We still perform some tests using Gen 1 on amd64. Standard_D2s_v6 does
not support this, but v5 will presumably be the last version that does,
so hardcode that case.
For Gen 2, you need to set the SKU for amd64 to work, and it has to use
the gallery like arm64 already does.
Using the gallery is possibly slightly slower, so ideally we would only
upload the image once like we do for AWS, but let's just get it working
for now.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
It happens that we have some leftovers instances running in an "error"
state (the error comes from the OpenStack scheduled deletion). This
leads to instance creation error during the test because quota limits
are hit.
Let's clean-up everything before running the new tests.
This won't impact tests from other channels as OpenStack is limited to
one CI job at a time.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Hetzner is having some capacity issues[^1]:
- amd64: CPX plans (CPX11 to CPX51) - Falkenstein (FSN) and Nuremberg (NBG)
- arm64: CAX plans (CAX11 to CAX41) - Helsinki (HEL) and Nuremberg (NBG)
Let's switch the location:
* Helsinki (hel1) for amd64
* Keep Falkenstein (fsn1) for arm64
[^1]: https://status.hetzner.com/incident/aa5ce33b-faa5-4fd0-9782-fde43cd270cf
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
The update payload needs the kernel, which isn't signed during the image
job. Secure Boot is not currently enabled for update tests, but we may
as well do this properly. The production update upload is generated
manually at the end after everything has already been signed.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Otherwise it uses the default name, which can clash with other
concurrent jobs, especially jobs for the other arches.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
In the test we should use the unzipped image, which is the one
documented.
This allows us to drop some modifications to our OpenStack instance.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
We only want to do the signing in Azure, not the whole image job. This
new job downloads the unsigned image, signs it, and replaces it.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
The new arm64 firmware supporting Secure Boot (see next commit) is in
QCOW2 format only, avoiding the extra space taken up by the 64MB
padding. Supporting both raw and QCOW2 images would be messy, so switch
entirely to QCOW2.
Only the 4MB images are in QCOW2 format on amd64, so also switch away
from the 2MB images. 4MB images are now the default for most
distributions as they are needed to apply certain Windows updates.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
Kola's logic for choosing BIOS vs EFI isn't too smart, and not
specifying --qemu-ovmf-vars leads to it passing -bios to QEMU. This
doesn't make sense for arm64, but it did work anyway with the old
firmware in raw format. The new firmware in QCOW2 format doesn't work
this way.
Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
No need for garbage collection since one temporary project is allocated with 1h of
lifespan for each run.
Signed-off-by: Mathieu Tortuyaux <mtortuyaux@microsoft.com>
Co-authored-by: Julian Tölle <julian.toelle97@gmail.com>
This adds support for providing a value for the newly introduce
--azure-kola-vnet kola parameter through the environment. This parameter is
meant to indicate that kola is running inside of a vnet in Azure and the kola
created storage account will be restricted to being accessed from that vnet.
This lets us disable public access to storage accounts.
Needs a corresponding change to jenkins jobs, because we have no way of
determining what vnet a worker node is connected to programmatically. So it
needs to be defined by the job.
Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
After making flatcar_production_pxe.vmlinuz a symlink to
flatcar_production_image.vmlinuz the signature creation didn't work
because the target could not be found.
As we do with the generic image, download the kernel from bincache, too,
before starting the VM image build.
On Windows, the .bz2 compression format is not supported by native
tooling and external tools like 7zip need to be installed.
Switching to .zip compression, there will be no need for the extra step
of having external tools.
See: https://github.com/flatcar/Flatcar/issues/1009
Signed-off-by: Adrian Vladu <avladu@cloudbasesolutions.com>
The qemu and qemu_uefi_secure images have the same contents as the
qemu_uefi image which wastes space on the release server. A similar
case is the PXE vmlinuz which is the same as the regular one, too.
Set up symlinks for same images, and also detect this when compressing
to set up symlinks there as well. To reduce complexity, the qemu and
qemu_uefi_secure images are not supported anymore and the Jenkins or
GitHub CI will skip over them if specified. Users that build their own
images need to adapt, though.
This change extends the garbage collector for the build cache server to
remove cached release artifacts. Release artifacts are copied to the
official mirrors and do not need to remain on the build cache after a
release was published.
By default, the 10 latest releases of all channels (including LTS and
previous LTS) are kept.
Also excluded from garbage collection are:
- Emerging new major releases (i.e. major number larger than the
latest Alpha release)
- channel progressions (major number exists in the lists of releases to
keep but minor is bigger than any release)
- patch releases (major and minor exist in list of releases to keep but
patch level is newer than in any release)
- SDKs (tarballs and containers) of any release in the list of releases
to keep; i.e. the SDK in <MAJOR>.0.0 for any release to keep.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
gensub is a GNU extension; however, POSIXLY_CORRECT is enforced in
systemd-run which triggers gawk's traditional / posix mode.
Unset it before calling gawk to make gensub available.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
This change adds a min_age parameter to the github CI SDK garbage
collector. The parameter specifies a minimum age (in days) for artifacts
to be garbage collected. NOTE that this can result in more artifacts
being kept than specified via the "keep" parameter if artifacts are
younger than min_age.
The change also has garbage_collect.sh pass the min_age parameter to
garbage_collect_github_ci_sdk.sh.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
This change improves the build cache garbage collector to remove
orphaned artifact directories - i.e. directories to which no version tag
exists in the scripts repo.
SDK containers built by Github actions (using update_sdk_container) are
igored by this change because these are handled in a separate garbage
collection script.
Also, a new command line parameter has been added to remove artifacts
older than the specified number of days (defaulting to 14):
- If neither number of builds nor max age is specified, the script
defaults to 50 builds to keep, and a max age of 14 days.
The max age overrides the number of builds to keep, so more than
50 builds may be kept.
- If only the number of builds to keep is specified, the max age is
set to "0" (i.e. today).
- If both are specified, max age again overrides number of builds to
keep.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
This change introduces build_dev_binpkgs, a script to build binary
packages for all dependencies of the devcontainer. This works around an
issue with build_packages, which doesn't - leading to build issues with
the devcontainer later on. This particularly happens for more complex
builds with the devcontainer.
Additionally, a call to build_dev_binpkgs has been added to the package
publishing step in ci-automation before binary packages are published.
Signed-off-by: Thilo Fromm <thilofromm@microsoft.com>
The refactored image changes script will eventually be run for the old
LTS version, so make sure that the script for that channel will get a
last release of old LTS instead of new LTS.
