${LXD_SNAP_CHANNEL}" + cmd "${nestedVMs}" "lxd init --auto" + cmd "${nestedVMs}" "lxc profile device set default root size=3584MiB" + cmd "${nestedVMs}" "lxc launch ${IMAGE} nested --vm -c limits.memory=510MiB" +else + echo "Skipping VM in container tests on ${LXD_SNAP_CHANNEL}" +fi echo "==> Cleaning up" instCount="$(lxc list -f csv -c n t | wc -l)" From 2aacc27aca82a635ebec365f7bfc591886cb631f Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 18:14:03 -0400 Subject: [PATCH 23/40] tests/network-bridge-firewall: fix typo Signed-off-by: Simon Deziel --- tests/network-bridge-firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/network-bridge-firewall b/tests/network-bridge-firewall index a54ac7bee..0a12b350e 100755 --- a/tests/network-bridge-firewall +++ b/tests/network-bridge-firewall @@ -30,7 +30,7 @@ iptables --version 2>&1 | grep legacy ip6tables --version 2>&1 | grep legacy ebtables --version 2>&1 | grep legacy -# Setup bridge filter and unmanaged bridge.s +# Setup bridge filter and unmanaged bridges modprobe br_netfilter ip link add lxdbr0unmanaged type bridge From 4d7bea6c115b65349c45717757287d3e79911ace Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 18:19:07 -0400 Subject: [PATCH 24/40] tests/network-bridge-firewall: use btrfs instead of zfs (not supported by 4.0 on 22.04+HWE) Signed-off-by: Simon Deziel --- tests/network-bridge-firewall | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/network-bridge-firewall b/tests/network-bridge-firewall index 0a12b350e..d90f3df36 100755 --- a/tests/network-bridge-firewall +++ b/tests/network-bridge-firewall @@ -13,7 +13,7 @@ IMAGE="${TEST_IMG:-ubuntu-daily:24.04}" set -x # Configure LXD -lxc storage create default zfs +lxc storage create default btrfs lxc network create lxdbr0 \ ipv4.address=192.0.2.1/24 \ ipv6.address=2001:db8::1/64 \ From a79a21c74d5f7f3d43860c4273d9ceb8e9319b56 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 21 Jun 2024 17:40:16 -0400 Subject: [PATCH 25/40] github: devlxd-vm are not compatible with `4.0/*` Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 5adc30526..bff40115b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -110,6 +110,10 @@ jobs: exclude: - test: cluster # fan is not yet working on 24.04 kernel: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064508 os: "24.04" + - test: devlxd-vm # not compatible with 4.0/* + track: "4.0/edge" + - test: devlxd-vm # not compatible with 4.0/* + track: "4.0/stable" - test: efi-vars-editor-vm # not compatible with 5.0/* track: "5.0/edge" - test: efi-vars-editor-vm # not compatible with 5.0/* From 7dcc907a1c3a1882dad96b0e62e5b41d10d6f11c Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 10:38:33 -0400 Subject: [PATCH 26/40] github: don't test 4.0/edge on 24.04 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index bff40115b..515a4b587 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -127,6 +127,10 @@ jobs: - test: storage-buckets # not compatible with 4.0/* track: "4.0/stable" - test: "storage-vm ceph" # waiting for integration with microceph + - track: "4.0/edge" + os: "24.04" + - track: "4.0/stable" + os: "24.04" - track: "5.0/edge" os: "24.04" - track: "5.0/stable" From 6a10006b6597c683d494781b264582657ec0738f Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 10:40:30 -0400 Subject: [PATCH 27/40] github: don't test latest/* and 5.*/* on 20.04 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 515a4b587..bb662294a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -135,8 +135,18 @@ jobs: os: "24.04" - track: "5.0/stable" os: "24.04" + - track: "5.0/edge" + os: "20.04" + - track: "5.21/edge" + os: "20.04" + - track: "5.21/stable" + os: "20.04" - track: "latest/edge" os: "22.04" + - track: "latest/edge" + os: "20.04" + - track: "latest/stable" + os: "20.04" steps: - name: Performance tuning From e3ba112daf689cc046597173051cb5eee89fb0b4 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 10:40:39 -0400 Subject: [PATCH 28/40] github: don't test latest/stable on 22.04 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index bb662294a..35f567f80 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -143,6 +143,8 @@ jobs: os: "20.04" - track: "latest/edge" os: "22.04" + - track: "latest/stable" + os: "22.04" - track: "latest/edge" os: "20.04" - track: "latest/stable" From 6b90c19ee2fb5b5f03e8db32a94d89b747959ebb Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 10:41:55 -0400 Subject: [PATCH 29/40] github: add 20.04 and 4.0/edge tests Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 35f567f80..cd3e63f71 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -76,8 +76,8 @@ jobs: strategy: fail-fast: false matrix: - os: [22.04, 24.04] - track: ${{ fromJSON(inputs.snap-tracks || '["latest/edge", "5.21/edge", "5.0/edge"]') }} + os: [20.04, 22.04, 24.04] + track: ${{ fromJSON(inputs.snap-tracks || '["latest/edge", "5.21/edge", "5.0/edge", "4.0/edge"]') }} test: - cgroup - cluster From 5ff3c11a9e558e06a9e7bfbfa56ab1c68dc0c4e6 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 11:52:51 -0400 Subject: [PATCH 30/40] github: remove */stable from exclusion Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index cd3e63f71..1fecd95fa 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -112,43 +112,25 @@ jobs: os: "24.04" - test: devlxd-vm # not compatible with 4.0/* track: "4.0/edge" - - test: devlxd-vm # not compatible with 4.0/* - track: "4.0/stable" - test: efi-vars-editor-vm # not compatible with 5.0/* track: "5.0/edge" - - test: efi-vars-editor-vm # not compatible with 5.0/* - track: "5.0/stable" - test: efi-vars-editor-vm # not compatible with 4.0/* track: "4.0/edge" - - test: efi-vars-editor-vm # not compatible with 4.0/* - track: "4.0/stable" - test: storage-buckets # not compatible with 4.0/* track: "4.0/edge" - - test: storage-buckets # not compatible with 4.0/* - track: "4.0/stable" - test: "storage-vm ceph" # waiting for integration with microceph - track: "4.0/edge" os: "24.04" - - track: "4.0/stable" - os: "24.04" - track: "5.0/edge" os: "24.04" - - track: "5.0/stable" - os: "24.04" - track: "5.0/edge" os: "20.04" - track: "5.21/edge" os: "20.04" - - track: "5.21/stable" + - track: "latest/edge" os: "20.04" - track: "latest/edge" os: "22.04" - - track: "latest/stable" - os: "22.04" - - track: "latest/edge" - os: "20.04" - - track: "latest/stable" - os: "20.04" steps: - name: Performance tuning From 9b96adc2a7b27c8c011f8dd4fbb28a550acdc4f2 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:07:11 -0400 Subject: [PATCH 31/40] github: rework exclusions Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1fecd95fa..38df57e38 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -110,15 +110,31 @@ jobs: exclude: - test: cluster # fan is not yet working on 24.04 kernel: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064508 os: "24.04" - - test: devlxd-vm # not compatible with 4.0/* + # not compatible with 4.0/* + - test: devlxd-vm track: "4.0/edge" - - test: efi-vars-editor-vm # not compatible with 5.0/* - track: "5.0/edge" - - test: efi-vars-editor-vm # not compatible with 4.0/* + - test: efi-vars-editor-vm + track: "4.0/edge" + - test: storage-buckets + track: "4.0/edge" + - test: "storage-vm dir" + track: "4.0/edge" + - test: "storage-vm btrfs" track: "4.0/edge" - - test: storage-buckets # not compatible with 4.0/* + - test: "storage-vm ceph" track: "4.0/edge" - - test: "storage-vm ceph" # waiting for integration with microceph + - test: "storage-vm lvm" + track: "4.0/edge" + - test: "storage-vm lvm-thin" + track: "4.0/edge" + - test: "storage-vm zfs" + track: "4.0/edge" + # not compatible with 5.0/* + - test: efi-vars-editor-vm # not compatible with 5.0/* + track: "5.0/edge" + # waiting for integration with microceph + - test: "storage-vm ceph" + # skip track/os combinaisons that are too far appart - track: "4.0/edge" os: "24.04" - track: "5.0/edge" From 9654e9b79c3506871d335cdf9b139b7843b27e24 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:49:12 -0400 Subject: [PATCH 32/40] github: skip cpu-vm on 4.0/edge Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 38df57e38..1e52f91d2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -111,6 +111,8 @@ jobs: - test: cluster # fan is not yet working on 24.04 kernel: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064508 os: "24.04" # not compatible with 4.0/* + - test: cpu-vm + track: "4.0/edge" - test: devlxd-vm track: "4.0/edge" - test: efi-vars-editor-vm From 7b3829283f317cbc978f5a947b61da8e7c025214 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:56:32 -0400 Subject: [PATCH 33/40] github: skip network-ovn on 4.0/edge Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1e52f91d2..93920cf7b 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -117,6 +117,8 @@ jobs: track: "4.0/edge" - test: efi-vars-editor-vm track: "4.0/edge" + - test: network-ovn + track: "4.0/edge" - test: storage-buckets track: "4.0/edge" - test: "storage-vm dir" From e47a1f7d720e99783d2f1d3b1cfc582f42d102d4 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Fri, 28 Jun 2024 12:58:36 -0400 Subject: [PATCH 34/40] github: skip storage-disks-vm on 4.0/edge Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 93920cf7b..9518603bf 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -121,6 +121,8 @@ jobs: track: "4.0/edge" - test: storage-buckets track: "4.0/edge" + - test: storage-disks-vm + track: "4.0/edge" - test: "storage-vm dir" track: "4.0/edge" - test: "storage-vm btrfs" From a9a5420cc80f3d3dd9f39e67d6ed5347cac7f422 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 18:02:27 -0400 Subject: [PATCH 35/40] github: skip tpm-vm test on 4.0/edge Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 9518603bf..a4ad22565 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -135,6 +135,8 @@ jobs: track: "4.0/edge" - test: "storage-vm zfs" track: "4.0/edge" + - test: tpm-vm + track: "4.0/edge" # not compatible with 5.0/* - test: efi-vars-editor-vm # not compatible with 5.0/* track: "5.0/edge" From 775b2baf68efaf40bf708c9c635b8b08296d1bb6 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 20:49:28 -0400 Subject: [PATCH 36/40] github: skip storage-volumes-vm test on 4.0/* Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a4ad22565..132f5a03c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -135,6 +135,8 @@ jobs: track: "4.0/edge" - test: "storage-vm zfs" track: "4.0/edge" + - test: storage-volumes-vm + track: "4.0/edge" - test: tpm-vm track: "4.0/edge" # not compatible with 5.0/* From e595c822046f66f54a0c24ebd0b6f1a4e0b2aaaf Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 20:55:15 -0400 Subject: [PATCH 37/40] github: skip network-bridge-firewall test on 4.0/edge with 20.04 On 20.04, LXD picks xtables as the default firewall driver. Considering that nftables is in universe for that release, this might be intentional. Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 132f5a03c..76ec25c43 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -117,6 +117,9 @@ jobs: track: "4.0/edge" - test: efi-vars-editor-vm track: "4.0/edge" + - test: network-bridge-firewall + os: 20.04 + track: "4.0/edge" - test: network-ovn track: "4.0/edge" - test: storage-buckets From 105c7fb12cda4f6017a8c779ba3ecaa18537d345 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 23:02:40 -0400 Subject: [PATCH 38/40] github: reclaim disk space for vm-nesting test Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 76ec25c43..bf481339a 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -175,7 +175,7 @@ jobs: echo "force-unsafe-io" | sudo tee /etc/dpkg/dpkg.cfg.d/force-unsafe-io - name: Reclaim some space (storage tests only) - if: ${{ startsWith(matrix.test, 'storage') }} + if: ${{ startsWith(matrix.test, 'storage') || matrix.test == 'vm-nesting' }} run: | set -eux df -h From 15feba174df8b7826a890eb45a079fe753ab4f67 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 1 Jul 2024 23:43:08 -0400 Subject: [PATCH 39/40] github: skip container-copy test on 4.0/edge Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index bf481339a..f24ce8951 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -111,6 +111,8 @@ jobs: - test: cluster # fan is not yet working on 24.04 kernel: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2064508 os: "24.04" # not compatible with 4.0/* + - test: container-copy + track: "4.0/edge" - test: cpu-vm track: "4.0/edge" - test: devlxd-vm From f831acb82562d9bc21faed4d12a6815bbe847f27 Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Tue, 2 Jul 2024 22:06:44 -0400 Subject: [PATCH 40/40] github: skip pylxd test on 4.0/edge https://github.com/canonical/pylxd/issues/590 Signed-off-by: Simon Deziel --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index f24ce8951..3715de7e0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -124,6 +124,9 @@ jobs: track: "4.0/edge" - test: network-ovn track: "4.0/edge" + # https://github.com/canonical/pylxd/issues/590 + - test: pylxd + track: "4.0/edge" - test: storage-buckets track: "4.0/edge" - test: storage-disks-vm