coreos/fedora-coreos-config
1
0
Fork 0
mirror of https://github.com/coreos/fedora-coreos-config.git synced 2026-02-05 09:45:30 +01:00
Code Issues Releases Activity

tree: import changes from testing-devel at 803cd14b7f

Browse Source
This commit is contained in:
CoreOS Bot
2022-05-11 18:51:54 +00:00
parent 2151f484db
commit 8d963cc81e
28 changed files with 50 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ci/buildroot/Dockerfile
View File

@@ -5,6 +5,6 @@
#
# This image is used by CoreOS CI to build software like
# Ignition, rpm-ostree, ostree, coreos-installer, etc...
FROM registry.fedoraproject.org/fedora:35
FROM registry.fedoraproject.org/fedora:36
COPY . /src
RUN ./src/install-buildroot.sh && yum clean all && rm /src -rf # nocache 20220119

44
manifests/fedora-coreos-base.yaml
View File

@@ -17,14 +17,6 @@ ostree-layers:
- overlay/14NetworkManager-plugins
- overlay/20platform-chrony
conditional-include:
# https://github.com/coreos/fedora-coreos-tracker/issues/676
- if: releasever >= 36
include: iptables-nft.yaml
# https://github.com/coreos/fedora-coreos-config/pull/1519
- if: releasever >= 36
include: podman-v4.yaml
initramfs-args:
- --no-hostonly
# We don't support root on NFS, so we don't need it in the initramfs. It also
@@ -86,16 +78,6 @@ postprocess:
- |
#!/usr/bin/env bash
systemctl mask systemd-repart.service
# Mask systemd-network-generator. We need it for some things in the future
# (https://github.com/systemd/systemd/pull/21766/files), but for now it's
# just failing for Fedora 35 on boot because of SELinux:
# https://github.com/coreos/fedora-coreos-tracker/issues/1059#issuecomment-1090602396
- |
#!/usr/bin/env bash
source /etc/os-release
if [ "$VERSION_ID" -eq "35" ]; then
systemctl mask systemd-network-generator.service
fi
# Set the fallback hostname to `localhost`. This was needed in F33/F34
# because a fallback hostname of `fedora` + systemd-resolved broke
@@ -124,6 +106,20 @@ postprocess:
chmod +x /usr/lib/dracut/modules.d/95nvmf/nvmf-autoconnect.sh
fi
# Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we
# remove iptables-legacy. This is needed because alternatives don't work
# https://github.com/coreos/fedora-coreos-tracker/issues/677
# https://github.com/coreos/fedora-coreos-tracker/issues/676
- |
#!/usr/bin/env bash
set -xeuo pipefail
ln -sf /usr/sbin/ip6tables-nft /etc/alternatives/ip6tables
ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore
ln -sf /usr/sbin/ip6tables-nft-save /etc/alternatives/ip6tables-save
ln -sf /usr/sbin/iptables-nft /etc/alternatives/iptables
ln -sf /usr/sbin/iptables-nft-restore /etc/alternatives/iptables-restore
ln -sf /usr/sbin/iptables-nft-save /etc/alternatives/iptables-save
# Packages listed here should be specific to Fedore CoreOS (as in not yet
# available in RHCOS or not desired in RHCOS). All other packages should go
# into one of the sub-manifests listed at the top.
@@ -140,6 +136,18 @@ packages:
# https://github.com/coreos/fedora-coreos-tracker/issues/519
# https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071338097
- containernetworking-plugins podman-plugins dnsmasq
# For podman v4 netavark gets pulled in but it only recommends
# aardvark-dns (which provides name resolution based on container
# names). This functionality was previously provided by dnsname from
# podman-plugins in the podman v3 stack.
# See https://github.com/containers/netavark/pull/217
- aardvark-dns
# Since we need `containernetworking-plugins` installed to continue
# to support CNI networks we need to also explicitly install
# `netavark` so we get both of them installed since both of them
# provide `container-network-stack`.
# https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071458717
- netavark
# Minimal NFS client
- nfs-utils-coreos
# Active Directory support

17
manifests/iptables-nft.yaml
View File

@@ -1,17 +0,0 @@
# Scripts for opting into staying on iptables-legacy after migration. Remove
# after the next barrier release.
ostree-layers:
- overlay/35coreos-iptables
# Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we
# remove iptables-legacy.
postprocess:
- |
#!/usr/bin/env bash
set -xeuo pipefail
ln -sf /usr/sbin/ip6tables-nft /etc/alternatives/ip6tables
ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore
ln -sf /usr/sbin/ip6tables-nft-save /etc/alternatives/ip6tables-save
ln -sf /usr/sbin/iptables-nft /etc/alternatives/iptables
ln -sf /usr/sbin/iptables-nft-restore /etc/alternatives/iptables-restore
ln -sf /usr/sbin/iptables-nft-save /etc/alternatives/iptables-save

14
manifests/podman-v4.yaml
View File

@@ -1,14 +0,0 @@
# Extra tweaks needed for podman v4
packages:
# For podman v4 netavark gets pulled in but it only recommends
# aardvark-dns (which provides name resolution based on container
# names). This functionality was previously provided by dnsname from
# podman-plugins in the podman v3 stack.
# See https://github.com/containers/netavark/pull/217
- aardvark-dns
# Since we need `containernetworking-plugins` installed to continue
# to support CNI networks we need to also explicitly install
# `netavark` so we get both of them installed since both of them
# provide `container-network-stack`.
# https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071458717
- netavark

36
manifests/shared-workarounds.yaml
View File

@@ -2,33 +2,6 @@
# and downstreams (i.e. Red Hat CoreOS).
postprocess:
# Put in the fix for multipathd.socket on releases that haven't been fixed yet.
# https://bugzilla.redhat.com/show_bug.cgi?id=2008098
# https://github.com/coreos/fedora-coreos-config/pull/1246
- |
#!/usr/bin/env bash
set -xeuo pipefail
# Operate on RHCOS and FCOS.
source /etc/os-release
if [[ ${NAME} =~ "Fedora" ]]; then
# FCOS: Only operate on releases before F36. The fix has landed
# in F36+ and there is no need for a workaround.
[ ${VERSION_ID} -le 35 ] || exit 0
elif [[ "${ID}" == "rhel" ]]; then
# RHCOS: The fix has landed in RHEL 8.6, 8.5.z, 8.4.z EUS, so we should
# be able to just exit out safely.
exit 0
fi
mkdir /usr/lib/systemd/system/multipathd.socket.d
cat > /usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf <<'EOF'
# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2008098
[Unit]
ConditionKernelCommandLine=!multipath=off
ConditionKernelCommandLine=!nompath
ConditionPathExists=/etc/multipath.conf
ConditionVirtualization=!container
EOF
# Put in the fix for multipathd.service in dracut on releases that haven't
# been fixed yet.
# https://github.com/dracutdevs/dracut/pull/1606
@@ -37,12 +10,9 @@ postprocess:
#!/usr/bin/env bash
set -xeuo pipefail
source /etc/os-release
if [[ ${NAME} =~ "Fedora" ]]; then
# FCOS: This fix has landed in F36+
[ ${VERSION_ID} -le 35 ] || exit 0
else
# RHCOS: The fix hasn't landed in any version of RHEL yet
true
# This has landed in Fedora but not in any version of RHEL yet
if [[ ${ID} != "rhel" ]]; then
exit 0
fi
mkdir /usr/lib/dracut/modules.d/36coreos-multipath-fix
cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/90-multipathd-remove-execstop.conf <<'EOF'

18
overlay.d/35coreos-iptables/usr/lib/dracut/modules.d/35coreos-iptables/coreos-enable-iptables-legacy.service
View File

@@ -1,18 +0,0 @@
[Unit]
Description=CoreOS Enable iptables-legacy
ConditionPathExists=/etc/initrd-release
DefaultDependencies=false
ConditionPathExists=/sysroot/etc/coreos/iptables-legacy.stamp
# On first boot, allow Ignition config to install stamp file.
After=ignition-files.service
# On subsequent boots, just make sure the deployment is accessible.
After=ostree-prepare-root.service
Before=initrd.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/coreos-enable-iptables-legacy

82
overlay.d/35coreos-iptables/usr/lib/dracut/modules.d/35coreos-iptables/coreos-enable-iptables-legacy.sh
View File

@@ -1,82 +0,0 @@
#!/bin/bash
set -euo pipefail
declare -A SYMLINKS=(
[ip6tables]=ip6tables-legacy
[ip6tables-restore]=ip6tables-legacy-restore
[ip6tables-save]=ip6tables-legacy-save
[iptables]=iptables-legacy
[iptables-restore]=iptables-legacy-restore
[iptables-save]=iptables-legacy-save
)
STAMP=/sysroot/etc/coreos/iptables-legacy.stamp
IGNITION_RESULT=/sysroot/etc/.ignition-result.json
# sanity-check the stamp file is present
if [ ! -e "${STAMP}" ]; then
echo "File ${STAMP} not found; exiting."
exit 0
fi
# We only want to run once.
rm "${STAMP}"
# Ignore firstboot. We don't want the stamp file to be a long-term
# provisioning-time API for moving to iptables-legacy, so explicitly check for
# this and don't support it. We use the Ignition report file because it's less
# hacky than parsing the kernel commandline for `ignition.firstboot`.
if [ -e "${IGNITION_RESULT}" ]; then
ignition_boot=$(jq -r .provisioningBootID "${IGNITION_RESULT}")
if [ "$(cat /proc/sys/kernel/random/boot_id)" = "${ignition_boot}" ]; then
echo "First boot detected; exiting."
exit 0
fi
fi
# if legacy doesn't exist on the host anymore, do nothing
for legacy in "${SYMLINKS[@]}"; do
path=/sysroot/usr/sbin/$legacy
if [ ! -e "$path" ]; then
echo "Executable $path no longer present; exiting."
exit 0
fi
done
symlink_is_default() {
local symlinkpath=$1; shift
# check that the deployment is still using the symlink (i.e. the user didn't
# do something funky), and that the OSTree default is still symlink-based
# (i.e. that we didn't change strategy and forgot to update this script)
if [ ! -L "/sysroot/$symlinkpath" ] || [ ! -L "/sysroot/usr/$symlinkpath" ]; then
return 1
fi
# compare symlink targets between deployment and OSTree default
if [ "$(readlink "/sysroot/$symlinkpath")" != "$(readlink "/sysroot/usr/$symlinkpath")" ]; then
return 1
fi
# it's the default
return 0
}
# If there are any modifications to the symlinks, do nothing. This is basically
# like `ostree admin config-diff` but more focused and lighter/safer than doing
# a bwrap call and grepping output.
for symlink in "${!SYMLINKS[@]}"; do
symlinkpath=/etc/alternatives/$symlink
if ! symlink_is_default "$symlinkpath"; then
echo "Symlink $symlinkpath is not default; exiting without modifying."
exit 0
fi
done
# Update symlinks for legacy backend!
for symlink in "${!SYMLINKS[@]}"; do
target=${SYMLINKS[$symlink]}
symlink=/etc/alternatives/$symlink
ln -vsf "/usr/sbin/$target" "/sysroot/$symlink"
# symlink labels don't matter, but relabel to appease unlabeled_t scanners
coreos-relabel "$symlink"
done
echo "Updated /sysroot to use iptables-legacy."

17
overlay.d/35coreos-iptables/usr/lib/dracut/modules.d/35coreos-iptables/module-setup.sh
View File

@@ -1,17 +0,0 @@
install_and_enable_unit() {
unit="$1"; shift
target="$1"; shift
inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
# note we `|| exit 1` here so we error out if e.g. the units are missing
# see https://github.com/coreos/fedora-coreos-config/issues/799
systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1
}
install() {
inst_simple readlink
inst_simple "$moddir/coreos-enable-iptables-legacy.sh" \
"/usr/sbin/coreos-enable-iptables-legacy"
install_and_enable_unit "coreos-enable-iptables-legacy.service" \
"initrd.target"
}

13
overlay.d/README.md
View File

@@ -52,16 +52,3 @@ Add static chrony configuration for NTP servers provided on platforms
such as `azure`, `aws`, `gcp`. The chrony config for these NTP servers
should override other chrony configuration (e.g. DHCP-provided)
configuration.
35coreos-iptables
-----------------
Contains systemd service and script for remaining on iptables-nft after
the migration to nft.
Split out because (1) it will roll out to next first, and (2) it can
more easily be deleted after the barrier release.
For more details, see:
https://github.com/coreos/fedora-coreos-tracker/issues/676
https://github.com/coreos/fedora-coreos-config/pull/1324

2
tests/kola/chrony/dhcp-propagation
View File

@@ -42,7 +42,7 @@ test_setup() {
pushd "$(mktemp -d)"
NTPHOSTIP=$(getent hosts time-c-g.nist.gov | cut -d ' ' -f 1)
cat <<EOF >Dockerfile
FROM registry.fedoraproject.org/fedora:35
FROM registry.fedoraproject.org/fedora:36
RUN dnf -y install systemd dnsmasq iproute iputils \
&& dnf clean all \
&& systemctl enable dnsmasq

19
tests/kola/firewall/iptables/test.sh
View File

@@ -6,19 +6,8 @@ set -xeuo pipefail
. $KOLA_EXT_DATA/commonlib.sh
# rollout is tied to f36+ on FCOS
# RHCOS is already in nft
# once all of FCOS is on f36, we can drop this branching
if is_rhcos || [ "$(get_fedora_ver)" -ge 36 ]; then
if ! iptables --version | grep nf_tables; then
iptables --version # output for logs
fatal "iptables version is not nft"
fi
ok "iptables in nft mode"
else
if ! iptables --version | grep legacy; then
iptables --version # output for logs
fatal "iptables version is not legacy"
fi
ok "iptables in legacy mode"
if ! iptables --version | grep nf_tables; then
iptables --version # output for logs
fatal "iptables version is not nft"
fi
ok "iptables in nft mode"

22
tests/kola/multipath/multipathd-socket-fix
View File

@@ -1,22 +0,0 @@
#!/bin/bash
# kola: { "exclusive": false, "platforms": "qemu-unpriv" }
# Just run on qemu since the answer is the same everywhere
set -xeuo pipefail
. $KOLA_EXT_DATA/commonlib.sh
# We need either a fixed multipathd.socket or temporary workaround, no need for both.
# See https://bugzilla.redhat.com/show_bug.cgi?id=2008098.
has_fixed_multipathd_socket=1
grep -q 'ConditionPathExists=/etc/multipath.conf' /usr/lib/systemd/system/multipathd.socket || has_fixed_multipathd_socket=0
has_overlay_multipathd_socket_quickfix=1
test -f /usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf || has_overlay_multipathd_socket_quickfix=0
if test "${has_fixed_multipathd_socket}" -eq "${has_overlay_multipathd_socket_quickfix}"; then
if test "${has_fixed_multipathd_socket}" -eq 1; then
fatal "Found fixed multipathd.socket but quickfix is present too"
else
fatal "Found buggy multipathd.socket but quickfix is missing too"
fi
fi
ok "either multipathd.socket fixed or quickfix present"

7
tests/kola/networking/default-network-behavior-change/test.sh
View File

@@ -13,7 +13,7 @@ set -xeuo pipefail
. $KOLA_EXT_DATA/commonlib.sh
# EXPECTED_INITRD_NETWORK_CFG1
# - used on Fedora 35 and RHEL 8.5 release
# - used on RHEL 8.5 release
EXPECTED_INITRD_NETWORK_CFG1="[connection]
id=Wired Connection
uuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
@@ -94,7 +94,7 @@ method=auto
org.freedesktop.NetworkManager.origin=nm-initrd-generator"
# EXPECTED_REALROOT_NETWORK_CFG1:
# - used on F35 and RHEL <= 8.5
# - used on RHEL <= 8.5
EXPECTED_REALROOT_NETWORK_CFG1="[connection]
id=Wired connection 1
uuid=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
@@ -159,9 +159,6 @@ if [ "$ID" == "fedora" ]; then
if [ "$VERSION_ID" -ge "36" ]; then
EXPECTED_INITRD_NETWORK_CFG=$EXPECTED_INITRD_NETWORK_CFG3
EXPECTED_REALROOT_NETWORK_CFG=$EXPECTED_REALROOT_NETWORK_CFG2
elif [ "$VERSION_ID" -eq "35" ]; then
EXPECTED_INITRD_NETWORK_CFG=$EXPECTED_INITRD_NETWORK_CFG1
EXPECTED_REALROOT_NETWORK_CFG=$EXPECTED_REALROOT_NETWORK_CFG1
else
fatal "fail: not operating on expected OS version"
fi

14
tests/kola/networking/resolv/resolv
View File

@@ -1,14 +0,0 @@
#!/bin/bash
# kola: { "exclusive": false }
set -xeuo pipefail
. $KOLA_EXT_DATA/commonlib.sh
# systemd-resolved should be fully functional on f35+
source /etc/os-release
if [ "$VERSION_ID" -ge "35" ]; then
if ! grep 'nameserver 127.0.0.53' /etc/resolv.conf; then
fatal "systemd-resolved stub listener isn't enabled"
fi
fi
ok services

6
tests/kola/networking/resolv/systemd-resolved-service → tests/kola/networking/resolv/systemd-resolved
View File

@@ -10,3 +10,9 @@ set -xeuo pipefail
if ! systemctl is-enabled systemd-resolved 1>/dev/null; then
fatal "Unit systemd-resolved should be enabled"
fi
# systemd-resolved should be fully functional on f35+
if ! grep 'nameserver 127.0.0.53' /etc/resolv.conf; then
fatal "systemd-resolved stub listener isn't enabled"
fi
ok "systemd-resolved is enabled and the stub listener is enabled"

2
tests/kola/podman/dns/test.sh
View File

@@ -24,7 +24,7 @@ runascoreuserscript='
set -euxo pipefail
podman network create testnetwork
podman run --rm -t --network=testnetwork registry.fedoraproject.org/fedora:35 getent hosts google.com
podman run --rm -t --network=testnetwork registry.fedoraproject.org/fedora:36 getent hosts google.com
podman network rm testnetwork
'

2
tests/kola/podman/rootless-systemd
View File

@@ -34,7 +34,7 @@ set -euxo pipefail
# https://github.com/coreos/coreos-assembler/issues/1645
cd $(mktemp -d)
cat <<EOF > Containerfile
FROM registry.fedoraproject.org/fedora:35
FROM registry.fedoraproject.org/fedora:36
RUN dnf -y update \
&& dnf -y install systemd httpd \
&& dnf clean all \

14
tests/kola/security/passwd/test.sh
View File

@@ -13,16 +13,12 @@ OUTPUT=$(echo 'foobar' | setsid su - tester -c id)
if [[ $OUTPUT != "uid=1001(tester) gid=1001(tester) groups=1001(tester) context=system_u:system_r:unconfined_service_t:s0" ]]; then
fatal "Failure when checking command output running with specified username and password"
fi
# yescrypt was changed to the default in Fedora 35
# https://fedoraproject.org/wiki/Changes/yescrypt_as_default_hashing_method_for_shadow
# Testing that passwd command creates a yescrypt password hash(starting with '$y$')
source /etc/os-release
if [ "$VERSION_ID" -ge "35" ]; then
sudo useradd tester2
echo "42abcdef" | sudo passwd tester2 --stdin
PASSWD_CONFIRMATION=$(sudo grep tester2 /etc/shadow)
if [[ ${PASSWD_CONFIRMATION:0:11} != 'tester2:$y$' ]]; then
fatal "passwd did not create a yescrypt password hash"
fi
sudo useradd tester2
echo "42abcdef" | sudo passwd tester2 --stdin
PASSWD_CONFIRMATION=$(sudo grep tester2 /etc/shadow)
if [[ ${PASSWD_CONFIRMATION:0:11} != 'tester2:$y$' ]]; then
fatal "passwd did not create a yescrypt password hash"
fi
ok "User-password provisioned and passwd command successfully tested"

0
tests/kola/networking/stub-resolve.sh → tests/kola/selinux/stub-resolve-context
View File

28
tests/manual/iptables-nft-migration/tests/kola/already-migrated/config.bu
View File

@@ -1,28 +0,0 @@
variant: fcos
version: 1.4.0
storage:
links:
- path: /etc/alternatives/iptables
target: /usr/sbin/iptables-nft
overwrite: true
hard: false
- path: /etc/alternatives/iptables-restore
target: /usr/sbin/iptables-nft-restore
overwrite: true
hard: false
- path: /etc/alternatives/iptables-save
target: /usr/sbin/iptables-nft-save
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables
target: /usr/sbin/ip6tables-nft
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-restore
target: /usr/sbin/ip6tables-nft-restore
overwrite: true
hard: false
- path: /etc/alternatives/ip6tables-save
target: /usr/sbin/ip6tables-nft-save
overwrite: true
hard: false

1
tests/manual/iptables-nft-migration/tests/kola/already-migrated/data/common.sh
View File

@@ -1 +0,0 @@
../../data/common.sh

21
tests/manual/iptables-nft-migration/tests/kola/already-migrated/test.sh
View File

@@ -1,21 +0,0 @@
#!/bin/bash
set -xeuo pipefail
# kola: { "tags": "needs-internet" }
. $KOLA_EXT_DATA/common.sh
case "${AUTOPKGTEST_REBOOT_MARK:-}" in
"")
assert_iptables_nft
assert_iptables_differs_from_default
upgrade
/tmp/autopkgtest-reboot rebooted
;;
rebooted)
assert_iptables_nft
assert_iptables_matches_default
;;
*) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";;
esac

22
tests/manual/iptables-nft-migration/tests/kola/data/common.sh
View File

@@ -1,22 +0,0 @@
OCIARCHIVE_URL=http://192.168.0.13:8000/fedora-coreos-35.20220210.dev.0-ostree.x86_64.ociarchive
upgrade() {
curl -Lo /var/tmp/update.ociarchive "${OCIARCHIVE_URL}"
rpm-ostree rebase --experimental ostree-unverified-image:oci-archive:/var/tmp/update.ociarchive
}
assert_iptables_legacy() {
iptables --version | grep legacy
}
assert_iptables_nft() {
iptables --version | grep nf_tables
}
assert_iptables_differs_from_default() {
ostree admin config-diff | grep alternatives/iptables
}
assert_iptables_matches_default() {
! ostree admin config-diff | grep alternatives/iptables
}

21
tests/manual/iptables-nft-migration/tests/kola/migrate-to-nft
View File

@@ -1,21 +0,0 @@
#!/bin/bash
set -xeuo pipefail
# kola: { "tags": "needs-internet" }
. $KOLA_EXT_DATA/common.sh
case "${AUTOPKGTEST_REBOOT_MARK:-}" in
"")
assert_iptables_legacy
assert_iptables_matches_default
upgrade
/tmp/autopkgtest-reboot rebooted
;;
rebooted)
assert_iptables_nft
assert_iptables_matches_default
;;
*) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";;
esac

6
tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/config.bu
View File

@@ -1,6 +0,0 @@
variant: fcos
version: 1.4.0
storage:
files:
- path: /etc/coreos/iptables-legacy.stamp
mode: 0644

1
tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/data/common.sh
View File

@@ -1 +0,0 @@
../../data/common.sh

21
tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day1/test.sh
View File

@@ -1,21 +0,0 @@
#!/bin/bash
set -xeuo pipefail
# kola: { "tags": "needs-internet" }
. $KOLA_EXT_DATA/common.sh
case "${AUTOPKGTEST_REBOOT_MARK:-}" in
"")
assert_iptables_legacy
assert_iptables_matches_default
upgrade
/tmp/autopkgtest-reboot rebooted
;;
rebooted)
assert_iptables_legacy
assert_iptables_differs_from_default
;;
*) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";;
esac

23
tests/manual/iptables-nft-migration/tests/kola/stay-on-legacy.day2
View File

@@ -1,23 +0,0 @@
#!/bin/bash
set -xeuo pipefail
# kola: { "tags": "needs-internet" }
. $KOLA_EXT_DATA/common.sh
case "${AUTOPKGTEST_REBOOT_MARK:-}" in
"")
assert_iptables_legacy
assert_iptables_matches_default
mkdir -m 755 /etc/coreos/
touch /etc/coreos/iptables-legacy.stamp
upgrade
/tmp/autopkgtest-reboot rebooted
;;
rebooted)
assert_iptables_legacy
assert_iptables_differs_from_default
;;
*) fatal "unexpected mark: ${AUTOPKGTEST_REBOOT_MARK}";;
esac