forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
/
test-jobs.yml
209 lines (182 loc) · 6.45 KB
/
test-jobs.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
steps:
- script: |
set -e
env | sort
displayName: Print Host Enviroment
- script: |
set -e
sudo apt list --installed
displayName: Show Host's installed packages
- script: |
set -e
sudo apt-get update
sudo apt-get install -y \
apparmor-utils \
parallel \
moreutils \
rng-tools \
systemd-coredump \
python3-docker
displayName: Install Host's tests requirements
- script: |
set -e
sudo systemctl
displayName: Show Host's systemd status
- script: |
set -e
# most of the time systemd killed hostnamed with SIGKILL on timeout
# kill without waiting for graceful termination
sudo systemctl kill -s SIGKILL azsecd ||:
sudo systemctl disable --now azsecmond ||:
sudo systemctl disable --now azsecd ||:
sudo systemctl disable --now clamav-freshclam ||:
displayName: Disable azsec services (clamav)
- script: |
set -e
printf "AppArmor status\n"
sudo aa-status
printf "Disable AppArmor conflicting profiles\n"
sudo aa-disable /etc/apparmor.d/usr.sbin.chronyd
printf "Recheck AppArmor status\n"
sudo aa-status
displayName: Disable AppArmor conflicting profiles on Host
- script: |
set -e
printf "Available entropy: %s\n" $(cat /proc/sys/kernel/random/entropy_avail)
sudo service rng-tools start
sleep 3
printf "Available entropy: %s\n" $(cat /proc/sys/kernel/random/entropy_avail)
displayName: Increase entropy level
- script: |
set -eu
date +'%Y-%m-%d %H:%M:%S' > coredumpctl.time.mark
systemd_conf="/etc/systemd/system.conf"
sudo sed -i 's/^DumpCore=.*/#&/g' "$systemd_conf"
sudo sed -i 's/^DefaultLimitCORE=.*/#&/g' "$systemd_conf"
echo -e 'DumpCore=yes\nDefaultLimitCORE=infinity' | \
sudo tee -a "$systemd_conf" >/dev/null
cat "$systemd_conf"
coredump_conf="/etc/systemd/coredump.conf"
cat "$coredump_conf"
sudo systemctl daemon-reexec
# for ns-slapd debugging
sudo sysctl -w fs.suid_dumpable=1
displayName: Allow coredumps
- template: setup-test-environment.yml
- script: |
set -eu
sudo top -b -o +%MEM n 1
displayName: Show Host's top
- script: |
set -eu
sudo ps -auxf
displayName: Show Host's processes
- template: run-test.yml
- script: |
set -eux
free -m
cat /sys/fs/cgroup/memory/memory.memsw.max_usage_in_bytes
cat /sys/fs/cgroup/memory/memory.max_usage_in_bytes
cat /proc/sys/vm/swappiness
condition: succeededOrFailed()
displayName: Host's memory statistics
- script: |
set -eu
function emit_warning() {
printf "##vso[task.logissue type=warning]%s\n" "$1"
}
for memory_warn in $(find ${IPA_TESTS_ENV_WORKING_DIR}/*/ -maxdepth 1 -name memory.warnings);
do
env_name="$(basename $(dirname $memory_warn))"
emit_warning "Test env '$env_name' has high memory usage: $(echo '' && cat $memory_warn)"
done
condition: succeededOrFailed()
displayName: Check memory consumption
- script: |
set -eu
HOST_JOURNAL=host_journal.log
HOST_JOURNAL_PATH="${IPA_TESTS_ENV_WORKING_DIR}/${HOST_JOURNAL}.tar.gz"
sudo journalctl -b | tee "$HOST_JOURNAL"
function emit_warning() {
printf "##vso[task.logissue type=warning]%s\n" "$1"
}
printf "AVC:\n"
grep 'AVC apparmor="DENIED"' "$HOST_JOURNAL" && \
emit_warning "There are Host's AVCs. Please, check the logs."
printf "SECCOMP:\n"
grep ' SECCOMP ' "$HOST_JOURNAL" && \
emit_warning "There are reported SECCOMP syscalls. Please, check the logs."
tar -czf "$HOST_JOURNAL_PATH" "$HOST_JOURNAL"
condition: succeededOrFailed()
displayName: Host's systemd journal
- task: PublishTestResults@2
inputs:
testResultsFiles: 'ipa_envs/*/$(CI_RUNNER_LOGS_DIR)/nosetests.xml'
testRunTitle: $(System.JobIdentifier) results
condition: succeededOrFailed()
- script: |
set -eu
# check the host first, containers cores were dumped here
COREDUMPS_SUBDIR="coredumps"
COREDUMPS_DIR="${IPA_TESTS_ENV_WORKING_DIR}/${COREDUMPS_SUBDIR}"
rm -rfv "$COREDUMPS_DIR" ||:
mkdir "$COREDUMPS_DIR"
since_time="$(cat coredumpctl.time.mark || echo '-1h')"
sudo coredumpctl --no-pager --since="$since_time" list ||:
pids="$(sudo coredumpctl --no-pager --since="$since_time" -F COREDUMP_PID || echo '')"
# nothing to dump
[ -z "$pids" ] && exit 0
# continue in container
HOST_JOURNAL="/var/log/host_journal"
CONTAINER_COREDUMP="dump_cores"
docker create --privileged \
-v "$(realpath coredumpctl.time.mark)":/coredumpctl.time.mark:ro \
-v /var/lib/systemd/coredump:/var/lib/systemd/coredump:ro \
-v /var/log/journal:"$HOST_JOURNAL":ro \
-v "${BUILD_REPOSITORY_LOCALPATH}":"${IPA_TESTS_REPO_PATH}" \
--name "$CONTAINER_COREDUMP" freeipa-azure-builder
docker start "$CONTAINER_COREDUMP"
docker exec -t \
"$CONTAINER_COREDUMP" \
/bin/bash --noprofile --norc -eux \
"${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}/wait-for-systemd.sh"
docker exec -t \
--env IPA_TESTS_REPO_PATH="${IPA_TESTS_REPO_PATH}" \
--env IPA_TESTS_SCRIPTS="${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}" \
--env IPA_PLATFORM="${IPA_PLATFORM}" \
"$CONTAINER_COREDUMP" \
/bin/bash --noprofile --norc -eux \
"${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}/install-debuginfo.sh"
docker exec -t \
--env IPA_TESTS_REPO_PATH="${IPA_TESTS_REPO_PATH}" \
--env COREDUMPS_SUBDIR="$COREDUMPS_SUBDIR" \
--env HOST_JOURNAL="$HOST_JOURNAL" \
"$CONTAINER_COREDUMP" \
/bin/bash --noprofile --norc -eux \
"${IPA_TESTS_REPO_PATH}/${IPA_TESTS_SCRIPTS}/dump_cores.sh"
# there should be no crashes
exit 1
condition: succeededOrFailed()
displayName: Check for coredumps
- script: |
set -e
artifacts_ignore_path="${IPA_TESTS_ENV_WORKING_DIR}/.artifactignore"
cat > "$artifacts_ignore_path" <<EOF
**/*
!coredumps/*.core.tar.gz
!coredumps/*.stacktrace.tar.gz
!*/logs/**
!*/*.yml
!*/*.yaml
!*/*.log
!*/systemd_boot_logs/*.log
!*/installed_packages/*.log
!*/memory.stats
!*.tar.gz
EOF
cat "$artifacts_ignore_path"
condition: succeededOrFailed()
displayName: Generating artifactignore file
- template: save-test-artifacts.yml
parameters:
logsArtifact: logs-$(System.JobIdentifier)-$(Build.BuildId)-$(System.StageAttempt)-$(System.PhaseAttempt)-$(System.JobPositionInPhase)-$(Agent.OS)-$(Agent.OSArchitecture)