ci: add podvm-smoketest workflow #2247
Conversation
| # Required by rootless mkosi on Ubuntu 24.04 | ||
| # - name: Un-restrict user namespaces | ||
| # run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 | ||
|
|
There was a problem hiding this comment.
Is this just a reference for developers trying to do this manually, or potentially for future when we can migrate to 24.04 after the OVMF firmware issues are resolved?
There was a problem hiding this comment.
the latter, because we'd probably forget about this
| - name: Disable TLS for agent-protocol-forwarder | ||
| run: | | ||
| mkdir -p ./resources/binaries-tree/etc/default | ||
| echo "TLS_OPTIONS=-disable-tls" > ./resources/binaries-tree/etc/default/agent-protocol-forwarder |
There was a problem hiding this comment.
Do you think this is a candidate to also enable in the "developer mode" I'm thinking of in #2227
I'm trying to work out if there would be value in reusing the current podvm_mkosi workflow to help do this image build section, but we'd need to add support for that in. This isn't a blocker for this PR, just thinking about it whilst reviewing.
There was a problem hiding this comment.
yeah, although I'm not convinced we require a build-time flag for TLS. An empty tls config in daemon.json should just indicate that we're not using TLS.
ea6fa8e to
2d52b93
Compare
This workflow will set build a podvm image, launch a vm and then attempt to address it via the kata agent API. This should give earlier signals on the podvm problems and can run on PRs. Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
2d52b93 to
e7d55f3
Compare
This workflow will build a podvm image, launch a vm and then attempt to address it via the kata agent API.
This should give earlier signals of podvm problems and can run on PRs.
nb: the wf is running on 22.04 b/c libvirt struggles with OVMF_CODE_4M firmware that is default on ub 24.04.