swghosh · September 3, 2022 08:31
diff --git a/crio_build_and_ignite_k8s_node_e2e.sh b/crio_build_and_ignite_k8s_node_e2e.sh
 #!/usr/bin/env bash
 set -eou pipefail

 # Set these variables

 # cri-o repo dir- path to cri-o source
 CRIO_DIR=~/repositories/cri-o
 # ignition dir- output directory for generated ignition config
 IGNITION_OUT_DIR=~/Desktop
 # evented pleg- use 0/1 as it's value depending upon whether crio binary should be started with --evented_pleg flag or not
 EVENTED_PLEG=0
 # bucket name- should be name of a valid GCS bucket with upload permission and public read access set up
 GCS_BUCKET_NAME=swghosh-crio 
 # service account- can be skipped (left blank) if gcloud is setup with auth properly
 GCS_CRIO_SA=

 # -------------
 cd $CRIO_DIR
 sudo -E make clean

 make bin/pinns

 sudo -E make build-static
 sudo cp -r bin/static bin/static-amd64
 sudo chown `whoami` -R bin/static-amd64

 make docs
 make crio.conf

 make bundle

 export GCS_CRIO_SA
 export GCS_BUCKET_NAME
 UPLOAD_ARTIFACTS_SCRIPT_PATH=/tmp/upload-artifacts.sh
 curl --fail --retry 5 --retry-delay 3 --silent --show-error -o $UPLOAD_ARTIFACTS_SCRIPT_PATH https://storage.googleapis.com/swghosh-crio/crio-upload-artifacts.sh
 bash $UPLOAD_ARTIFACTS_SCRIPT_PATH

 # # latest crio build
 GIT_BRANCH=`git branch --show-current`
 CRIO_TAR_FILE_PATH=`ls -t build/bundle/cri-o.amd64*.tar.gz | head -1`
 CRIO_SHA=`echo $CRIO_TAR_FILE_PATH | sed 's/build\/bundle\/cri-o.amd64.//' | sed 's/.tar.gz//'`

 if cat latest-$GIT_BRANCH.txt | grep $CRIO_SHA
 then
    echo "verified SHA id matches"
 fi

 RAND_ID=crio-`whoami`-`date +"%Y%m%d"`-`echo $RANDOM | md5sum | head -c 8`

 OUTPUT_SHELL_SCRIPT=node_e2e_installer-$RAND_ID.sh
 OUTPUT_SHELL_SCRIPT_PATH=/tmp/$OUTPUT_SHELL_SCRIPT
 cat <<END > $OUTPUT_SHELL_SCRIPT_PATH
 #!/usr/bin/env bash
 set -euo pipefail

 # Commit to run upstream node e2e tests
 NODE_E2E_COMMIT=`echo ${CRIO_SHA}`

 enable_selinux() {
    # Make sure SELinux is enabled
    setenforce 1

    # Get the SELinux package
    curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /tmp/kubelet-e2e.pp https://storage.googleapis.com/cri-o/selinux/kubelet-e2e.pp
    semodule -i /tmp/kubelet-e2e.pp
 }

 install_crio() {
    # Download and install CRIO
    curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /usr/local/crio-install.sh https://storage.googleapis.com/swghosh-crio/crio-get-script.sh
    bash /usr/local/crio-install.sh -t "\$NODE_E2E_COMMIT" -b `echo ${GCS_BUCKET_NAME}`

    # Setup SELinux labels
    mkdir -p /var/lib/kubelet
    chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet

    mount /tmp /tmp -o remount,exec,suid

    # Remove unwanted cni configuration files
    rm -f /etc/cni/net.d/87-podman-bridge.conflist

    # Setup log level
    echo "CONTAINER_LOG_LEVEL=debug" >>/etc/sysconfig/crio

    cat <<EOF >/etc/crio/crio.conf.d/10-crun.conf
 [crio.runtime]
 [crio.runtime.runtimes]
 [crio.runtime.runtimes.test-handler]
 EOF

    cat <<EOF >/etc/crio/crio.conf.d/20-runc.conf
 [crio.runtime]
 default_runtime = "runc"
 [crio.runtime.runtimes]
 [crio.runtime.runtimes.runc]
 EOF

    cat <<EOF >/etc/crio/crio.conf.d/30-infra-container.conf
 [crio.runtime]
 drop_infra_ctr = false
 EOF

    cat <<EOF >/etc/crio/crio.conf.d/40-evented-pleg.conf
 [crio.runtime]
 evented_pleg = true
 EOF
 `test ${EVENTED_PLEG} -eq 1 && echo '' || echo 'rm -rf /etc/crio/crio.conf.d/40-evented-pleg.conf'`

 }

 enable_selinux

 install_crio

 # Finally start crio
 systemctl enable crio.service
 systemctl start crio.service
 END

 gsutil cp $OUTPUT_SHELL_SCRIPT_PATH gs://$GCS_BUCKET_NAME/$OUTPUT_SHELL_SCRIPT

 GCS_E2E_INSTALLER_SCRIPT_URL=https://storage.googleapis.com/$GCS_BUCKET_NAME/$OUTPUT_SHELL_SCRIPT
 IGN_FILE_PATH=$IGNITION_OUT_DIR/$RAND_ID.ign

 cat <<EOF > $IGN_FILE_PATH
 {
  "ignition": {
    "version": "3.3.0"
  },
  "kernelArguments": {
    "shouldExist": [
      "systemd.unified_cgroup_hierarchy=0"
    ]
  },
  "storage": {
    "files": [
      {
        "path": "/etc/zincati/config.d/90-disable-auto-updates.toml",
        "contents": {
          "source": "data:,%5Bupdates%5D%0Aenabled%20%3D%20false%0A"
        },
        "mode": 420
      }
    ]
  },
  "systemd": {
    "units": [
      {
        "contents": "[Unit]\nDescription=Download and install dbus-tools.\nBefore=crio-install.service\nAfter=network-online.target\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive dbus-tools\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "dbus-tools-install.service"
      },
      {
        "contents": "[Unit]\nDescription=Download and install crio binaries and configurations.\nAfter=network-online.target\n\n[Service]\nType=oneshot\nExecStartPre=/usr/bin/bash -c '/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /usr/local/crio-nodee2e-installer.sh  `echo ${GCS_E2E_INSTALLER_SCRIPT_URL}`; ln -s /usr/bin/runc /usr/local/bin/runc'\nExecStart=/usr/bin/bash /usr/local/crio-nodee2e-installer.sh\n\n[Install]\nWantedBy=multi-user.target\n",
        "enabled": true,
        "name": "crio-install.service"
      }
    ]
  }
 }
 EOF

 echo "Written custom cri-o ignition file to $IGN_FILE_PATH"
	#!/usr/bin/env bash
	set -eou pipefail

	# Set these variables

	# cri-o repo dir- path to cri-o source
	CRIO_DIR=~/repositories/cri-o
	# ignition dir- output directory for generated ignition config
	IGNITION_OUT_DIR=~/Desktop
	# evented pleg- use 0/1 as it's value depending upon whether crio binary should be started with --evented_pleg flag or not
	EVENTED_PLEG=0
	# bucket name- should be name of a valid GCS bucket with upload permission and public read access set up
	GCS_BUCKET_NAME=swghosh-crio
	# service account- can be skipped (left blank) if gcloud is setup with auth properly
	GCS_CRIO_SA=

	# -------------
	cd $CRIO_DIR
	sudo -E make clean

	make bin/pinns

	sudo -E make build-static
	sudo cp -r bin/static bin/static-amd64
	sudo chown `whoami` -R bin/static-amd64

	make docs
	make crio.conf

	make bundle

	export GCS_CRIO_SA
	export GCS_BUCKET_NAME
	UPLOAD_ARTIFACTS_SCRIPT_PATH=/tmp/upload-artifacts.sh
	curl --fail --retry 5 --retry-delay 3 --silent --show-error -o $UPLOAD_ARTIFACTS_SCRIPT_PATH https://storage.googleapis.com/swghosh-crio/crio-upload-artifacts.sh
	bash $UPLOAD_ARTIFACTS_SCRIPT_PATH

	# # latest crio build
	GIT_BRANCH=`git branch --show-current`
	CRIO_TAR_FILE_PATH=`ls -t build/bundle/cri-o.amd64*.tar.gz \| head -1`
	CRIO_SHA=`echo $CRIO_TAR_FILE_PATH \| sed 's/build\/bundle\/cri-o.amd64.//' \| sed 's/.tar.gz//'`

	if cat latest-$GIT_BRANCH.txt \| grep $CRIO_SHA
	then
	echo "verified SHA id matches"
	fi

	RAND_ID=crio-`whoami`-`date +"%Y%m%d"`-`echo $RANDOM \| md5sum \| head -c 8`

	OUTPUT_SHELL_SCRIPT=node_e2e_installer-$RAND_ID.sh
	OUTPUT_SHELL_SCRIPT_PATH=/tmp/$OUTPUT_SHELL_SCRIPT
	cat <<END > $OUTPUT_SHELL_SCRIPT_PATH
	#!/usr/bin/env bash
	set -euo pipefail

	# Commit to run upstream node e2e tests
	NODE_E2E_COMMIT=`echo ${CRIO_SHA}`

	enable_selinux() {
	# Make sure SELinux is enabled
	setenforce 1

	# Get the SELinux package
	curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /tmp/kubelet-e2e.pp https://storage.googleapis.com/cri-o/selinux/kubelet-e2e.pp
	semodule -i /tmp/kubelet-e2e.pp
	}

	install_crio() {
	# Download and install CRIO
	curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /usr/local/crio-install.sh https://storage.googleapis.com/swghosh-crio/crio-get-script.sh
	bash /usr/local/crio-install.sh -t "\$NODE_E2E_COMMIT" -b `echo ${GCS_BUCKET_NAME}`

	# Setup SELinux labels
	mkdir -p /var/lib/kubelet
	chcon -R -u system_u -r object_r -t var_lib_t /var/lib/kubelet

	mount /tmp /tmp -o remount,exec,suid

	# Remove unwanted cni configuration files
	rm -f /etc/cni/net.d/87-podman-bridge.conflist

	# Setup log level
	echo "CONTAINER_LOG_LEVEL=debug" >>/etc/sysconfig/crio

	cat <<EOF >/etc/crio/crio.conf.d/10-crun.conf
	[crio.runtime]
	[crio.runtime.runtimes]
	[crio.runtime.runtimes.test-handler]
	EOF

	cat <<EOF >/etc/crio/crio.conf.d/20-runc.conf
	[crio.runtime]
	default_runtime = "runc"
	[crio.runtime.runtimes]
	[crio.runtime.runtimes.runc]
	EOF

	cat <<EOF >/etc/crio/crio.conf.d/30-infra-container.conf
	[crio.runtime]
	drop_infra_ctr = false
	EOF

	cat <<EOF >/etc/crio/crio.conf.d/40-evented-pleg.conf
	[crio.runtime]
	evented_pleg = true
	EOF
	`test ${EVENTED_PLEG} -eq 1 && echo '' \|\| echo 'rm -rf /etc/crio/crio.conf.d/40-evented-pleg.conf'`

	}

	enable_selinux

	install_crio

	# Finally start crio
	systemctl enable crio.service
	systemctl start crio.service
	END

	gsutil cp $OUTPUT_SHELL_SCRIPT_PATH gs://$GCS_BUCKET_NAME/$OUTPUT_SHELL_SCRIPT

	GCS_E2E_INSTALLER_SCRIPT_URL=https://storage.googleapis.com/$GCS_BUCKET_NAME/$OUTPUT_SHELL_SCRIPT
	IGN_FILE_PATH=$IGNITION_OUT_DIR/$RAND_ID.ign

	cat <<EOF > $IGN_FILE_PATH
	{
	"ignition": {
	"version": "3.3.0"
	},
	"kernelArguments": {
	"shouldExist": [
	"systemd.unified_cgroup_hierarchy=0"
	]
	},
	"storage": {
	"files": [
	{
	"path": "/etc/zincati/config.d/90-disable-auto-updates.toml",
	"contents": {
	"source": "data:,%5Bupdates%5D%0Aenabled%20%3D%20false%0A"
	},
	"mode": 420
	}
	]
	},
	"systemd": {
	"units": [
	{
	"contents": "[Unit]\nDescription=Download and install dbus-tools.\nBefore=crio-install.service\nAfter=network-online.target\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive dbus-tools\n\n[Install]\nWantedBy=multi-user.target\n",
	"enabled": true,
	"name": "dbus-tools-install.service"
	},
	{
	"contents": "[Unit]\nDescription=Download and install crio binaries and configurations.\nAfter=network-online.target\n\n[Service]\nType=oneshot\nExecStartPre=/usr/bin/bash -c '/usr/bin/curl --fail --retry 5 --retry-delay 3 --silent --show-error -o /usr/local/crio-nodee2e-installer.sh `echo ${GCS_E2E_INSTALLER_SCRIPT_URL}`; ln -s /usr/bin/runc /usr/local/bin/runc'\nExecStart=/usr/bin/bash /usr/local/crio-nodee2e-installer.sh\n\n[Install]\nWantedBy=multi-user.target\n",
	"enabled": true,
	"name": "crio-install.service"
	}
	]
	}
	}
	EOF

	echo "Written custom cri-o ignition file to $IGN_FILE_PATH"