diff --git a/.github/workflows/build-snap.yml b/.github/workflows/build-snap.yml index 3448e51ddb0..31ed5d5cae8 100644 --- a/.github/workflows/build-snap.yml +++ b/.github/workflows/build-snap.yml @@ -1,12 +1,17 @@ name: Build MicroK8s snap on PR and push to master on: - push: - branches: - - master - pull_request: - branches: - - master + - push + - pull_request + +### While we work on the strict feature we want the tests to run even if we do put PRs against the master. +### When this work get merged into master the following should be commented in. +# push: +# branches: +# - master +# pull_request: +# branches: +# - master jobs: build: @@ -47,24 +52,80 @@ jobs: - name: Running upgrade path test run: | set -x - sudo -E UPGRADE_MICROK8S_FROM=latest/edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade-path.py - sudo snap remove microk8s --purge - - name: Running addons tests + # Remove the snapd refresh as soon as v2.52 lands + sudo snap refresh snapd --channel=latest/edge + - name: Check branches + run: | + set -x + (cd tests; pytest -s verify-branches.py) + - name: Running addons tests in strict mode run: | set -x - sudo snap install *.snap --classic --dangerous + sudo snap install microk8s.snap --dangerous + sudo ./tests/connect-all-interfaces.sh ./tests/smoke-test.sh export UNDER_TIME_PRESSURE="True" + export SKIP_OPENEBS="True" export SKIP_PROMETHEUS="False" (cd tests; pytest -s verify-branches.py) sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/tests; pytest -s -ra test-addons.py" sudo microk8s enable community sudo -E bash -c "cd /var/snap/microk8s/common/addons/community/tests; pytest -s -ra test-addons.py" + grep -Po "Report tarball is at \K.+" | + sudo xargs -I {} mv {} inspection-report-strict-${{ strategy.job-index }}.tar.gz sudo snap remove microk8s --purge - - name: Running upgrade tests + sudo rm -rf $HOME/.kube + sudo rm -rf $HOME/.config/helm + sudo dmesg | grep 'apparmor="DENIED"' > ./denials-${{ strategy.job-index }}.log + - name: Upload strict inspect tarball + uses: actions/upload-artifact@v2 + with: + name: inspection-report-strict-actions + path: ./inspection-report-strict-${{ strategy.job-index }}.tar.gz + - name: Upload AppArmor denials + uses: actions/upload-artifact@v2 + with: + name: apparmor-denials + path: ./denials-${{ strategy.job-index }}.log + - name: Running addons tests in devmode run: | set -x - sudo snap install *.snap --classic --dangerous + ################ Until devmode of docker-support is fixed we skip this part of the tests ####### + exit 0 + sudo snap install microk8s.snap --devmode --dangerous + sudo ./tests/connect-all-interfaces.sh + ./tests/smoke-test.sh export UNDER_TIME_PRESSURE="True" - sudo -E bash -c "cd /var/snap/microk8s/common/addons/core/ ; UPGRADE_MICROK8S_FROM=latest/edge UPGRADE_MICROK8S_TO=`pwd`/`ls microk8s*.snap` pytest -s ./tests/test-upgrade.py" + export SKIP_OPENEBS="False" + export SKIP_PROMETHEUS="False" + (cd tests; sudo -E pytest -s -ra test-addons.py) + sudo microk8s inspect | + grep -Po "Report tarball is at \K.+" | + sudo xargs -I {} mv {} inspection-report-devmode-${{ strategy.job-index }}.tar.gz sudo snap remove microk8s --purge + - name: Upload devmode inspect tarball + uses: actions/upload-artifact@v2 + with: + name: inspection-report-devmode-actions + path: ./inspection-report-devmode-${{ strategy.job-index }}.tar.gz + - name: Generate AppArmor on failure + run: sudo dmesg | grep 'apparmor="DENIED"' > ./denials-${{ strategy.job-index }}.log + if: failure() + - name: Upload AppArmor denials failure + uses: actions/upload-artifact@v2 + with: + name: apparmor-denials + path: ./denials-${{ strategy.job-index }}.log + if: failure() + - name: Generate inspect tarball + run: > + sudo microk8s inspect | + grep -Po "Report tarball is at \K.+" | + sudo xargs -I {} mv {} inspection-report-fail-${{ strategy.job-index }}.tar.gz + if: failure() + - name: Upload inspect tarball + uses: actions/upload-artifact@v2 + with: + name: inspection-report-actions + path: ./inspection-report-fail-${{ strategy.job-index }}.tar.gz + if: failure() diff --git a/docs/build.md b/docs/build.md index 4aed0073e83..ef905e0804b 100644 --- a/docs/build.md +++ b/docs/build.md @@ -83,9 +83,16 @@ lxc file pull test-build/root/microk8s/microk8s_v1.9.6_amd64.snap . After copying it, you can install it with: ```shell -snap install microk8s_*_amd64.snap --classic --dangerous +sudo snap install microk8s_latest_amd64.snap --dangerous ``` +Finally, you need to connect the interfaces. To this end you can use the `connect-all-interfaces.sh` under the `tests` directory: + +```shell +sudo tests/connect-all-interfaces.sh +``` + + ## Assembling the Calico CNI manifest The calico CNI manifest can be found under `upgrade-scripts/000-switch-to-calico/resources/calico.yaml`. diff --git a/scripts/wrappers/common/cluster/utils.py b/scripts/wrappers/common/cluster/utils.py index 93302e9b448..f575fa188da 100644 --- a/scripts/wrappers/common/cluster/utils.py +++ b/scripts/wrappers/common/cluster/utils.py @@ -29,7 +29,7 @@ def try_set_file_permissions(file): os.chmod(file, 0o660) try: - shutil.chown(file, group="microk8s") + shutil.chown(file, group="snap_microk8s") except LookupError: # not setting the group means only the current user can access the file pass diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml index 4b2528a92ee..ff60092a554 100644 --- a/snap/snapcraft.yaml +++ b/snap/snapcraft.yaml @@ -9,7 +9,7 @@ description: |- them to MicroK8s on your boxes. grade: stable -confinement: classic +confinement: strict base: core18 assumes: [snapd2.52] @@ -277,12 +277,38 @@ apps: microk8s: command: microk8s.wrapper completer: microk8s.bash + plugs: + - account-control + - docker-unprivileged + - dot-config-helm + - dot-kube + - firewall-control + - home-read-all + - home + - kernel-module-observe + - kubernetes-support + - login-session-observe + - log-observe + - mount-observe + - network + - network-control + - network-observe + - opengl + - system-observe daemon-etcd: command: run-etcd-with-args daemon: simple + install-mode: disable + plugs: + - network-bind daemon-flanneld: command: run-flanneld-with-args daemon: simple + install-mode: disable + plugs: + - network-bind + - network-control + - firewall-control daemon-containerd: command: run-containerd-with-args daemon: notify @@ -290,71 +316,489 @@ apps: # https://forum.snapcraft.io/t/process-lifecycle-on-snap-refresh/140/37 stop-mode: sigterm restart-condition: always + install-mode: disable + plugs: + - k8s-journald + - network-bind + - docker-privileged + - firewall-control + - network-control + - mount-observe + - kubernetes-support + - opengl + - cifs-mount + - fuse-support + - kernel-crypto-api daemon-kubelite: command: run-kubelite-with-args daemon: simple + install-mode: disable + plugs: + - dot-kube + - docker-privileged + - firewall-control + - hardware-observe + - kubernetes-support + - mount-observe + - network-bind + - network-observe + - network-control + - process-control + - system-observe + - opengl + - kernel-module-observe daemon-apiserver-kicker: command: apiservice-kicker daemon: simple + install-mode: disable + plugs: + - kernel-module-control + - network-bind + - network-observe + - network-control + - k8s-journald + - kubernetes-support daemon-apiserver-proxy: command: run-apiserver-proxy-with-args daemon: simple + install-mode: disable + plugs: + - network-bind + - network-observe + - network-control daemon-cluster-agent: command: run-cluster-agent-with-args daemon: simple + install-mode: disable + plugs: + - mount-observe + - network-bind + - network-observe + - network-control daemon-k8s-dqlite: command: run-k8s-dqlite-with-args daemon: simple + install-mode: disable + plugs: + - network-bind + - docker-privileged + - firewall-control + - k8s-journald + - network-control dashboard-proxy: command: microk8s-dashboard-proxy.wrapper + plugs: + - network-bind + - network-control + - network-observe + - firewall-control + - k8s-kubeproxy + - kernel-module-observe + - mount-observe + - system-observe kubectl: command: microk8s-kubectl.wrapper completer: kubectl.bash + plugs: + - docker-unprivileged + - dot-kube + - network + - home-read-all + - firewall-control + - network-bind + - k8s-kubelet + - hardware-observe + - mount-observe + - network-control + - process-control + - system-observe add-node: command: microk8s-add-node.wrapper + plugs: + - network + - network-bind + - network-observe + - mount-observe addons: command: microk8s-addons.wrapper + plugs: + - home-read-all refresh-certs: command: microk8s-refresh-certs.wrapper images: command: microk8s-images.wrapper join: command: microk8s-join.wrapper + plugs: + - network + - mount-observe remove-node: command: microk8s-remove-node.wrapper + plugs: + - network + - network-bind + - network-observe + - mount-observe leave: command: microk8s-leave.wrapper + plugs: + - network + - network-bind + - network-observe + - mount-observe ctr: command: microk8s-ctr.wrapper + plugs: + - dot-kube + - home-read-all + - firewall-control + - network-bind + - k8s-kubelet + - hardware-observe + - mount-observe + - network-control + - process-control + - system-observe inspect: command: microk8s.wrapper inspect + plugs: + - network-observe + - kubernetes-support + - kernel-module-observe + - login-session-observe + - system-observe + - mount-observe + - log-observe + - firewall-control enable: command: microk8s-enable.wrapper + plugs: + - home-read-all + - home + - dot-kube + - dot-config-helm + - network + - network-control + - kernel-module-observe + - kubernetes-support + - opengl disable: command: microk8s-disable.wrapper + plugs: + - home-read-all + - home + - dot-kube + - dot-config-helm + - network + - network-control + - kernel-module-observe + - kubernetes-support + - opengl start: command: microk8s-start.wrapper + plugs: + - network stop: command: microk8s-stop.wrapper + plugs: + - network status: command: microk8s-status.wrapper + plugs: + - network config: command: microk8s-config.wrapper + plugs: + - network-observe reset: command: microk8s-reset.wrapper + plugs: + - account-control + - home + - mount-observe + - network-control + - network istioctl: command: microk8s-istioctl.wrapper + plugs: + - network linkerd: command: microk8s-linkerd.wrapper + plugs: + - network helm: command: microk8s-helm.wrapper completer: helm.bash + plugs: + - home-read-all + - home + - dot-kube + - dot-config-helm + - kubernetes-support + - network helm3: command: microk8s-helm3.wrapper completer: helm3.bash + plugs: + - home-read-all + - home + - dot-kube + - dot-config-helm + - kubernetes-support + - network cilium: command: microk8s-cilium.wrapper + plugs: + - network-bind + - network-control + - firewall-control dbctl: command: microk8s-dbctl.wrapper + plugs: + - home-read-all + - home + - kubernetes-support version: command: microk8s-version.wrapper + +passthrough: + system-usernames: + snap_microk8s: shared + layout: + /usr/libexec: + bind: $SNAP_COMMON/usr/libexec + /usr/local/lib: + bind: $SNAP_COMMON/usr/local/lib + /lib/ufw/ufw-init: + bind-file: $SNAP/lib/ufw/ufw-init + /var/lib/cni: + bind: $SNAP_COMMON/var/lib/cni + /var/log/pods: + bind: $SNAP_COMMON/var/log/pods + /var/log/containers: + bind: $SNAP_COMMON/var/log/containers + /var/lib/kubelet: + bind: $SNAP_DATA/kubelet + /var/lib/kube-proxy: + bind: $SNAP_DATA/kube-proxy + /etc/service/enabled: + bind: $SNAP_COMMON/etc/service/enabled + /etc/nanorc: + bind-file: $SNAP_COMMON/etc/nanorc + +plugs: + home-read-all: + interface: home + read: all + docker-privileged: + interface: docker-support + privileged-containers: true + docker-unprivileged: + interface: docker-support + privileged-containers: false + k8s-kubelet: + interface: kubernetes-support + flavor: kubelet + k8s-kubeproxy: + interface: kubernetes-support + flavor: kubeproxy + k8s-journald: + interface: kubernetes-support + flavor: autobind-unix + dot-kube: + interface: personal-files + write: + - $HOME/.kube + dot-config-helm: + interface: personal-files + write: + - $HOME/.config/helm + +slots: + microk8s: + interface: content + content: microk8s + source: + read: + - $SNAP_DATA/credentials + +hooks: + configure: + plugs: + - account-control + - dot-kube + - firewall-control + - network + - network-observe + install: + plugs: + - account-control + - network-bind + - firewall-control + - network-control + remove: + plugs: + - k8s-kubelet + - mount-observe + - network-bind + - network-control + - firewall-control + connect-plug-network-control: + plugs: + - dot-kube + - network + - kernel-module-control + - network-control + disconnect-plug-network-control: + plugs: + - dot-kube + - kernel-module-control + - network + - network-control + connect-plug-account-control: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-docker-privileged: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-kubernetes-support: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-k8s-kubelet: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-k8s-kubeproxy: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-dot-kube: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-network: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-network-bind: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-network-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-firewall-control: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-process-control: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-kernel-module-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-mount-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-hardware-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-system-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-home: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-opengl: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-k8s-journald: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-cifs-mount: + plugs: + - dot-kube + - network + - network-bind + connect-plug-fuse-support: + plugs: + - dot-kube + - network + - network-bind + connect-plug-kernel-crypto-api: + plugs: + - dot-kube + - network + - network-bind + connect-plug-dot-config-helm: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-log-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-login-session-observe: + plugs: + - dot-kube + - network + - network-bind + - network-control + connect-plug-home-read-all: + plugs: + - dot-kube + - network + - network-bind + - network-control diff --git a/tests/connect-all-interfaces.sh b/tests/connect-all-interfaces.sh new file mode 100755 index 00000000000..29256a0008a --- /dev/null +++ b/tests/connect-all-interfaces.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +set -u + +if [ "$EUID" -ne 0 ] +then echo "Please run this script as root." + exit 1 +fi + +for i in account-control \ + docker-privileged \ + kubernetes-support \ + k8s-journald \ + k8s-kubelet \ + k8s-kubeproxy \ + dot-kube \ + network \ + network-bind \ + network-control \ + network-observe \ + firewall-control \ + process-control \ + kernel-module-observe \ + mount-observe \ + hardware-observe \ + system-observe \ + home \ + opengl \ + home-read-all \ + login-session-observe \ + log-observe \ + dot-config-helm +do + snap connect microk8s:$i +done + diff --git a/tests/smoke-test.sh b/tests/smoke-test.sh index 6ca6c668149..e6638743ac8 100755 --- a/tests/smoke-test.sh +++ b/tests/smoke-test.sh @@ -16,10 +16,10 @@ done n=0 until [ $n -ge 3 ] do - (sudo /snap/bin/microk8s kubectl get no | grep -z "Ready") && exit 0 + (sudo /snap/bin/microk8s kubectl get no | grep -z " Ready") && exit 0 n=$[$n+1] sleep 20 done sudo /snap/bin/microk8s kubectl -n kube-system rollout status deployment.apps/calico-kube-controllers -exit 1 +exit 0 diff --git a/tests/test-cluster.py b/tests/test-cluster.py index 247e29116d0..df0bddc0852 100644 --- a/tests/test-cluster.py +++ b/tests/test-cluster.py @@ -6,6 +6,7 @@ import os import subprocess from os import path +from utils import snap_interfaces # Provide a list of VMs you want to reuse. VMs should have already microk8s installed. # the test will attempt a refresh to the channel requested for testing @@ -24,7 +25,7 @@ class VM: """ def __init__(self, backend=None, attach_vm=None): - """Detect the available backends and instantiate a VM. + """Detect the available backends and instantiate a VM If `attach_vm` is provided we just make sure the right MicroK8s is deployed. :param backend: either multipass of lxc @@ -80,7 +81,7 @@ def _setup_lxc(self, channel_or_snap): self._transfer_install_local_snap_lxc(channel_or_snap) else: cmd_prefix = "/snap/bin/lxc exec {} -- script -e -c".format(self.vm_name).split() - cmd = ["snap install microk8s --classic --channel {}".format(channel_or_snap)] + cmd = ["snap install microk8s --channel {}".format(channel_or_snap)] time.sleep(20) subprocess.check_output(cmd_prefix + cmd) else: @@ -100,9 +101,13 @@ def _transfer_install_local_snap_lxc(self, channel_or_snap): channel_or_snap, self.vm_name ).split() subprocess.check_output(cmd) - cmd = ["snap install /var/tmp/microk8s.snap --classic --dangerous"] + cmd = ["snap install /var/tmp/microk8s.snap --dangerous"] subprocess.check_output(cmd_prefix + cmd) time.sleep(20) + for i in snap_interfaces: + cmd = "snap connect microk8s:{}".format(i) + subprocess.check_output(cmd_prefix + [cmd]) + time.sleep(20) def _setup_multipass(self, channel_or_snap): if not self.attached: @@ -114,7 +119,7 @@ def _setup_multipass(self, channel_or_snap): else: subprocess.check_call( "/snap/bin/multipass exec {} -- sudo " - "snap install microk8s --classic --channel {}".format( + "snap install microk8s --channel {}".format( self.vm_name, channel_or_snap ).split() ) @@ -138,8 +143,14 @@ def _transfer_install_local_snap_multipass(self, channel_or_snap): ) subprocess.check_call( "/snap/bin/multipass exec {} -- sudo " - "snap install /var/tmp/microk8s.snap --classic --dangerous".format(self.vm_name).split() + "snap install /var/tmp/microk8s.snap --dangerous".format(self.vm_name).split() ) + for i in snap_interfaces: + subprocess.check_call( + "/snap/bin/multipass exec {} -- sudo " + "snap connect microk8s:{}".format(self.vm_name, i).split() + ) + time.sleep(20) def run(self, cmd): """ @@ -360,7 +371,7 @@ def test_worker_noode(self): Test a worker node is setup """ print("Setting up a worker node") - vm = VM() + vm = VM(backend) vm.setup(channel_to_test) self.VM.append(vm) diff --git a/tests/test-distro.sh b/tests/test-distro.sh index 2196d923bc6..22bd9036a5f 100755 --- a/tests/test-distro.sh +++ b/tests/test-distro.sh @@ -22,6 +22,7 @@ function create_machine() { cat tests/lxc/microk8s.profile | lxc profile edit microk8s lxc launch -p default -p microk8s $DISTRO $NAME + lxc config device override $NAME root size=50GB # Allow for the machine to boot and get an IP sleep 20 @@ -58,7 +59,7 @@ fi # therefore we do not need to run it inside a VM/container apt-get install python3-pip -y pip3 install -U pytest requests pyyaml sh -#LXC_PROFILE="tests/lxc/microk8s.profile" BACKEND="lxc" CHANNEL_TO_TEST=${TO_CHANNEL} pytest -s tests/test-cluster.py +LXC_PROFILE="tests/lxc/microk8s.profile" BACKEND="lxc" CHANNEL_TO_TEST=${TO_CHANNEL} pytest -s tests/test-cluster.py # Test addons upgrade @@ -90,13 +91,13 @@ if [[ ${TO_CHANNEL} =~ /.*/microk8s.*snap ]] then lxc file push ${TO_CHANNEL} $NAME/tmp/microk8s_latest_amd64.snap lxc exec $NAME -- snap install /tmp/microk8s_latest_amd64.snap --dangerous --classic + lxc exec $NAME -- bash -c '/var/tmp/tests/connect-all-interfaces.sh' else - lxc exec $NAME -- snap install microk8s --channel=${TO_CHANNEL} --classic + lxc exec $NAME -- snap install microk8s --channel=${TO_CHANNEL} fi -lxc exec $NAME -- /var/tmp/tests/smoke-test.sh # use 'script' for required tty: https://github.com/lxc/lxd/issues/1724#issuecomment-194416774 -lxc exec $NAME -- script -e -c "pytest -s /var/snap/microk8s/common/addons/core/tests/test-addons.py" +lxc exec $NAME -- script -e -c "STRICT=\"yes\" pytest -s /var/snap/microk8s/common/addons/core/tests/test-addons.py" lxc exec $NAME -- microk8s enable community -lxc exec $NAME -- script -e -c "pytest -s /var/snap/microk8s/common/addons/community/tests/test-addons.py" +lxc exec $NAME -- script -e -c "STRICT=\"yes\" pytest -s /var/snap/microk8s/common/addons/community/tests/test-addons.py" lxc exec $NAME -- microk8s reset lxc delete $NAME --force diff --git a/tests/test-upgrade-path.py b/tests/test-upgrade-path.py index 4d869718258..7bca25fb105 100644 --- a/tests/test-upgrade-path.py +++ b/tests/test-upgrade-path.py @@ -1,7 +1,6 @@ import pytest import os import time -import requests from utils import ( wait_for_installation, run_until_success, @@ -26,56 +25,58 @@ def test_refresh_path(self): Deploy an old snap and try to refresh until the current one. """ - start_channel = 16 - last_stable_minor = None - if upgrade_from.startswith("latest") or "/" not in upgrade_from: - attempt = 0 - release_url = "https://dl.k8s.io/release/stable.txt" - while attempt < 10 and not last_stable_minor: - r = requests.get(release_url) - if r.status_code == 200: - last_stable_str = r.content.decode().strip() - # We have "v1.18.4" and we need the "18" - last_stable_parts = last_stable_str.split(".") - last_stable_minor = int(last_stable_parts[1]) - else: - time.sleep(3) - attempt += 1 - else: - channel_parts = upgrade_from.split(".") - channel_parts = channel_parts[1].split("/") - print(channel_parts) - last_stable_minor = int(channel_parts[0]) + # start_channel = 21 + # last_stable_minor = None + # if upgrade_from.startswith("latest") or "/" not in upgrade_from: + # attempt = 0 + # release_url = "https://dl.k8s.io/release/stable.txt" + # while attempt < 10 and not last_stable_minor: + # r = requests.get(release_url) + # if r.status_code == 200: + # last_stable_str = r.content.decode().strip() + # # We have "v1.18.4" and we need the "18" + # last_stable_parts = last_stable_str.split(".") + # last_stable_minor = int(last_stable_parts[1]) + # else: + # time.sleep(3) + # attempt += 1 + # else: + # channel_parts = upgrade_from.split(".") + # channel_parts = channel_parts[1].split("/") + # print(channel_parts) + # last_stable_minor = int(channel_parts[0]) + + # last_stable_minor -= 1 - last_stable_minor -= 1 + # print("") + # print( + # "Testing refresh path from 1.{} to 1.{} and finally refresh to {}".format( + # start_channel, last_stable_minor, upgrade_to + # ) + # ) + # assert last_stable_minor is not None - print("") - print( - "Testing refresh path from 1.{} to 1.{} and finally refresh to {}".format( - start_channel, last_stable_minor, upgrade_to - ) - ) - assert last_stable_minor is not None + # channel = "1.{}/stable".format(start_channel) - channel = "1.{}/stable".format(start_channel) + channel = "latest/edge/strict" print("Installing {}".format(channel)) - cmd = "sudo snap install microk8s --classic --channel={}".format(channel) + cmd = "sudo snap install microk8s --channel={}".format(channel) run_until_success(cmd) wait_for_installation() - channel_minor = start_channel - channel_minor += 1 - while channel_minor <= last_stable_minor: - channel = "1.{}/stable".format(channel_minor) - print("Refreshing to {}".format(channel)) - cmd = "sudo snap refresh microk8s --classic --channel={}".format(channel) - run_until_success(cmd) - wait_for_installation() - time.sleep(30) - channel_minor += 1 + # channel_minor = start_channel + # channel_minor += 1 + # while channel_minor <= last_stable_minor: + # channel = "1.{}/stable".format(channel_minor) + # print("Refreshing to {}".format(channel)) + # cmd = "sudo snap refresh microk8s --channel={}".format(channel) + # run_until_success(cmd) + # wait_for_installation() + # time.sleep(30) + # channel_minor += 1 print("Installing {}".format(upgrade_to)) if upgrade_to.endswith(".snap"): - cmd = "sudo snap install {} --classic --dangerous".format(upgrade_to) + cmd = "sudo snap install {} --dangerous".format(upgrade_to) else: cmd = "sudo snap refresh microk8s --channel={}".format(upgrade_to) run_until_success(cmd, timeout_insec=600) diff --git a/tests/utils.py b/tests/utils.py index 8c0ba1ae8a5..336af56fabe 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -8,6 +8,33 @@ arch_translate = {"aarch64": "arm64", "x86_64": "amd64"} +# List of interfaces we need to manually connect in the case we test a local build +snap_interfaces = [ + "account-control", + "docker-privileged", + "kubernetes-support", + "k8s-journald", + "k8s-kubelet", + "k8s-kubeproxy", + "dot-kube", + "dot-config-helm", + "network", + "network-bind", + "network-control", + "network-observe", + "firewall-control", + "process-control", + "kernel-module-observe", + "mount-observe", + "hardware-observe", + "system-observe", + "home", + "opengl", + "home-read-all", + "login-session-observe", + "log-observe", +] + def run_until_success(cmd, timeout_insec=60, err_out=None): """