IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
611b49e42b
freeipa/ipatests/azure/templates/test-jobs.yml
Stanislav Levin 611b49e42b azure: Collect installed packages 
The list of installed packages may be useful for checking the
versions of packages for analysis. Previously, only the newly
installed packages can be observed on Build phase.

This is convenient for experienced users of PR-CI.

Note: the read-only access provided for non-master containers
to be able to execute Azure scripts. The logs are still collected
only on controller.

Only RPM-based collection is implemented for Fedora. By default
nothing is collected.

Users may want to override `installed_packages` function
in the corresponding `ipatests/azure/scripts/variables-DISTRO.sh`.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2021-05-25 10:45:49 +03:00

175 lines
5.6 KiB
YAML
Raw Blame History

steps:
- script: |
set -e
env | sort
displayName: Print Host Enviroment
- script: |
set -e
sudo apt-get update
sudo apt-get install -y \
apparmor-utils \
parallel \
moreutils \
rng-tools \
systemd-coredump \
python3-docker
displayName: Install Host's tests requirements
- script: |
set -e
printf "AppArmor status\n"
sudo aa-status
printf "Disable AppArmor conflicting profiles\n"
sudo aa-disable /etc/apparmor.d/usr.sbin.chronyd
printf "Recheck AppArmor status\n"
sudo aa-status
displayName: Disable AppArmor conflicting profiles on Host
- script: |
set -e
printf "Available entropy: %s\n" $(cat /proc/sys/kernel/random/entropy_avail)
sudo service rng-tools start
sleep 3
printf "Available entropy: %s\n" $(cat /proc/sys/kernel/random/entropy_avail)
displayName: Increase entropy level
- script: |
set -eu
date +'%Y-%m-%d %H:%M:%S' > coredumpctl.time.mark
systemd_conf="/etc/systemd/system.conf"
sudo sed -i 's/^DumpCore=.*/#&/g' "$systemd_conf"
sudo sed -i 's/^DefaultLimitCORE=.*/#&/g' "$systemd_conf"
echo -e 'DumpCore=yes\nDefaultLimitCORE=infinity' | \
sudo tee -a "$systemd_conf" >/dev/null
cat "$systemd_conf"
coredump_conf="/etc/systemd/coredump.conf"
cat "$coredump_conf"
sudo systemctl daemon-reexec
# for ns-slapd debugging
sudo sysctl -w fs.suid_dumpable=1
displayName: Allow coredumps
- template: setup-test-environment.yml
- template: run-test.yml
- script: |
set -eux
free -m
cat /sys/fs/cgroup/memory/memory.memsw.max_usage_in_bytes
cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
cat /proc/sys/vm/swappiness
condition: succeededOrFailed()
displayName: Host's memory statistics
- script: |
set -eu
function emit_warning() {
printf "##vso[task.logissue type=warning]%s\n" "$1"
}
for memory_warn in $(find ${IPA_TESTS_ENV_WORKING_DIR}/*/ -maxdepth 1 -name memory.warnings);
do
env_name="$(basename $(dirname $memory_warn))"
emit_warning "Test env '$env_name' has high memory usage: $(echo '' && cat $memory_warn)"
done
condition: succeededOrFailed()
displayName: Check memory consumption
- script: |
set -eu
HOST_JOURNAL=host_journal.log
HOST_JOURNAL_PATH="${IPA_TESTS_ENV_WORKING_DIR}/${HOST_JOURNAL}.tar.gz"
sudo journalctl -b | tee "$HOST_JOURNAL"
function emit_warning() {
printf "##vso[task.logissue type=warning]%s\n" "$1"
}
printf "AVC:\n"
grep 'AVC apparmor="DENIED"' "$HOST_JOURNAL" && \
emit_warning "There are Host's AVCs. Please, check the logs."
printf "SECCOMP:\n"
grep ' SECCOMP ' "$HOST_JOURNAL" && \
emit_warning "There are reported SECCOMP syscalls. Please, check the logs."
tar -czf "$HOST_JOURNAL_PATH" "$HOST_JOURNAL"
condition: succeededOrFailed()
displayName: Host's systemd journal
- task: PublishTestResults@2
inputs:
testResultsFiles: 'ipa_envs/*/$(CI_RUNNER_LOGS_DIR)/nosetests.xml'
testRunTitle: $(System.JobIdentifier) results
condition: succeededOrFailed()
- script: |
set -eu
# check the host first, containers cores were dumped here
COREDUMPS_SUBDIR="coredumps"
COREDUMPS_DIR="${IPA_TESTS_ENV_WORKING_DIR}/${COREDUMPS_SUBDIR}"
rm -rfv "$COREDUMPS_DIR" ||:
mkdir "$COREDUMPS_DIR"
since_time="$(cat coredumpctl.time.mark || echo '-1h')"
sudo coredumpctl --no-pager --since="$since_time" list ||:
pids="$(sudo coredumpctl --no-pager --since="$since_time" -F COREDUMP_PID || echo '')"
# nothing to dump
[ -z "$pids" ] && exit 0
# continue in container
HOST_JOURNAL="/var/log/host_journal"
CONTAINER_COREDUMP="dump_cores"
docker create --privileged \
-v "$(realpath coredumpctl.time.mark)":/coredumpctl.time.mark:ro \
-v /var/lib/systemd/coredump:/var/lib/systemd/coredump:ro \
-v /var/log/journal:"$HOST_JOURNAL":ro \
-v "${BUILD_REPOSITORY_LOCALPATH}":"${IPA_TESTS_REPO_PATH}" \
--name "$CONTAINER_COREDUMP" freeipa-azure-builder
docker start "$CONTAINER_COREDUMP"
docker exec -t \
--env IPA_TESTS_REPO_PATH="${IPA_TESTS_REPO_PATH}" \
--env IPA_TESTS_SCRIPTS="${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}" \
--env IPA_PLATFORM="${IPA_PLATFORM}" \
"$CONTAINER_COREDUMP" \
/bin/bash --noprofile --norc -eux \
"${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}/install-debuginfo.sh"
docker exec -t \
--env IPA_TESTS_REPO_PATH="${IPA_TESTS_REPO_PATH}" \
--env COREDUMPS_SUBDIR="$COREDUMPS_SUBDIR" \
--env HOST_JOURNAL="$HOST_JOURNAL" \
"$CONTAINER_COREDUMP" \
/bin/bash --noprofile --norc -eux \
"${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}/dump_cores.sh"
# there should be no crashes
exit 1
condition: succeededOrFailed()
displayName: Check for coredumps
- script: |
set -e
artifacts_ignore_path="${IPA_TESTS_ENV_WORKING_DIR}/.artifactignore"
cat > "$artifacts_ignore_path" <<EOF
**/*
!coredumps/*.core.tar.gz
!coredumps/*.stacktrace.tar.gz
!*/logs/**
!*/*.yml
!*/*.yaml
!*/*.log
!*/systemd_boot_logs/*.log
!*/installed_packages/*.log
!*/memory.stats
!*.tar.gz
EOF
cat "$artifacts_ignore_path"
condition: succeededOrFailed()
displayName: Generating artifactignore file
- template: save-test-artifacts.yml
parameters:
logsArtifact: logs-$(System.JobIdentifier)-$(Build.BuildId)-$(System.StageAttempt)-$(System.PhaseAttempt)-$(System.JobPositionInPhase)-$(Agent.OS)-$(Agent.OSArchitecture)
Reference in New Issue View Git Blame Copy Permalink