File: vm.install

package info (click to toggle)
cockpit-podman 108-1
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 3,924 kB
  • sloc: javascript: 7,530; python: 7,191; sh: 843; makefile: 143; xml: 23
file content (57 lines) | stat: -rwxr-xr-x 2,278 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
#!/bin/sh
# image-customize script to prepare a bots VM for cockpit-podman testing
set -eu

if grep -q ID.*debian /usr/lib/os-release; then
    # Debian does not enable user namespaces by default
    echo kernel.unprivileged_userns_clone = 1 > /etc/sysctl.d/00-local-userns.conf
    systemctl restart systemd-sysctl

    # disable services that get in the way of /var/lib/containers
    if systemctl is-enabled docker.service; then
        systemctl disable docker.service
    fi
fi

if grep -q ID.*suse /usr/lib/os-release; then
    # HACK: cgroups are not setup to let users use memory or cpu controllers
    #       https://bugzilla.suse.com/show_bug.cgi?id=1222450
    mkdir -p /etc/systemd/system/user@.service.d
    cat <<EOF > /etc/systemd/system/user@.service.d/delegate.conf
[Service]
Delegate=cpu cpuset io memory pids
EOF
fi

# don't force https:// (self-signed cert)
mkdir -p /etc/cockpit
printf "[WebService]\\nAllowUnencrypted=true\\n" > /etc/cockpit/cockpit.conf

if systemctl is-active -q firewalld.service; then
    firewall-cmd --add-service=cockpit --permanent
fi

. /usr/lib/os-release

# Remove extra images, tests assume our specific set
# Since 4.0 podman now ships the pause image
podman images --format '{{.Repository}}:{{.Tag}}' | grep -Ev 'localhost/test-|pause|cockpit/ws' | xargs -r podman rmi -f

# clean up cockpit/ws on Fedora images, as it "breaks" pixel tests; it's only relevant for OSTree images
bootc status --booted || podman rmi -f quay.io/cockpit/ws || true

# tests reset podman, save the images
mkdir -p /var/lib/test-images
for img in $(podman images --format '{{.Repository}}:{{.Tag}}'); do
    fname="$(echo "$img" | tr -dc '[a-zA-Z-]')"
    podman save -o "/var/lib/test-images/${fname}.tar" "$img"
done

# 15minutes after boot tmp files are removed and podman stores some tmp lock files
systemctl disable --now systemd-tmpfiles-clean.timer
systemctl --global disable systemd-tmpfiles-clean.timer

# mitigate stupid/broken 90s timeout for user quadlet units
# https://github.com/containers/podman/issues/22197#issuecomment-2728794702
mkdir -p /etc/systemd/user/podman-user-wait-network-online.service.d
printf '[Service]\nExecStart=\nExecStart=/bin/true\n' > /etc/systemd/user/podman-user-wait-network-online.service.d/disable.conf