Do not use Vagrant for CentOS 7/8

[adrianreber]

As Cirrus CI does not provide a real terminal this uses the same 'ssh -tt' workaround as the Vagrant setup. This sets up the CentOS 7 and 8 to allow SSH as root to localhost so that we can run all the tests via 'ssh -tt'.

Not going through vagrant reduces CI times for CentOS 7 and 8 from 6 minutes to 4 minutes.

1.0 backport: #3101

[AkihiroSuda]

I guess this should not be skipped for CentOS Stream 8.

Also, can we use matrix to reduce code clone?

[adrianreber]

I guess this should not be skipped for CentOS Stream 8.

I tried to make it work for a couple of hours but it always fails with:

not ok 117 update rt period and runtime
# (in test file tests/integration/update.bats, line 548)
#   `echo "$root_period" >"$target_period"' failed
# runc spec --rootless (status=0):
# 
# Writing 1000000 to /sys/fs/cgroup/cpu,cpuacct//cpu.rt_period_us
# /tmp/bats-run-106184/bats.115768.src: line 548: /sys/fs/cgroup/cpu,cpuacct//cpu.rt_period_us: Permission denied

Also, can we use matrix to reduce code clone?

Yes. I thought about it, but was unsure what would be better. I will update the PR.

[kolyshkin]

/tmp/bats-run-106184/bats.115768.src: line 548: /sys/fs/cgroup/cpu,cpuacct//cpu.rt_period_us: Permission denied

Mea culpa. Fix is in #3106 -- @adrianreber you can cherry-pick it to this PR.

[adrianreber]

With your patch from #3106 it fails with:

# (in test file tests/integration/update.bats, line 548)
# Writing 1000000 to /sys/fs/cgroup/cpu,cpuacct/runc-cgroups-integration-test/cpu.rt_period_us
# /tmp/bats-run-106836/bats.116418.src: line 548: /sys/fs/cgroup/cpu,cpuacct/runc-cgroups-integration-test/cpu.rt_period_us: Permission denied

[kolyshkin]

Yeah, this makes more sense. I'm afraid we need to have a hack for this in tests/rootless.sh's enable_cgroup. Something like this:

diff --git a/tests/rootless.sh b/tests/rootless.sh
index bacea49d..36db5340 100755
--- a/tests/rootless.sh
+++ b/tests/rootless.sh
@@ -114,6 +114,8 @@ function enable_cgroup() {
                # necessary, and might actually be a bug in our impl of cgroup
                # handling.
                [[ "$cg" == "cpuset" ]] && chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpuset."{cpus,mems}
+               # The following is required by "update rt period and runtime" test.
+               [[ "$cg" == "cpu" ]] && chown rootless:rootless "$CGROUP_MOUNT/$cg$CGROUP_PATH/cpu.rt_"{period,quota}us
        done
        # cgroup v2
        if [[ -e "$CGROUP_MOUNT/cgroup.controllers" ]]; then

@AkihiroSuda do you maybe have some input on this?

[kolyshkin]

I am not sure this test ever worked. On GHA (ubuntu, rootless_cgroups) it says

ok 118 update rt period and runtime # skip test requires cgroups_rt

[kolyshkin]

I have added the above fix to #3106 -- again, feel free to cherry-pick @adrianreber

[adrianreber]

The added fix to #3106 makes other CI runs fail. As it can be seen in #3106

[adrianreber]

I adapted your second patch and now everything seems happy.

[kolyshkin]

CI failure in Fedora 34 ("not ok 18 checkpoint --lazy-pages and restore") may be a flake I am fighting for quite some time (see #2924). It is rare so for now the workaround is to restart CI. It might have been fixed with criu 1.16 (checkpoint-restore/criu#1524) but more changes are needed from runc side (I have a WIP PR, #2761, that needs a lot of cleaning), and I have yet to re-check that.

[kolyshkin]

LGTM