2021-11-15 18:50:38 +00:00
|
|
|
# -*- mode: ruby -*-
|
|
|
|
# vi: set ft=ruby :
|
|
|
|
#
|
|
|
|
# Vagrant box for testing k3s with cgroup v2.
|
|
|
|
|
2022-03-15 17:29:56 +00:00
|
|
|
ENV['TEST_UNITFILE_ROOTFULL'] ||= '../../../../k3s.service'
|
|
|
|
ENV['TEST_UNITFILE_ROOTLESS'] ||= '../../../../k3s-rootless.service'
|
2021-11-15 18:50:38 +00:00
|
|
|
|
|
|
|
Vagrant.configure("2") do |config|
|
|
|
|
config.vagrant.plugins = {
|
|
|
|
'vagrant-k3s' => {:version => '~> 0.1.3'},
|
|
|
|
}
|
2023-01-30 21:14:29 +00:00
|
|
|
config.vm.box = "generic/fedora37"
|
2021-11-15 18:50:38 +00:00
|
|
|
config.vm.boot_timeout = ENV['TEST_VM_BOOT_TIMEOUT'] || 600 # seconds
|
2022-03-15 17:29:56 +00:00
|
|
|
config.vm.synced_folder '../../../../dist/artifacts', '/vagrant', type: 'rsync', disabled: false,
|
2021-11-15 18:50:38 +00:00
|
|
|
rsync__exclude: ENV['RSYNC_EXCLUDE'] || '*.tar.*'
|
|
|
|
|
|
|
|
config.vm.define 'cgroup-unified', primary: true do |test|
|
|
|
|
test.vm.hostname = 'smoke'
|
2023-01-30 21:14:29 +00:00
|
|
|
test.vm.provision "disable-firewall", type: "shell", inline: "systemctl stop firewalld && systemctl disable firewalld"
|
2021-11-15 18:50:38 +00:00
|
|
|
test.vm.provision :file, run: 'always', source: ENV['TEST_UNITFILE_ROOTFULL'], destination: 'k3s-rootfull.service'
|
|
|
|
test.vm.provision :file, run: 'always', source: ENV['TEST_UNITFILE_ROOTLESS'], destination: 'k3s-rootless.service'
|
2021-12-22 20:16:43 +00:00
|
|
|
test.vm.provision 'k3s-prepare', type: "shell", run: ENV['CI'] == 'true' ? 'never' : 'once', privileged: true do |sh|
|
2021-11-15 18:50:38 +00:00
|
|
|
sh.inline = <<~SHELL
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eux -o pipefail
|
|
|
|
|
|
|
|
# Install k3s binary
|
|
|
|
install -vm 755 /vagrant/k3s /usr/local/bin
|
|
|
|
|
|
|
|
# Install k3s SELinux policy
|
2023-04-19 04:48:36 +00:00
|
|
|
dnf install -y https://github.com/k3s-io/k3s-selinux/releases/download/v1.2.stable.2/k3s-selinux-1.2-2.el8.noarch.rpm
|
2021-11-15 18:50:38 +00:00
|
|
|
|
|
|
|
# Install k3s systemd service (not launched here)
|
|
|
|
install -vm 644 -T /home/vagrant/k3s-rootfull.service /etc/systemd/system/k3s-server.service
|
|
|
|
touch /etc/systemd/system/k3s-server.service.env
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
|
|
# Install sonobuoy binary
|
2023-04-19 04:48:36 +00:00
|
|
|
SONOBUOY_VER=0.56.16
|
2023-01-30 21:14:29 +00:00
|
|
|
curl -fsSL https://github.com/vmware-tanzu/sonobuoy/releases/download/v"$SONOBUOY_VER"/sonobuoy_"$SONOBUOY_VER"_linux_amd64.tar.gz | tar xzvC /usr/local/bin sonobuoy
|
2021-11-15 18:50:38 +00:00
|
|
|
|
|
|
|
# [Rootless] Configure sysctl
|
2023-01-30 21:14:29 +00:00
|
|
|
dnf install -y fuse-overlayfs fuse
|
2021-11-15 18:50:38 +00:00
|
|
|
echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/rootless.conf
|
|
|
|
sysctl --system
|
|
|
|
# [Rootless] Enable cgroup v2 delegation
|
|
|
|
mkdir -p /etc/systemd/system/user@.service.d
|
|
|
|
cat <<-EOF > /etc/systemd/system/user@.service.d/delegate.conf
|
|
|
|
[Service]
|
|
|
|
Delegate=yes
|
|
|
|
EOF
|
2023-01-30 21:14:29 +00:00
|
|
|
|
2021-11-15 18:50:38 +00:00
|
|
|
systemctl daemon-reload
|
|
|
|
|
|
|
|
# [Rootless] Enable systemd lingering
|
|
|
|
loginctl enable-linger vagrant
|
|
|
|
|
|
|
|
# [Rootless] Install k3s-rootless systemd service (not launched here)
|
|
|
|
mkdir -p /home/vagrant/.config/systemd/user
|
|
|
|
cp -f /home/vagrant/k3s-rootless.service /home/vagrant/.config/systemd/user/k3s-rootless.service
|
|
|
|
chown -R vagrant:vagrant /home/vagrant/.config
|
|
|
|
SHELL
|
|
|
|
end
|
2023-01-30 21:14:29 +00:00
|
|
|
|
2021-12-22 20:16:43 +00:00
|
|
|
test.vm.provision 'k3s-install', type: 'k3s', run: ENV['CI'] == 'true' ? 'never' : 'once' do |k3s|
|
2021-11-15 18:50:38 +00:00
|
|
|
k3s.args = %w[server]
|
|
|
|
k3s.env = %w[INSTALL_K3S_NAME=server INSTALL_K3S_SKIP_DOWNLOAD=true K3S_TOKEN=vagrant INSTALL_K3S_SKIP_ENABLE=true]
|
2022-08-15 21:31:37 +00:00
|
|
|
k3s.config = <<~YAML
|
|
|
|
disable:
|
|
|
|
- local-storage
|
|
|
|
- metrics-server
|
|
|
|
- servicelb
|
|
|
|
- traefik
|
|
|
|
disable-helm-controller: true
|
|
|
|
disable-network-policy: true
|
|
|
|
write-kubeconfig-mode: '0644'
|
|
|
|
YAML
|
2021-11-15 18:50:38 +00:00
|
|
|
k3s.config_mode = '0644' # side-step https://github.com/k3s-io/k3s/issues/4321
|
|
|
|
end
|
2021-12-22 20:16:43 +00:00
|
|
|
test.vm.provision "k3s-start", type: "shell", run: ENV['CI'] == 'true' ? 'never' : 'once' do |sh|
|
|
|
|
sh.inline = "systemctl start k3s-server"
|
|
|
|
end
|
2021-11-15 18:50:38 +00:00
|
|
|
test.vm.provision "k3s-ready", type: "shell", run: ENV['CI'] == 'true' ? 'never' : 'once' do |sh|
|
|
|
|
sh.env = {
|
|
|
|
:PATH => "/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin",
|
|
|
|
:KUBECONFIG => ENV['TEST_KUBECONFIG'] || '/etc/rancher/k3s/k3s.yaml',
|
|
|
|
}
|
|
|
|
sh.inline = <<~SHELL
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eu -o pipefail
|
|
|
|
echo 'Waiting for node to be ready ...'
|
|
|
|
time timeout 500 bash -c 'while ! (kubectl wait --for condition=ready node/$(hostname) 2>/dev/null); do sleep 5; done'
|
|
|
|
time timeout 500 bash -c 'while ! (kubectl --namespace kube-system rollout status --timeout 10s deploy/coredns 2>/dev/null); do sleep 5; done'
|
|
|
|
SHELL
|
|
|
|
end
|
|
|
|
test.vm.provision "k3s-status", type: "shell", run: ENV['CI'] == 'true' ? 'never' : 'once' do |sh|
|
|
|
|
sh.env = {
|
|
|
|
:PATH => "/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin",
|
|
|
|
:KUBECONFIG => ENV['TEST_KUBECONFIG'] || '/etc/rancher/k3s/k3s.yaml',
|
|
|
|
}
|
|
|
|
sh.inline = <<~SHELL
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eux -o pipefail
|
|
|
|
kubectl get node,all -A -o wide
|
|
|
|
SHELL
|
|
|
|
end
|
|
|
|
test.vm.provision "k3s-sonobuoy", type: "shell", run: ENV['CI'] == 'true' ? 'never' : 'once' do |sh|
|
|
|
|
sh.env = {
|
|
|
|
:PATH => "/usr/local/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin",
|
|
|
|
:KUBECONFIG => ENV['TEST_KUBECONFIG'] || '/etc/rancher/k3s/k3s.yaml',
|
|
|
|
:RESULTS_PATH => ENV['TEST_RESULTS_PATH'] || '.',
|
|
|
|
}
|
|
|
|
sh.inline = <<~SHELL
|
|
|
|
#!/usr/bin/env bash
|
|
|
|
set -eux -o pipefail
|
|
|
|
sonobuoy run --mode=quick --wait
|
|
|
|
sonobuoy retrieve ${RESULTS_PATH}
|
|
|
|
sonobuoy results $(ls -rt ${RESULTS_PATH}/*.tar.gz | tail -1) | grep Status | grep passed
|
|
|
|
SHELL
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
config.vm.provision 'selinux-status', type: 'shell', run: 'once', inline: 'sestatus'
|
|
|
|
|
|
|
|
%w[libvirt virtualbox].each do |p|
|
|
|
|
config.vm.provider p do |v|
|
|
|
|
v.cpus = ENV['TEST_VM_CPUS'] || 2
|
|
|
|
v.memory = ENV['TEST_VM_MEMORY'] || 2048
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|