[libvirt PATCH 0/3] ci: patches to make integration tests work

Pavel Hrdina

25 Feb 2025 25 Feb '25

9:30 a.m.

I've tested this on our hosts that are using for gitlab integration tests and everything seems to be working now. There were multiple issues I've encountered: - on Fedora 41 current selinux policy silently blocks virtnwfilterd to create_socket_perms for packet_socket resulting in this error: internal error: setup of pcap handle failed: can't mmap rx ring: Permission denied I've created temporary selinux module to allow this permission, need to post a patch to fedora selinux policy to fix this. - libvirt-tck uses for some tests sleep(30) to wait for VM to boot but on our hosts it sometimes took a bit longer resulting in random failures, posted patches to libvirt-tck to fix this issue - lcitool is not able to prepare Fedora 41 vm as there is no python3-libdnf5 by default installed and ansible fails with error Pavel Hrdina (3): ci: use iptables to run libvirt-tck ci: use Fedora 41 to run integration tests ci: refresh with 'lcitool manifest' ci/buildenv/{alpine-319.sh => alpine-321.sh} | 0 ...e-319.Dockerfile => alpine-321.Dockerfile} | 2 +- ci/gitlab/builds.yml | 8 ++++---- ci/gitlab/containers.yml | 4 ++-- ci/integration.yml | 20 +++++++++---------- ci/jobs.sh | 3 +++ ci/manifest.yml | 2 +- 7 files changed, 21 insertions(+), 18 deletions(-) rename ci/buildenv/{alpine-319.sh => alpine-321.sh} (100%) rename ci/containers/{alpine-319.Dockerfile => alpine-321.Dockerfile} (98%) -- 2.48.1

Show replies by date

Pavel Hrdina

25 Feb 25 Feb

9:30 a.m.

New subject: [libvirt PATCH 1/3] ci: use iptables to run libvirt-tck

On current Fedora libvirt uses nftables by default but the libvirt-tck tests are not ready for it and most of the nwfilter tests fail. We need to keep using iptables for now. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- ci/jobs.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ci/jobs.sh b/ci/jobs.sh index 9a1c668d2e..6ded80af34 100644 --- a/ci/jobs.sh +++ b/ci/jobs.sh @@ -124,6 +124,9 @@ run_integration() { DAEMONS="virtinterfaced virtlockd virtlogd virtnetworkd virtnodedevd virtnwfilterd virtproxyd virtqemud virtsecretd virtstoraged" fi + # Force libvirt to use iptables to make sure libvirt-tck tests don't fail + run_cmd_quiet sudo augtool set /files/etc/libvirt/network.conf/firewall_backend "'iptables'" + echo "DAEMONS=$DAEMONS" for daemon in $DAEMONS do -- 2.48.1

Pavel Hrdina

9:30 a.m.

New subject: [libvirt PATCH 2/3] ci: use Fedora 41 to run integration tests

Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- ci/integration.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/ci/integration.yml b/ci/integration.yml index ced3fbc3c2..2c5e5a65bc 100644 --- a/ci/integration.yml +++ b/ci/integration.yml @@ -29,23 +29,23 @@ centos-stream-9-tests: # and libvirt-python CI jobs, so the new target needs to be introduced # there before it can be used here. The VM template for the target # also needs to be created on the runner host. -fedora-40-tests: +fedora-41-tests: extends: .integration_tests variables: # needed by libvirt-gitlab-executor - DISTRO: fedora-40 + DISTRO: fedora-41 # can be overridden in forks to set a different runner tag LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host tags: - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG needs: - - x86_64-fedora-40 + - x86_64-fedora-41 - project: libvirt/libvirt-perl - job: x86_64-fedora-40 + job: x86_64-fedora-41 ref: master artifacts: true - project: libvirt/libvirt-python - job: x86_64-fedora-40 + job: x86_64-fedora-41 ref: master artifacts: true @@ -53,22 +53,22 @@ fedora-40-tests: # and libvirt-python CI jobs, so the new target needs to be introduced # there before it can be used here. The VM template for the target # also needs to be created on the runner host. -.fedora-40-upstream-qemu-tests: +.fedora-41-upstream-qemu-tests: extends: .integration_tests variables: # needed by libvirt-gitlab-executor - DISTRO: fedora-40 + DISTRO: fedora-41 # can be overridden in forks to set a different runner tag LIBVIRT_CI_INTEGRATION_RUNNER_TAG: redhat-vm-host tags: - $LIBVIRT_CI_INTEGRATION_RUNNER_TAG needs: - - x86_64-fedora-40 + - x86_64-fedora-41 - project: libvirt/libvirt-perl - job: x86_64-fedora-40 + job: x86_64-fedora-41 ref: master artifacts: true - project: libvirt/libvirt-python - job: x86_64-fedora-40 + job: x86_64-fedora-41 ref: master artifacts: true -- 2.48.1

Pavel Hrdina

9:30 a.m.

New subject: [libvirt PATCH 3/3] ci: refresh with 'lcitool manifest'

Replace Alpine Linux v3.19 with v3.21. Signed-off-by: Pavel Hrdina <phrdina@redhat.com> --- ci/buildenv/{alpine-319.sh => alpine-321.sh} | 0 .../{alpine-319.Dockerfile => alpine-321.Dockerfile} | 2 +- ci/gitlab/builds.yml | 8 ++++---- ci/gitlab/containers.yml | 4 ++-- ci/manifest.yml | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) rename ci/buildenv/{alpine-319.sh => alpine-321.sh} (100%) rename ci/containers/{alpine-319.Dockerfile => alpine-321.Dockerfile} (98%) diff --git a/ci/buildenv/alpine-319.sh b/ci/buildenv/alpine-321.sh similarity index 100% rename from ci/buildenv/alpine-319.sh rename to ci/buildenv/alpine-321.sh diff --git a/ci/containers/alpine-319.Dockerfile b/ci/containers/alpine-321.Dockerfile similarity index 98% rename from ci/containers/alpine-319.Dockerfile rename to ci/containers/alpine-321.Dockerfile index 2e4842ef3e..2351b03653 100644 --- a/ci/containers/alpine-319.Dockerfile +++ b/ci/containers/alpine-321.Dockerfile @@ -4,7 +4,7 @@ # # https://gitlab.com/libvirt/libvirt-ci -FROM docker.io/library/alpine:3.19 +FROM docker.io/library/alpine:3.21 RUN apk update && \ apk upgrade && \ diff --git a/ci/gitlab/builds.yml b/ci/gitlab/builds.yml index 9c2f0ecad8..0534a2278d 100644 --- a/ci/gitlab/builds.yml +++ b/ci/gitlab/builds.yml @@ -33,15 +33,15 @@ x86_64-almalinux-9-clang: TARGET_BASE_IMAGE: docker.io/library/almalinux:9 -x86_64-alpine-319: +x86_64-alpine-321: extends: .native_build_job needs: - - job: x86_64-alpine-319-container + - job: x86_64-alpine-321-container optional: true allow_failure: false variables: - NAME: alpine-319 - TARGET_BASE_IMAGE: docker.io/library/alpine:3.19 + NAME: alpine-321 + TARGET_BASE_IMAGE: docker.io/library/alpine:3.21 x86_64-alpine-edge: diff --git a/ci/gitlab/containers.yml b/ci/gitlab/containers.yml index 0cfc8ca952..0e86062652 100644 --- a/ci/gitlab/containers.yml +++ b/ci/gitlab/containers.yml @@ -14,11 +14,11 @@ x86_64-almalinux-9-container: NAME: almalinux-9 -x86_64-alpine-319-container: +x86_64-alpine-321-container: extends: .container_job allow_failure: false variables: - NAME: alpine-319 + NAME: alpine-321 x86_64-alpine-edge-container: diff --git a/ci/manifest.yml b/ci/manifest.yml index 2c036aaa39..3bfebed96c 100644 --- a/ci/manifest.yml +++ b/ci/manifest.yml @@ -19,7 +19,7 @@ targets: RPM: skip CC: clang - alpine-319: x86_64 + alpine-321: x86_64 alpine-edge: jobs: -- 2.48.1

Martin Kletzander

3:46 p.m.

On Tue, Feb 25, 2025 at 10:30:46AM +0100, Pavel Hrdina wrote:

...

I've tested this on our hosts that are using for gitlab integration tests and everything seems to be working now.

There were multiple issues I've encountered:

- on Fedora 41 current selinux policy silently blocks virtnwfilterd to create_socket_perms for packet_socket resulting in this error:

internal error: setup of pcap handle failed: can't mmap rx ring: Permission denied

I've created temporary selinux module to allow this permission, need to post a patch to fedora selinux policy to fix this.

- libvirt-tck uses for some tests sleep(30) to wait for VM to boot but on our hosts it sometimes took a bit longer resulting in random failures, posted patches to libvirt-tck to fix this issue

- lcitool is not able to prepare Fedora 41 vm as there is no python3-libdnf5 by default installed and ansible fails with error

Pavel Hrdina (3): ci: use iptables to run libvirt-tck

With this one we'll stop checking some parts and if this continues it'll just be an integration test suite which we run just for the sake of running it. That's not anything against you or this patch series, just a sigh from my side.

...

ci: use Fedora 41 to run integration tests ci: refresh with 'lcitool manifest'

Series: Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

...

ci/buildenv/{alpine-319.sh => alpine-321.sh} | 0 ...e-319.Dockerfile => alpine-321.Dockerfile} | 2 +- ci/gitlab/builds.yml | 8 ++++---- ci/gitlab/containers.yml | 4 ++-- ci/integration.yml | 20 +++++++++---------- ci/jobs.sh | 3 +++ ci/manifest.yml | 2 +- 7 files changed, 21 insertions(+), 18 deletions(-) rename ci/buildenv/{alpine-319.sh => alpine-321.sh} (100%) rename ci/containers/{alpine-319.Dockerfile => alpine-321.Dockerfile} (98%)

-- 2.48.1

185

Age (days ago)

185

Last active (days ago)

List overview

Download

4 comments

2 participants

participants (2)

Martin Kletzander
Pavel Hrdina