diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a77c7130fa1d18f66a7cc520bef327c42c1e5732..5cd318ad6877baa548bcaef364e0f9af26e025f3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,8 +2,13 @@
stages:
- build_koji
- build_docker
+ - upstream_test_docker
+ - cern_test_docker
- tag_docker
+variables:
+ CI_SKIP_TESTS: "false"
+
koji:
stage: build_koji
image: 'gitlab-registry.cern.ch/linuxsupport/rpmci/kojicli'
@@ -50,6 +55,57 @@ docker:
- "load"
expire_in: 1 month
+upstream_test_docker:
+ stage: upstream_test_docker
+ tags:
+ - docker-privileged
+ # use specific version as recommended by https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03/
+ image: docker:19.03.1
+ # To obtain a Docker daemon, request a Docker-in-Docker service
+ services:
+ - docker:19.03.1-dind
+ variables:
+ DOCKER_TLS_CERTDIR: "/certs"
+ script:
+ # Exit immediately if skipping tests
+ - if [ $CI_SKIP_TESTS = "true" ]; then echo "Skipping tests"; exit 0; fi
+ # Image tag comes fro previous stages, will spawn container afterwards
+ - export IMAGENAME=$(sed -e 's/Loaded image:\ \([[:alnum:]_\.\-]\+\).*/\1/g' load)
+ - export VERSION="${IMAGENAME/c8-docker-base-8.x./}"
+ # Start privileged container in detached mode and interactive to avoid default CMD bash to exit container
+ - docker run -d -t --privileged --name upstream_test_docker "${CI_REGISTRY_IMAGE}:${VERSION}"
+ # Run upstream tests
+ - docker exec -i upstream_test_docker bash < upstreamcentostests.sh
+ artifacts:
+ paths:
+ - "load"
+ expire_in: 1 month
+
+cern_test_docker:
+ stage: cern_test_docker
+ tags:
+ - docker-privileged
+ # use specific version as recommended by https://about.gitlab.com/2019/07/31/docker-in-docker-with-docker-19-dot-03/
+ image: docker:19.03.1
+ # To obtain a Docker daemon, request a Docker-in-Docker service
+ services:
+ - docker:19.03.1-dind
+ variables:
+ DOCKER_TLS_CERTDIR: "/certs"
+ script:
+ # Exit immediately if skipping tests
+ - if [ $CI_SKIP_TESTS = "true" ]; then echo "Skipping tests"; exit 0; fi
+ # Image tag comes fro previous stages, will spawn container afterwards
+ - export IMAGENAME=$(sed -e 's/Loaded image:\ \([[:alnum:]_\.\-]\+\).*/\1/g' load)
+ - export VERSION="${IMAGENAME/c8-docker-base-8.x./}"
+ # Start privileged container in detached mode and interactive to avoid default CMD bash to exit container
+ - docker run -d -t --privileged --name cern_test_docker "${CI_REGISTRY_IMAGE}:${VERSION}"
+ # Run cern tests
+ - docker exec -i -e "IMAGECI_PWD"="${IMAGECI_PWD}" -e "IMAGECI_USER"="${IMAGECI_USER}" cern_test_docker bash < cerncentostests.sh
+ artifacts:
+ paths:
+ - "load"
+ expire_in: 1 month
tag_latest:
stage: tag_docker
diff --git a/c8-base-docker.ks b/c8-base-docker.ks
index d934485b1f5a96be885e73c6eb4d71799d6039ec..d467fc06ecae9266a02e8799d8493aea4ed6588c 100644
--- a/c8-base-docker.ks
+++ b/c8-base-docker.ks
@@ -62,7 +62,7 @@ rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-kojiv2
# some packages get installed even though we ask for them not to be,
# and they don't have any external dependencies that should make
# anaconda install them
-TOREMOVE="kernel kernel-core kernel-modules bind-export-libs dhcp-libs dhcp-client dhcp-common dhcp-libs dracut-network e2fsprogs e2fsprogs-libs iptables-ebtables iptables-libs ethtool file firewalld freetype gettext gettext-libs grub2-tools-minimal grub2-tools-extra grub2-pc grub2-common grub2-pc-modules grub2-tools grubby iproute kexec-tools libcroco libgomp libmnl lzo libunistring os-prober python3-decorator python3-slip python3-slip-dbus snappy which linux-firmware"
+TOREMOVE="kernel kernel-core kernel-modules bind-export-libs dhcp-libs dhcp-client dhcp-common dhcp-libs dracut-network e2fsprogs e2fsprogs-libs iptables-ebtables iptables-libs ethtool file firewalld freetype gettext gettext-libs grub2-tools-minimal grub2-tools-extra grub2-pc grub2-common grub2-pc-modules grub2-tools grubby iproute kexec-tools libcroco libgomp libmnl lzo os-prober python3-decorator python3-slip python3-slip-dbus snappy which linux-firmware"
for remove in $TOREMOVE; do echo -n "removing $remove: "; rpm -e --nodeps $remove; done
diff --git a/cerncentostests.sh b/cerncentostests.sh
new file mode 100755
index 0000000000000000000000000000000000000000..c3deb4f54e417a57a8083f8cbdd7555849c8e8fb
--- /dev/null
+++ b/cerncentostests.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# The following script runs CERN CentOS functional tests with some tweaks for containerized context
+
+yum install git -y
+
+git clone https://gitlab.cern.ch/linuxsupport/cern_centos_functional_tests.git
+cd cern_centos_functional_tests;
+
+# Disable certain tests for docker base image. Concat to default skips
+cat >> ./skipped-tests.list <<DELIM
+
+8|tests/cern_specific/3_check_cern_ntp.sh|No NTP on base image
+DELIM
+
+./runtests.sh
diff --git a/upstreamcentostests.sh b/upstreamcentostests.sh
new file mode 100755
index 0000000000000000000000000000000000000000..b2a784a39b41a5c9599b611e77c2d77b96abfc7a
--- /dev/null
+++ b/upstreamcentostests.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+# The following script runs Upstream CentOS functional tests with some tweaks for containerized context
+
+# libunistring host command is linked against libunistring on c8, which is not the case for c7
+# We need to install it although it is removed in the kickstart file
+yum install git libunistring -y
+
+git clone https://gitlab.cern.ch/linuxsupport/centos_functional_tests.git
+cd centos_functional_tests;
+
+# Skipping list is way longer than for cc7-base as image creation is different,
+# cc7-base was systemd ready, meaning most of these skips are service related
+cat > ./skipped-tests.list <<DELIM
+# This file contains list of tests we need/want to skip
+# Reason is when there is upstream bug that we're aware of
+# So this file should contain:
+# - centos version (using $centos_ver)
+# - test to skip (tests/p_${name}/test.sh)
+# - reason why it's actually skipped (url to upstream BZ, or bug report)
+# Separated by |
+8|tests/0_common/00_centos_repos.sh|We want to keep CERN repos enabled
+8|tests/0_common/05_stop_yumupdatesd.sh|No systemd therefore cannot be tested
+8|tests/0_common/20_upgrade_all.sh|Avoid too much noise on CI logs
+8|tests/0_common/30_dns_works.sh|Cannot test, we specifically remove libunistring package
+8|tests/p_arpwatch/10_arpwatch_test.sh|arpwatch always ends up in coredump in c8 but install is needed for posterior tests
+8|tests/p_audit/*|auditd not yet container ready
+8|tests/p_autofs/*|No NFS on containers
+8|tests/p_bind/0-install_bind.sh|No systemd therefore cannot be tested
+8|tests/p_bind/*|dig cannot find servers in c8 containers
+8|tests/p_coreutils/*|Specificially removed on KS file for lightweight container, installed coreutils-single instead
+8|tests/p_cron/*|No systemd therefore cannot be tested
+8|tests/p_diffutils/10-cmp-tests|https://bugzilla.redhat.com/show_bug.cgi?id=1732960
+8|tests/p_dovecot/*|No rsyslog nor systemd installed so impossible to test
+8|tests/p_exim/0-install_exim.sh|No systemd therefore cannot be tested
+8|tests/p_freeradius/*|No systemd therefore cannot be tested
+8|tests/p_gzip/30-gzexe-test|https://apps.centos.org/kanboard/project/23/task/833
+8|tests/p_httpd/*|httpd results in 403 for all requests, disabling for now
+8|tests/p_initscripts/*|No systemd therefore cannot be tested
+8|tests/p_ipa-server/*|No Freeipa default tests, also, we use cern-get-keytab
+8|tests/p_kernel/*|No kernel therefore cannot be tested
+8|tests/p_lftp/*|No systemd therefore cannot be tested
+8|tests/p_libvirt/*|No systemd therefore cannot be tested
+8|tests/p_logwatch/*|Default conf does not print anything, it will always fail, allegedly because our rpm removals
+8|tests/p_lsof/10-test_lsof.sh|No systemd therefore cannot be tested
+8|tests/p_mailman/mailman_test.sh|No systemd therefore cannot be tested
+8|tests/p_mod_python/mod_python_test.sh
+8|tests/p_mod_wsgi/*|No systemd therefore cannot be tested
+8|tests/p_mysql/*|No systemd therefore cannot be tested
+8|tests/p_net-snmp/*|No systemd therefore cannot be tested
+8|tests/p_network/*|Cannot create VLAN in containers
+8|tests/p_nfs/*|NFS not relevant in a containerised context
+8|tests/p_nmap/*|Not working on centos:8 either
+8|tests/p_ntp/*|We have our own NTP servers, checking in a separate test
+8|tests/p_openssh/*|sshd service cannot run. No systemd
+8|tests/p_php/20-php-mysql-test.sh|No systemd therefore cannot be tested
+8|tests/p_php/25-php-mysql55-test.sh|No systemd therefore cannot be tested
+8|tests/p_postfix/40_postfix_sasl.sh|No systemd therefore cannot be tested
+8|tests/p_postfix/50_postfix_tls.sh|No systemd therefore cannot be tested
+8|tests/p_postfix/*|No systemd therefore cannot be tested
+8|tests/p_postgresql/1-config-postgresql.sh|No systemd therefore cannot be tested
+8|tests/p_postgresql/*|No systemd therefore cannot be tested
+8|tests/p_python/20-python-mysql-test.sh|No systemd therefore cannot be tested
+8|tests/p_python/25-python-mysql55-test.sh|No systemd therefore cannot be tested
+8|tests/p_rsync/0-install-rsync.sh|No systemd therefore cannot be tested
+8|tests/p_rsync/10-rsync-test.sh|No systemd therefore cannot be tested
+8|tests/p_samba/*|No systemd therefore cannot be tested
+8|tests/p_selinux/*|Not applicable in C8 containers
+8|tests/p_sendmail/*|No systemd therefore cannot be tested
+8|tests/p_squid/*|squid seems to always fail, disabling for now
+8|tests/p_squirrelmail/0-install_squirrelmail.sh|No systemd therefore cannot be tested
+8|tests/p_syslog/*|No rsyslog installed, also not relevant on containers
+8|tests/p_systemd/*|It uses auditd as an example which is not yet container ready
+8|tests/p_telnet/10-test_telnet.sh|No systemd therefore cannot be tested
+8|tests/p_tftp-server/*|No systemd therefore cannot be tested
+8|tests/p_vsftpd/*|No systemd therefore cannot be tested
+8|tests/p_webalizer/*|No systemd therefore cannot be tested
+8|tests/p_yum-plugin-fastestmirror/*|CERN CentOS does not have mirror list enabled
+8|tests/r_check_mod_packages/*|Does not apply for CCentOS
+8|tests/r_lamp/*|No systemd therefore cannot be tested
+8|tests/z_rpminfo/*|Does not apply in our case
+DELIM
+
+./runtests.sh