[WIP] Booting/testing something in CI

.circleci/config.yml

@@ -4,7 +4,7 @@ linuxkit_pkg_build: &linuxkit_pkg_build
   steps:
     - run:
         name: Configure $PATH
-        command: echo 'export PATH=/workspace/bin:$PATH' >> $BASH_ENV
+        command: echo 'export PATH=/workspace/bin-Linux:$PATH' >> $BASH_ENV
     - run:
         name: Install packages
         # ca-certificates are needed for attach_workspace (and git over https)
@@ -38,7 +38,7 @@ image_build: &image_build
   steps:
     - run:
         name: Configure $PATH
-        command: echo 'export PATH=/workspace/bin:$PATH' >> $BASH_ENV
+        command: echo 'export PATH=/workspace/bin-Linux:$PATH' >> $BASH_ENV
     - run:
         name: Install packages
         # ca-certificates are needed for attach_workspace (and git over https)
@@ -83,9 +83,73 @@ image_build: &image_build
         name: Build images
         command: |
           mkdir -p /workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK
-          # KUBE_FORMATS="iso-efi iso-bios" are much slower (especially for RUNTIME=docker) to build than tar.
-          # So for now just build tar files.
-          make KUBE_FORMATS="tar" master node
+          make KUBE_FORMATS="iso-bios" master node
+          mv kube-master*.iso kube-node*.iso /workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK
+    - persist_to_workspace:
+        root: /workspace
+        paths: images
+
+image_boot: &image_boot
+  #machine:
+  #  enabled: true
+  #  image: circleci/classic:latest # default Ubuntu 14.04 image
+  macos:
+    xcode: "9.0"
+  steps:
+    - run:
+        name: Configure $PATH
+        #command: echo 'export PATH=~/workspace/bin-Linux:$PATH' >> $BASH_ENV
+        command: echo 'export PATH=~/workspace/bin-Darwin:$PATH' >> $BASH_ENV
+    - run:
+        name: Install packages
+        # ca-certificates are needed for attach_workspace (and git over https)
+        #command: sudo apt-get update && sudo apt-get install -y ca-certificates curl expect git make openssh-client procps qemu xorriso
+        command: brew install xorriso
+    - attach_workspace:
+        at: ~/workspace
+    - checkout
+    - run:
+        name: Versions
+        command: |
+          set -x
+          ~/workspace/bin-Darwin/linuxkit version
+          ~/workspace/bin-Darwin/vpnkit version
+    - run:
+        name: Test boot
+        command: |
+          set -x
+          # Add ssh keys to the image.
+          # TODO could this be integrated into linuxkit/mkimage-iso-*
+          # such that all those options do not need to be repeated
+          # here? e.g. perhaps this could be made to work:
+          # - Create tar with /root/.ssh/authorized_keys=~/workspace/ssh/id_rsa.pub in it
+          # - cat $tar | docker run -v ~/workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK/kube-master.iso:/input.iso linuxkit/mkimage-iso-bios -add-to /input.iso
+          #
+          # Compared with the options used i nmkimage-iso-bios to
+          # build the original dropped -J -joliet-long since xorriso
+          # is more particular about it than genisoimage producing
+          # lots of:
+          #
+          #   Cannot add /bin/ls to Joliet tree. Symlinks can only be added to a Rock Ridge tree.
+
+          id_rsa=~/workspace/ssh/id_rsa.pub
+          xorriso -indev ~/workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK/kube-master.iso \
+                  -outdev kube-master.iso \
+                  -as genisoimage \
+                    -l -R \
+                    -c isolinux/boot.cat \
+                    -b isolinux/isolinux.bin \
+                    -no-emul-boot \
+                    -boot-load-size 4 \
+                    -boot-info-table \
+                    -input-charset utf8 \
+                  -- \
+                  -pathspecs on \
+                  -add /root/.ssh/authorized_keys=$id_rsa
+
+          #cp ~/workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK/kube-{master,node}.iso .
+          #cp ~/workspace/images/kube-$KUBE_RUNTIME-$KUBE_NETWORK/kube-master.iso .
+          SSHOPTS="-i ~/workspace/ssh/id_rsa" ./test.exp
 
 version: 2
 jobs:
@@ -95,48 +159,67 @@ jobs:
     steps:
       - run:
           name: Create workspace
-          command: mkdir -p /workspace/bin
+          command: mkdir -p /workspace/bin-Linux /workspace/bin-Darwin
       - run:
           name: Install packages
-          command: apt-get update && apt-get install -y ca-certificates curl
+          command: apt-get update && apt-get install -y ca-certificates curl openssh-client
       - run:
           name: Fetch binaries
           command: |
+            set -x
             curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-17.06.2-ce.tgz
-            tar xfO /tmp/docker.tgz docker/docker > /workspace/bin/docker
-            curl -fsSL -o /workspace/bin/linuxkit https://362-46932243-gh.circle-artifacts.com/0/linuxkit-linux-amd64
-            curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.7.0/manifest-tool-linux-amd64
-            curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.4.3/notary-Linux-amd64
+            tar xfO /tmp/docker.tgz docker/docker > /workspace/bin-Linux/docker
+            curl -fsSL -o /workspace/bin-Linux/linuxkit https://362-46932243-gh.circle-artifacts.com/0/linuxkit-linux-amd64
+            curl -fsSL -o /workspace/bin-Darwin/linuxkit https://362-46932243-gh.circle-artifacts.com/0/linuxkit-darwin-amd64
+            curl -fsSL -o /workspace/bin-Linux/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.7.0/manifest-tool-linux-amd64
+            curl -fsSL -o /workspace/bin-Linux/notary https://github.com/theupdateframework/notary/releases/download/v0.4.3/notary-Linux-amd64
+
+            curl -fsSL -o /workspace/bin-Darwin/hyperkit https://452-55985023-gh.circle-artifacts.com/0/Users/distiller/hyperkit/build/hyperkit
+            curl -fsSL -o /tmp/vpnkit.tgz https://1066-58395340-gh.circle-artifacts.com/0/Users/distiller/vpnkit/vpnkit.tgz
+            tar xfO /tmp/vpnkit.tgz Contents/Resources/bin/vpnkit > /workspace/bin-Darwin/vpnkit
 
             echo "Downloaded:"
-            sha256sum /workspace/bin/*
+            sha256sum /workspace/bin-Linux/* /workspace/bin-Darwin/*
             echo
 
             echo "Checking checksums"
             sha256sum -c <<EOF
-            6af40e74b2dbb2927882acab52d50bfc72551779d541957fc70b6adc325ee5ef  /workspace/bin/docker
-            b61188823c2491e9a1c16d275e41c68d5736f3f10577d01cb358261ff71bbad6  /workspace/bin/linuxkit
-            e4ca2ef0015a4be8597d31d9e3e70d88da33924ae72b0999e9f3b79304d4710d  /workspace/bin/manifest-tool
-            06cd02c4c2e7a3b1ad9899b03b3d4dde5392d964c675247d32f604a24661f839  /workspace/bin/notary
+            6af40e74b2dbb2927882acab52d50bfc72551779d541957fc70b6adc325ee5ef  /workspace/bin-Linux/docker
+            b61188823c2491e9a1c16d275e41c68d5736f3f10577d01cb358261ff71bbad6  /workspace/bin-Linux/linuxkit
+            908fae1c48122a245ddef8821a530a4c504f267ff1718b0c3688ef6f7aa3b65f  /workspace/bin-Darwin/linuxkit
+            e4ca2ef0015a4be8597d31d9e3e70d88da33924ae72b0999e9f3b79304d4710d  /workspace/bin-Linux/manifest-tool
+            06cd02c4c2e7a3b1ad9899b03b3d4dde5392d964c675247d32f604a24661f839  /workspace/bin-Linux/notary
+            298f650c9dd3ab8907b23f56cb21e33b794a5a8be163bbbcc7cf959112888b80  /workspace/bin-Darwin/hyperkit
+            72e34d9c0bc0a73bfb71f2b572849db5829ca41c3995245145f2e57c8ab40bd2  /workspace/bin-Darwin/vpnkit
             EOF
+      - run:
+          name: Generate SSH Keys
+          command: |
+            mkdir -p /workspace/ssh
+            ssh-keygen -f /workspace/ssh/id_rsa -C "ephemeral CI ssh key" -N ''
       - run:
           name: Versions
           command: |
-             chmod +x /workspace/bin/docker # docker version deferred until daemon configured in relevant jobs
-             chmod +x /workspace/bin/linuxkit && /workspace/bin/linuxkit version
-             chmod +x /workspace/bin/manifest-tool && /workspace/bin/manifest-tool --version
-             chmod +x /workspace/bin/notary && /workspace/bin/notary version
+             chmod +x /workspace/bin-Linux/docker # docker version deferred until daemon configured in relevant jobs
+             chmod +x /workspace/bin-Linux/linuxkit && /workspace/bin-Linux/linuxkit version
+             chmod +x /workspace/bin-Darwin/linuxkit # && /workspace/bin-Darwin/linuxkit version
+             chmod +x /workspace/bin-Linux/manifest-tool && /workspace/bin-Linux/manifest-tool --version
+             chmod +x /workspace/bin-Linux/notary && /workspace/bin-Linux/notary version
+             chmod +x /workspace/bin-Darwin/vpnkit # && /workspace/bin-Darwin/vpnkit version
       - persist_to_workspace:
           root: /workspace
-          paths: bin
+          paths:
+            - bin-Linux
+            - bin-Darwin
+            - ssh
 
   lint:
     docker:
       - image: debian:stretch
     steps:
       - run:
           name: Configure $PATH
-          command: echo 'export PATH=/workspace/bin:$PATH' >> $BASH_ENV
+          command: echo 'export PATH=/workspace/bin-Linux:$PATH' >> $BASH_ENV
       - run:
           name: Install packages
           # ca-certificates are needed for attach_workspace (and git over https)
@@ -196,36 +279,60 @@ jobs:
     <<: *linuxkit_pkg_build
   pkg-cri-containerd:
     <<: *linuxkit_pkg_build
-  pkg-kube-e2e-test:
-    <<: *linuxkit_pkg_build
+  #pkg-kube-e2e-test:
+  #  <<: *linuxkit_pkg_build
 
-  pkg-kubernetes-docker-image-cache-common:
-    <<: *linuxkit_pkg_build
-  pkg-kubernetes-docker-image-cache-control-plane:
-    <<: *linuxkit_pkg_build
+  #pkg-kubernetes-docker-image-cache-common:
+  #  <<: *linuxkit_pkg_build
+  #pkg-kubernetes-docker-image-cache-control-plane:
+  #  <<: *linuxkit_pkg_build
 
-  image-docker-weave:
-    <<: *image_build
-    # Needs to be configured/enabled by CircleCI person
-    #resource_class: large
-    environment:
-      - KUBE_RUNTIME: docker
-      - KUBE_NETWORK: weave
-  image-docker-bridge:
-    <<: *image_build
-    # Needs to be configured/enabled by CircleCI person
-    #resource_class: large
-    environment:
-      - KUBE_RUNTIME: docker
-      - KUBE_NETWORK: bridge
+  #image-docker-weave:
+  #  <<: *image_build
+  #  # Needs to be configured/enabled by CircleCI person
+  #  #resource_class: large
+  #  environment:
+  #    - KUBE_RUNTIME: docker
+  #    - KUBE_NETWORK: weave
+  #image-docker-bridge:
+  #  <<: *image_build
+  #  # Needs to be configured/enabled by CircleCI person
+  #  #resource_class: large
+  #  environment:
+  #    - KUBE_RUNTIME: docker
+  #    - KUBE_NETWORK: bridge
 
-  image-cri-containerd-weave:
+  #image-cri-containerd-weave:
+  #  <<: *image_build
+  #  environment:
+  #    - KUBE_RUNTIME: cri-containerd
+  #    - KUBE_NETWORK: weave
+  image-cri-containerd-bridge:
     <<: *image_build
     environment:
       - KUBE_RUNTIME: cri-containerd
-      - KUBE_NETWORK: weave
-  image-cri-containerd-bridge:
-    <<: *image_build
+      - KUBE_NETWORK: bridge
+
+  #boot-docker-weave:
+  #  <<: *image_boot
+  #  environment:
+  #    - KUBE_RUNTIME: docker
+  #    - KUBE_NETWORK: weave
+
+  #boot-docker-bridge:
+  #  <<: *image_boot
+  #  environment:
+  #    - KUBE_RUNTIME: docker
+  #    - KUBE_NETWORK: bridge
+
+  #boot-cri-containerd-weave:
+  #  <<: *image_boot
+  #  environment:
+  #    - KUBE_RUNTIME: cri-containerd
+  #    - KUBE_NETWORK: weave
+
+  boot-cri-containerd-bridge:
+    <<: *image_boot
     environment:
       - KUBE_RUNTIME: cri-containerd
       - KUBE_NETWORK: bridge
@@ -236,7 +343,7 @@ jobs:
     steps:
       - run:
           name: Configure $PATH
-          command: echo 'export PATH=/workspace/bin:$PATH' >> $BASH_ENV
+          command: echo 'export PATH=/workspace/bin-Linux:$PATH' >> $BASH_ENV
       - run:
           name: Install packages
           # ca-certificates are needed for attach_workspace (and git over https)
@@ -268,6 +375,8 @@ jobs:
                 exit 0
             fi
 
+            false # Debug branch, not expected to get this far
+
             docker login -u $DOCKER_USER -p $DOCKER_PASS
             mkdir -p ~/.docker/trust/private
             cp .circleci/content-trust.key ~/.docker/trust/private/b056f84873aa0be205dfe826afa6e7458120c9569dd19a2a84154498fb1165d5.key
@@ -293,39 +402,55 @@ workflows:
       - pkg-cri-containerd:
           requires:
             - dependencies
-      - pkg-kube-e2e-test:
-          requires:
-            - dependencies
-      - pkg-kubernetes-docker-image-cache-common:
-          requires:
-            - dependencies
-      - pkg-kubernetes-docker-image-cache-control-plane:
-          requires:
-            - dependencies
+      #- pkg-kube-e2e-test:
+      #    requires:
+      #      - dependencies
+      #- pkg-kubernetes-docker-image-cache-common:
+      #    requires:
+      #      - dependencies
+      #- pkg-kubernetes-docker-image-cache-control-plane:
+      #    requires:
+      #      - dependencies
 
-      - image-docker-weave:
-          requires:
-            - dependencies
-            - pkg-kubelet
-            - pkg-kubernetes-docker-image-cache-common
-            - pkg-kubernetes-docker-image-cache-control-plane
-      - image-docker-bridge:
-          requires:
-            - dependencies
-            - pkg-kubelet
-            - pkg-kubernetes-docker-image-cache-common
-            - pkg-kubernetes-docker-image-cache-control-plane
-      - image-cri-containerd-weave:
-          requires:
-            - dependencies
-            - pkg-kubelet
-            - pkg-cri-containerd
+      #- image-docker-weave:
+      #    requires:
+      #      - dependencies
+      #      - pkg-kubelet
+      #      - pkg-kubernetes-docker-image-cache-common
+      #      - pkg-kubernetes-docker-image-cache-control-plane
+      #- image-docker-bridge:
+      #    requires:
+      #      - dependencies
+      #      - pkg-kubelet
+      #      - pkg-kubernetes-docker-image-cache-common
+      #      - pkg-kubernetes-docker-image-cache-control-plane
+      #- image-cri-containerd-weave:
+      #    requires:
+      #      - dependencies
+      #      - pkg-kubelet
+      #      - pkg-cri-containerd
       - image-cri-containerd-bridge:
           requires:
             - dependencies
             - pkg-kubelet
             - pkg-cri-containerd
 
+      #- boot-docker-weave:
+      #    requires:
+      #      - image-docker-weave
+
+      #- boot-docker-bridge:
+      #    requires:
+      #      - image-docker-bridge
+
+      #- boot-cri-containerd-weave:
+      #    requires:
+      #      - image-cri-containerd-weave
+
+      - boot-cri-containerd-bridge:
+          requires:
+            - image-cri-containerd-bridge
+
       - push-pkgs-to-hub:
           # We want everything to have passed, which is a bit
           # tedious. Some of these are already covered transitively,
@@ -334,10 +459,14 @@ workflows:
             - lint
             - pkg-kubelet
             - pkg-cri-containerd
-            - pkg-kube-e2e-test
-            - pkg-kubernetes-docker-image-cache-common
-            - pkg-kubernetes-docker-image-cache-control-plane
-            - image-docker-weave
-            - image-docker-bridge
-            - image-cri-containerd-weave
+            #- pkg-kube-e2e-test
+            #- pkg-kubernetes-docker-image-cache-common
+            #- pkg-kubernetes-docker-image-cache-control-plane
+            #- image-docker-weave
+            #- image-docker-bridge
+            #- image-cri-containerd-weave
             - image-cri-containerd-bridge
+            #- boot-docker-weave
+            #- boot-docker-bridge
+            #- boot-cri-containerd-weave
+            - boot-cri-containerd-bridge

Makefile

@@ -15,6 +15,8 @@ KUBE_FORMAT_ARGS := $(patsubst %,-format %,$(KUBE_FORMATS))
 all: master node
 
 master: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_RUNTIME)-master.yml yml/$(KUBE_NETWORK).yml
+	# strace logs received signals
+	#strace -f -e trace=signal
 	linuxkit $(LINUXKIT_ARGS) build $(LINUXKIT_BUILD_ARGS) -name kube-master $(KUBE_FORMAT_ARGS) $^
 
 node: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_NETWORK).yml