Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"image": "ghcr.io/dfinity/ic-dev@sha256:7d6f48fc1f2b0ddf229c4f325ec468f27225f8be7fe46836d6b44d23602ddca1",
"image": "ghcr.io/dfinity/ic-dev@sha256:1fa9ada331eeb070d35a4972395ae8296d07642c03306682a144c5977dbda65c",
"remoteUser": "ubuntu",
"privileged": true,
"runArgs": [
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/api-bn-recovery-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host
--mount type=tmpfs,target="/home/buildifier/.local/share/containers"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
runs-on: &dind-large-setup
labels: dind-large
container: &container-setup
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 90
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-pr-only.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
runs-on: &dind-small-setup
labels: dind-small
container: &container-setup
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --mount type=tmpfs,target="/tmp/containers"
steps:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/container-api-bn-recovery.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host
--mount type=tmpfs,target="/home/buildifier/.local/share/containers"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/container-scan-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ jobs:
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 60
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/local-system-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ jobs:
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 600
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/pocket-ic-tests-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
bazel-build-pocket-ic:
name: Bazel Build PocketIC
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 90
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/rate-limits-backend-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
labels: dind-large

container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info --mount type=tmpfs,target="/tmp/containers"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/release-testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ jobs:
group: dm1
labels: dind-large
container: &container-setup
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 180
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/rosetta-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
environment: DockerHub
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/salt-sharing-canister-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
labels: dind-large

container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info --mount type=tmpfs,target="/tmp/containers"

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/schedule-daily.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
runs-on: &dind-large-setup
labels: dind-large
container: &container-setup
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 720 # 12 hours
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/schedule-rust-bench.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
# see linux-x86-64 runner group
labels: rust-benchmarks
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
# running on bare metal machine using ubuntu user
options: --user ubuntu --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 720 # 12 hours
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/system-tests-benchmarks-nightly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ jobs:
group: dm1
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers"
timeout-minutes: 480
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/update-mainnet-canister-revisions.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
labels: dind-small
environment: CREATE_PR
container:
image: ghcr.io/dfinity/ic-build@sha256:a50deb1a24fafa90553a1ba65551a4e8d955bce42e8f0d9d8e53ecc82f8f9c35
image: ghcr.io/dfinity/ic-build@sha256:14610fcd4086e840b3899265084c36167b1819f820956a97ab41661e24eb73a1
options: >-
-e NODE_NAME --privileged --cgroupns host -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info --mount type=tmpfs,target="/tmp/containers"
env:
Expand Down
26 changes: 26 additions & 0 deletions MODULE.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -1218,6 +1218,32 @@ new_local_repository(
path = "/usr",
)

# libvirtd and its QEMU connection driver, fetched as Debian packages and
# extracted in //rs/tests (see the `libvirtd` and `libvirt_driver_qemu`
# genrules). The local system-test backend
# (rs/tests/driver/src/driver/local_backend.rs) spawns this libvirtd and points
# it at the extracted QEMU driver via LIBVIRT_DRIVER_DIR, so the container image
# no longer needs `libvirt-daemon` / `libvirt-daemon-driver-qemu` installed (see
# ci/container/files/packages.common).
#
# Pinned to the same version (12.0.0-1ubuntu5.1) as the `libvirt0` runtime
# library that `libvirt-dev` installs in the container, so the daemon and driver
# are ABI-compatible with it. To bump: pick a snapshot.ubuntu.com date carrying
# the desired version and update the urls + sha256 (the sha256 of the .deb).
http_file(
name = "libvirt_daemon_deb",
downloaded_file_path = "libvirt-daemon.deb",
sha256 = "fb483c656580988c87815615c3959d9d521bb9f4cb71b4f2932cbc572272ec50",
url = "https://snapshot.ubuntu.com/ubuntu/20260629T000000Z/pool/main/libv/libvirt/libvirt-daemon_12.0.0-1ubuntu5.1_amd64.deb",
)

http_file(
name = "libvirt_daemon_driver_qemu_deb",
downloaded_file_path = "libvirt-daemon-driver-qemu.deb",
sha256 = "339590925f2427086df6305726656f32d5a1607d538b3a6cfcadfba65704c38a",
url = "https://snapshot.ubuntu.com/ubuntu/20260629T000000Z/pool/main/libv/libvirt/libvirt-daemon-driver-qemu_12.0.0-1ubuntu5.1_amd64.deb",
)

# Mainnet canister references

canisters = use_repo_rule("//bazel:mainnet-canisters.bzl", "canisters")
Expand Down
2 changes: 1 addition & 1 deletion ci/container/TAG
Original file line number Diff line number Diff line change
@@ -1 +1 @@
d395e4504a1bf0cf387cbf17335b6a6cf47373e886e00994723ae3de5e53b107
df92634d8ba5b2d6d2de4924ac7f93c08ad20ae7e3d172ffab98ea97dbbc44c1
10 changes: 6 additions & 4 deletions ci/container/files/packages.common
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,12 @@ zstd
iputils-ping # for ping6 required by the bazel-test-bare-metal

# Local system-test backend (libvirt/QEMU; see rs/tests/driver/src/driver/local_backend.rs).
# Provides per-test libvirtd subprocess + KVM-accelerated QEMU + dnsmasq for the
# libvirt network's DHCP.
libvirt-daemon
libvirt-daemon-driver-qemu
# Provides KVM-accelerated QEMU + dnsmasq for the libvirt network's DHCP + OVMF
# firmware. The libvirtd daemon and its QEMU connection driver are intentionally
# NOT installed here: they are fetched as Debian packages via Bazel and extracted
# into the test runfiles (see //rs/tests:libvirtd and //rs/tests:libvirt_driver_qemu),
# then run with LIBVIRT_DRIVER_DIR pointed at the extracted driver. The libvirt
# runtime library they link against (libvirt0) is still pulled in by `libvirt-dev`.
qemu-system-x86
qemu-utils
dnsmasq-base
Expand Down
24 changes: 23 additions & 1 deletion rs/tests/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -255,10 +255,32 @@ genrule(
cmd = "sed < $< 's/$$/-test/' > $@",
)

# libvirtd and the QEMU connection driver for the local system-test backend
# (rs/tests/driver/src/driver/local_backend.rs), extracted from Debian packages
# fetched via Bazel (@libvirt_daemon_deb / @libvirt_daemon_driver_qemu_deb in
# MODULE.bazel) instead of copied from the container image. This keeps
# `libvirt-daemon` / `libvirt-daemon-driver-qemu` out of the image (see
# ci/container/files/packages.common); the libvirt runtime library they link
# against still comes from `libvirt-dev`'s `libvirt0` dependency. The backend
# runs `:libvirtd` with LIBVIRT_DRIVER_DIR pointed at `:libvirt_driver_qemu`'s
# directory so the monolithic daemon loads the QEMU driver (only) from there.
# `dpkg-deb --fsys-tarfile` decompresses the .deb's data archive to a tar stream
# from which `tar -xO` writes the single member to stdout.
genrule(
name = "libvirtd",
srcs = ["@libvirt_daemon_deb//file"],
outs = ["libvirtd.bin"],
cmd = "cp -L /usr/sbin/libvirtd $@",
cmd = "dpkg-deb --fsys-tarfile $(location @libvirt_daemon_deb//file) | tar -xO ./usr/sbin/libvirtd > $@",
local = True,
tags = ["manual"],
target_compatible_with = ["@platforms//os:linux"],
)

genrule(
name = "libvirt_driver_qemu",
srcs = ["@libvirt_daemon_driver_qemu_deb//file"],
outs = ["libvirt_driver_qemu.so"],
cmd = "dpkg-deb --fsys-tarfile $(location @libvirt_daemon_driver_qemu_deb//file) | tar -xO ./usr/lib/x86_64-linux-gnu/libvirt/connection-driver/libvirt_driver_qemu.so > $@",
local = True,
tags = ["manual"],
target_compatible_with = ["@platforms//os:linux"],
Expand Down
22 changes: 22 additions & 0 deletions rs/tests/driver/src/driver/local_backend.rs
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,27 @@ impl LocalBackend {
info!(logger, "Spawning libvirtd (session mode)"; "conf" => %conf_path.display(), "socket" => %socket_path.display());

let libvirtd_path = get_dependency_path_from_env("ENV_DEPS__LIBVIRTD_PATH");

// The QEMU connection driver (libvirt_driver_qemu.so) is provided by
// Bazel (//rs/tests:libvirt_driver_qemu), extracted from a Debian
// package, rather than installed in the container image. Point libvirtd
// at the directory holding it via LIBVIRT_DRIVER_DIR so the monolithic
// daemon loads the QEMU driver from there. The other connection drivers
// (network, storage, secret, ...) are intentionally absent: the local
// backend manages networking and disks itself and only needs
// `qemu:///session`, so libvirtd simply skips the driver modules it
// cannot find in that directory. Canonicalized to an absolute path
// because the value read from the environment is runfiles-relative.
let qemu_driver_path = get_dependency_path_from_env("ENV_DEPS__LIBVIRT_DRIVER_QEMU_PATH")
.canonicalize()
.context("canonicalizing the bazel-provided QEMU driver path")?;
let libvirt_driver_dir = qemu_driver_path.parent().with_context(|| {
format!(
"QEMU driver path {} has no parent directory",
qemu_driver_path.display()
)
})?;

// We deliberately do not keep the `Child` handle. libvirtd must outlive
// this (setup) process so forked task subprocesses can `connect_only` to
// its socket; dropping the handle is harmless because
Expand All @@ -333,6 +354,7 @@ impl LocalBackend {
.arg(&pid_path)
.env("HOME", &state_home)
.env("XDG_RUNTIME_DIR", &xdg_runtime_dir)
.env("LIBVIRT_DRIVER_DIR", libvirt_driver_dir)
.stdin(Stdio::null())
.stdout(Stdio::null())
.stderr(Stdio::null())
Expand Down
1 change: 1 addition & 0 deletions rs/tests/system_tests.bzl
Original file line number Diff line number Diff line change
Expand Up @@ -284,6 +284,7 @@ def system_test(
_local_only_deps["ENV_DEPS__UNIVERSAL_VM_DISK_IMG_PATH"] = "@farm_universal_vm_img//file"
_local_only_deps["ENV_DEPS__PROMETHEUS_VM_DISK_IMG_PATH"] = "@farm_prometheus_vm_img//file"
_local_only_deps["ENV_DEPS__LIBVIRTD_PATH"] = "//rs/tests:libvirtd"
_local_only_deps["ENV_DEPS__LIBVIRT_DRIVER_QEMU_PATH"] = "//rs/tests:libvirt_driver_qemu"
_local_only_deps["ENV_DEPS__DNSMASQ_PATH"] = "//rs/tests:dnsmasq"

local_dep_env = {
Expand Down
Loading