Ubuntu
autopkgtest package

add lxd backend

Bug #1519677 reported by Martin Pitt
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
autopkgtest (Ubuntu)
Fix Released
Wishlist
Martin Pitt
Ubuntu ubuntu-15.12

Bug Description

LXD is the direction that the LXC project is moving towards, and it has several nice features that are helpful for autopkgtest: fast container creation with intelligent caching, support for local images (with autopkgtest modifications), and seamless support for remote containers.

We need the latter for moving armhf testing into Scalingstack, as we don't have native armhf support there. We can create a big semi-permanent arm64 instance and then create armhf lxd containers in that, and talk to them from the autopkgtest controller node in ProdStack using the arm64 instance as a remote. This cannot be done with either the ssh runner (that would need some rather complicated setup script) nor the lxc runner (I tried wrapping ssh around it, but the extra level of shell processing/quoting breaks stuff).

Tags: patch
Martin Pitt (pitti)
Changed in autopkgtest (Ubuntu):
status: New → Triaged
importance: Undecided → Wishlist
assignee: nobody → Martin Pitt (pitti)
milestone: none → ubuntu-15.12
Revision history for this message
Martin Pitt (pitti) wrote :

Some tests need to mount /proc (like pbuilder) or do bind mounts (like nested LXC), so we need to relax the restrictions. As lxd containers are unprivileged, the extra apparmor profile is merely a fallback security layer; users should not be able to do any harm to the host in an unpriv container.

Create profile without AppArmor:

  lxc profile create autopkgtest
  lxc profile show default | sed '/^name:/ s/default/autopkgtest/' | lxc profile edit autopkgtest
  lxc profile set autopkgtest raw.lxc lxc.aa_profile=unconfined

Start containers with:

   lxc launch images:ubuntu/xenial/amd64 x1 --profile autopkgtest

In that container bind mounts and mounting proc etc. works.

Revision history for this message
Martin Pitt (pitti) wrote :

Alternatively, the config can be set on launch directly:

  lxc launch images:ubuntu/xenial/amd64 x1 --config raw.lxc=lxc.aa_profile=unconfined

Martin Pitt (pitti)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

Parking the work in progress here, to avoid it getting lost. This now works for some basic use cases, but more complex ones and most of the tests currently fail due to 'lxc exec' not maintaining stdout+stderr and mangling line endings.

Ubuntu Foundations Team Bug Bot (crichton)
tags: added: patch
Martin Pitt (pitti)
Changed in autopkgtest (Ubuntu):
status: Triaged → In Progress
description: updated
Revision history for this message
Martin Pitt (pitti) wrote :

This is now working rather nicely, and landed in master.

Changed in autopkgtest (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package autopkgtest - 3.19

---------------
autopkgtest (3.19) unstable; urgency=medium

  New features/behaviour changes:
  * Add adt-virt-lxd runner for LXD. (LP: #1519677)
  * Add adt-build-lxd tool for building or updating an LXD image with
    standard autopkgtest customizations applied. This is similar to
    adt-build-lxc.
  * Unify test bed setup scripts for VMs (adt-setup-vm), containers (in
    adt-build-lxc) and cloud (setup-commands/cloud-vm-setup) into a common
    script setup-commands/setup-testbed. This will work both for image
    building (VM, cloud, LXC, LXD) and as --setup-commands (in which case some
    actions are skipped).
  * setup-commands/setup-testbed: Clean up many more packages. Only do this
    when building an image, to avoid accidentally destroying testbeds which
    are not minimal autopkgtest ones.
  * Make --env apply to package builds too. With that you can e. g. set
    DEB_BUILD_OPTIONS.
  * Add new action type --git-source which installs git (unless already
    present), checks out a remote branch, and then behaves like
    --unbuilt-tree.
  * adt-virt-lxc.1: Mention adt-build-lxc in "Requirements".

  Bug fixes:
  * If apt-get fails when installing test dependencies and apt
    pinning is in use, also retry without pinning. This was already done in
    the case of apt-get succeeding but removing our "satdep" dummy package
    (the common case), but this does not cover upgrades of Priority: >=
    important packages which make apt-get exit with non-zero.
  * Set $TERM in testbed to the host's value when starting an interactive
    shell in the testbed. This fixes broken shells with the LXC/LXD runners.

 -- Martin Pitt <email address hidden> Thu, 17 Dec 2015 16:45:54 +0100

Changed in autopkgtest (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.