github.com/lalkh/containerd@v1.4.3/Vagrantfile (about)

     1  # -*- mode: ruby -*-
     2  # vi: set ft=ruby :
     3  
     4  #   Copyright The containerd Authors.
     5  #
     6  #   Licensed under the Apache License, Version 2.0 (the "License");
     7  #   you may not use this file except in compliance with the License.
     8  #   You may obtain a copy of the License at
     9  
    10  #       http://www.apache.org/licenses/LICENSE-2.0
    11  
    12  #   Unless required by applicable law or agreed to in writing, software
    13  #   distributed under the License is distributed on an "AS IS" BASIS,
    14  #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    15  #   See the License for the specific language governing permissions and
    16  #   limitations under the License.
    17  
    18  # Vagrantfile for cgroup2 and SELinux
    19  Vagrant.configure("2") do |config|
    20    config.vm.box = "fedora/32-cloud-base"
    21    memory = 4096
    22    cpus = 2
    23    config.vm.provider :virtualbox do |v|
    24      v.memory = memory
    25      v.cpus = cpus
    26    end
    27    config.vm.provider :libvirt do |v|
    28      v.memory = memory
    29      v.cpus = cpus
    30    end
    31  
    32    # Disabled by default. To run:
    33    #   vagrant up --provision-with=upgrade-packages
    34    # To upgrade only specific packages:
    35    #   UPGRADE_PACKAGES=selinux vagrant up --provision-with=upgrade-packages
    36    #
    37    config.vm.provision "upgrade-packages", type: "shell", run: "never" do |sh|
    38      sh.upload_path = "/tmp/vagrant-upgrade-packages"
    39      sh.env = {
    40          'UPGRADE_PACKAGES': ENV['UPGRADE_PACKAGES'],
    41      }
    42      sh.inline = <<~SHELL
    43          #!/usr/bin/env bash
    44          set -eux -o pipefail
    45          dnf -y upgrade ${UPGRADE_PACKAGES}
    46      SHELL
    47    end
    48  
    49    # To re-run, installing CNI from RPM:
    50    #   INSTALL_PACKAGES="containernetworking-plugins" vagrant up --provision-with=install-packages
    51    #
    52    config.vm.provision "install-packages", type: "shell", run: "once" do |sh|
    53      sh.upload_path = "/tmp/vagrant-install-packages"
    54      sh.env = {
    55          'INSTALL_PACKAGES': ENV['INSTALL_PACKAGES'],
    56      }
    57      sh.inline = <<~SHELL
    58          #!/usr/bin/env bash
    59          set -eux -o pipefail
    60          dnf -y install \
    61              container-selinux \
    62              curl \
    63              gcc \
    64              git \
    65              iptables \
    66              libseccomp-devel \
    67              libselinux-devel \
    68              lsof \
    69              make \
    70              ${INSTALL_PACKAGES}
    71      SHELL
    72    end
    73  
    74    # To re-run this provisioner, installing a different version of go:
    75    #   GO_VERSION="1.14.6" vagrant up --provision-with=install-golang
    76    #
    77    config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
    78      sh.upload_path = "/tmp/vagrant-install-golang"
    79      sh.env = {
    80          'GO_VERSION': ENV['GO_VERSION'] || "1.15.5",
    81      }
    82      sh.inline = <<~SHELL
    83          #!/usr/bin/env bash
    84          set -eux -o pipefail
    85          curl -fsSL "https://dl.google.com/go/go${GO_VERSION}.linux-amd64.tar.gz" | tar Cxz /usr/local
    86          cat >> /etc/environment <<EOF
    87  PATH=/usr/local/go/bin:$PATH
    88  GO111MODULE=off
    89  EOF
    90          source /etc/environment
    91          cat >> /etc/profile.d/sh.local <<EOF
    92  GOPATH=\\$HOME/go
    93  PATH=\\$GOPATH/bin:\\$PATH
    94  export GOPATH PATH
    95  EOF
    96      source /etc/profile.d/sh.local
    97      SHELL
    98    end
    99  
   100    config.vm.provision "setup-gopath", type: "shell", run: "once" do |sh|
   101      sh.upload_path = "/tmp/vagrant-setup-gopath"
   102      sh.inline = <<~SHELL
   103          #!/usr/bin/env bash
   104          source /etc/environment
   105          source /etc/profile.d/sh.local
   106          set -eux -o pipefail
   107          mkdir -p ${GOPATH}/src/github.com/containerd
   108          ln -fnsv /vagrant ${GOPATH}/src/github.com/containerd/containerd
   109      SHELL
   110    end
   111  
   112    config.vm.provision "install-runc", type: "shell", run: "once" do |sh|
   113      sh.upload_path = "/tmp/vagrant-install-runc"
   114      sh.env = {
   115          'RUNC_FLAVOR': ENV['RUNC_FLAVOR'] || "runc",
   116      }
   117      sh.inline = <<~SHELL
   118          #!/usr/bin/env bash
   119          source /etc/environment
   120          source /etc/profile.d/sh.local
   121          set -eux -o pipefail
   122          ${GOPATH}/src/github.com/containerd/containerd/script/setup/install-runc
   123          type runc
   124          runc --version
   125          chcon -v -t container_runtime_exec_t $(type -ap runc)
   126      SHELL
   127    end
   128  
   129    config.vm.provision "install-cni", type: "shell", run: "once" do |sh|
   130      sh.upload_path = "/tmp/vagrant-install-cni"
   131      sh.env = {
   132          'CNI_BINARIES': 'bridge dhcp flannel host-device host-local ipvlan loopback macvlan portmap ptp tuning vlan',
   133      }
   134      sh.inline = <<~SHELL
   135          #!/usr/bin/env bash
   136          source /etc/environment
   137          source /etc/profile.d/sh.local
   138          set -eux -o pipefail
   139          ${GOPATH}/src/github.com/containerd/containerd/script/setup/install-cni
   140          PATH=/opt/cni/bin:$PATH type ${CNI_BINARIES} || true
   141      SHELL
   142    end
   143  
   144    config.vm.provision "install-cri-tools", type: "shell", run: "once" do |sh|
   145      sh.upload_path = "/tmp/vagrant-install-cri-tools"
   146      sh.env = {
   147          'CRI_TOOLS_VERSION': ENV['CRI_TOOLS_VERSION'] || '16911795a3c33833fa0ec83dac1ade3172f6989e',
   148          'GOBIN': '/usr/local/bin',
   149      }
   150      sh.inline = <<~SHELL
   151          #!/usr/bin/env bash
   152          source /etc/environment
   153          source /etc/profile.d/sh.local
   154          set -eux -o pipefail
   155          ${GOPATH}/src/github.com/containerd/containerd/script/setup/install-critools
   156          type crictl critest
   157          critest --version
   158      SHELL
   159    end
   160  
   161    config.vm.provision "install-containerd", type: "shell", run: "once" do |sh|
   162      sh.upload_path = "/tmp/vagrant-install-containerd"
   163      sh.inline = <<~SHELL
   164          #!/usr/bin/env bash
   165          source /etc/environment
   166          source /etc/profile.d/sh.local
   167          set -eux -o pipefail
   168          cd ${GOPATH}/src/github.com/containerd/containerd
   169          make BUILDTAGS="seccomp selinux no_aufs no_btrfs no_devmapper no_zfs" binaries install
   170          type containerd
   171          containerd --version
   172          chcon -v -t container_runtime_exec_t /usr/local/bin/{containerd,containerd-shim*}
   173          ./script/setup/config-containerd
   174      SHELL
   175    end
   176  
   177    # SELinux is Enforcing by default.
   178    # To set SELinux as Disabled on a VM that has already been provisioned:
   179    #   SELINUX=Disabled vagrant up --provision-with=selinux
   180    # To set SELinux as Permissive on a VM that has already been provsioned
   181    #   SELINUX=Permissive vagrant up --provision-with=selinux
   182    config.vm.provision "selinux", type: "shell", run: "never" do |sh|
   183      sh.upload_path = "/tmp/vagrant-selinux"
   184      sh.env = {
   185          'SELINUX': ENV['SELINUX'] || "Enforcing"
   186      }
   187      sh.inline = <<~SHELL
   188          /vagrant/script/setup/config-selinux
   189          /vagrant/script/setup/config-containerd
   190      SHELL
   191    end
   192  
   193    # SELinux is permissive by default (via provisioning) in this VM. To re-run with SELinux enforcing:
   194    #   vagrant up --provision-with=selinux-enforcing,test-integration
   195    #
   196    config.vm.provision "test-integration", type: "shell", run: "never" do |sh|
   197      sh.upload_path = "/tmp/test-integration"
   198      sh.env = {
   199          'RUNC_FLAVOR': ENV['RUNC_FLAVOR'] || "runc",
   200      }
   201      sh.inline = <<~SHELL
   202          #!/usr/bin/env bash
   203          source /etc/environment
   204          source /etc/profile.d/sh.local
   205          set -eux -o pipefail
   206          rm -rf /var/lib/containerd-test /run/containerd-test
   207          cd ${GOPATH}/src/github.com/containerd/containerd
   208          make integration EXTRA_TESTFLAGS="-no-criu -test.v" TEST_RUNTIME=io.containerd.runc.v2 RUNC_FLAVOR=$RUNC_FLAVOR
   209      SHELL
   210    end
   211  
   212    # SELinux is permissive by default (via provisioning) in this VM. To re-run with SELinux enforcing:
   213    #   vagrant up --provision-with=selinux-enforcing,test-cri
   214    #
   215    config.vm.provision "test-cri", type: "shell", run: "never" do |sh|
   216      sh.upload_path = "/tmp/test-cri"
   217      sh.env = {
   218          'CRITEST_ARGS': ENV['CRITEST_ARGS'],
   219      }
   220      sh.inline = <<~SHELL
   221          #!/usr/bin/env bash
   222          source /etc/environment
   223          source /etc/profile.d/sh.local
   224          set -eux -o pipefail
   225          systemctl disable --now containerd || true
   226          rm -rf /var/lib/containerd /run/containerd
   227          function cleanup()
   228          {
   229              journalctl -u containerd > /tmp/containerd.log
   230              systemctl stop containerd
   231          }
   232          selinux=$(getenforce)
   233          if [[ $selinux == Enforcing ]]; then
   234              setenforce 0
   235          fi
   236          systemctl enable --now ${GOPATH}/src/github.com/containerd/containerd/containerd.service
   237          if [[ $selinux == Enforcing ]]; then
   238              setenforce 1
   239          fi
   240          trap cleanup EXIT
   241          ctr version
   242          critest --parallel=$(nproc) ${CRITEST_ARGS}
   243      SHELL
   244    end
   245  
   246  end