CI: switch from LXD to Incus

LXD is now banned from https://images.linuxcontainers.org/ Signed-off-by: Akihiro Suda <[email protected]>
rootless-containers · May 14, 2024 · f69affd · f69affd
1 parent 82d6cd2
commit f69affd
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 22 deletions.
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -60,29 +60,30 @@ jobs:
           ./hack/test-smoke.sh
 
   multi-node:
-    name: "Multi node (emulated using LXD)"
+    name: "Multi node (emulated using Incus)"
     runs-on: ubuntu-22.04
     timeout-minutes: 30
     strategy:
       fail-fast: false
       matrix:
         include:
-          - lxc-image: ubuntu:22.04
+          - incus-image: images:ubuntu/22.04
             engine: docker
-          - lxc-image: images:fedora/39/cloud
+          - incus-image: images:fedora/39/cloud
             engine: podman
     env:
-      LXC_IMAGE: "${{ matrix.lxc-image }}"
+      INCUS_IMAGE: "${{ matrix.incus-image }}"
       CONTAINER_ENGINE: "${{ matrix.engine }}"
     steps:
       - run: sudo modprobe vxlan
       - uses: actions/checkout@v3
-      - uses: canonical/[email protected]
-      - run: ./hack/create-cluster-lxd.sh
+      - uses: maxwell-k/setup-incus@main
+      - run: sudo incus admin init --auto
+      - run: ./hack/create-cluster-incus.sh
       - run: kubectl taint nodes --all node-role.kubernetes.io/control-plane- || true
       - run: ./hack/test-smoke.sh
       - name: "Test data persistency after restarting the node"
         run: |
-          lxc restart host0 host1
+          sudo incus restart host0 host1
           sleep 30
           ./hack/test-smoke.sh
diff --git a/hack/create-cluster-lxd.sh → hack/create-cluster-incus.sh b/hack/create-cluster-lxd.sh → hack/create-cluster-incus.sh
@@ -4,7 +4,7 @@ set -eux -o pipefail
 : "${CONTAINER_ENGINE:=docker}"
 
 # Create Rootless Docker hosts
-./hack/create-hosts-lxd.sh "${HOME}/.u7s-ci-hosts" host0 host1
+./hack/create-hosts-incus.sh "${HOME}/.u7s-ci-hosts" host0 host1
 SCP="scp -F ${HOME}/.u7s-ci-hosts/ssh_config"
 SSH="ssh -F ${HOME}/.u7s-ci-hosts/ssh_config"
 for host in host0 host1; do

diff --git a/hack/create-hosts-lxd.sh → hack/create-hosts-incus.sh b/hack/create-hosts-lxd.sh → hack/create-hosts-incus.sh
@@ -8,8 +8,8 @@ dir=$1
 shift
 names=$*
 
-: "${LXC_IMAGE:="ubuntu:22.04"}"
-LXC="sudo lxc"
+: "${INCUS_IMAGE:="images:ubuntu/22.04"}"
+INCUS="sudo incus"
 
 echo "USER=${USER}"
 ssh_config="${dir}/ssh_config"
@@ -32,23 +32,29 @@ if [ ! -e "${userdata}" ]; then
 users:
   - name: "${USER}"
     shell: /bin/bash
-    ssh-authorized-keys:
-      - $(cat "${pubkey}")
+    # ssh-authorized-keys does not work here for images:ubuntu/22.04
   - name: "${USER}-sudo"
     shell: /bin/bash
-    ssh-authorized-keys:
-      - $(cat "${pubkey}")
     sudo: ALL=(ALL) NOPASSWD:ALL
 EOF
 fi
 
 for name in ${names}; do
-	${LXC} init "${LXC_IMAGE}" "${name}" -c security.privileged=true -c security.nesting=true
-	${LXC} config device add "${name}" bind-boot disk source=/boot path=/boot readonly=true
-	${LXC} config set "${name}" user.user-data - <"${userdata}"
-	${LXC} start "${name}"
+	${INCUS} init "${INCUS_IMAGE}" "${name}" -c security.privileged=true -c security.nesting=true
+	${INCUS} config device add "${name}" bind-boot disk source=/boot path=/boot readonly=true
+	${INCUS} config set "${name}" user.user-data - <"${userdata}"
+	${INCUS} start "${name}"
 	sleep 10
-	ip="$(${LXC} exec "${name}" -- ip --json route get 1 | jq -r .[0].prefsrc)"
+	if ${INCUS} exec "${name}" -- apt-get --help >/dev/null 2>&1; then
+		${INCUS} exec "${name}" -- apt-get update
+		${INCUS} exec "${name}" -- apt-get install -y openssh-server
+	fi
+	for user in $USER $USER-sudo; do
+		${INCUS} exec "${name}" -- mkdir -p -m 0700 "/home/${user}/.ssh"
+		cat "${pubkey}" | ${INCUS} exec "${name}" -- tee -a "/home/${user}/.ssh/authorized_keys"
+		${INCUS} exec "${name}" -- chown -R "${user}:${user}" "/home/${user}/.ssh"
+	done
+	ip="$(${INCUS} exec "${name}" -- ip --json route get 1 | jq -r .[0].prefsrc)"
 	echo "Host ${name}" >>"${ssh_config}"
 	echo "  Hostname ${ip}" >>"${ssh_config}"
 	echo "  # For a test env, the host key can be just ignored"

diff --git a/init-host/init-host.root.sh b/init-host/init-host.root.sh
@@ -22,7 +22,7 @@ cat >/etc/modules-load.d/usernetes.conf <<EOF
 br_netfilter
 vxlan
 EOF
-# systemd-modules-load.service may fail inside LXC
+# systemd-modules-load.service may fail inside Incus
 systemctl restart systemd-modules-load.service || true
 
 cat >/etc/sysctl.d/99-usernetes.conf <<EOF
@@ -31,12 +31,12 @@ cat >/etc/sysctl.d/99-usernetes.conf <<EOF
 # configure sysctl for the daemon's netns. So we are configuring it globally here.
 net.ipv4.conf.default.rp_filter = 2
 EOF
-# sysctl may fail inside LXC
+# sysctl may fail inside Incus
 sysctl --system || true
 
 if command -v dnf >/dev/null 2>&1; then
 	dnf install -y git shadow-utils make jq
-	# Workaround: SUID bit on newuidmap is dropped on LXC images:fedora/38/cloud,
+	# Workaround: SUID bit on newuidmap is dropped on Incus images:fedora/38/cloud,
 	# so it has to be reinstalled
 	dnf reinstall -y shadow-utils
 else