Validate installation of vagrant-libvirt on multiple distros (#5)

Add the basic structure required to trigger testing all distributions
currently supported when an update is proposed to the .gitmodules file.

Use docker containers for the distros to validate linking of libraries
allow the vagrant bindings to work as expected to use libvirt from the
distro to launch the VM with the necessary limitation that it will not
be a perfect check. Using qemu to spin up the distros for a more
accurate check is not possible due to the performance overhead as
github actions do not allow for nested virtualization.

This can be used as a proxy to pick up latest updates from
vagrant-libvirt on a daily basis via dependabot in the hope of
maintaining a set of working instructions for each distribution.

Author: electrofelix

.github/workflows/distro-install.yml

@@ -0,0 +1,64 @@
+name: Distribution Install
+
+on:
+  pull_request:
+
+jobs:
+  generate-matrix:
+    runs-on: ubuntu-20.04
+    outputs:
+      matrix: ${{ steps.generate-matrix.outputs.matrix }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Generate matrix
+      id: generate-matrix
+      run: |
+        tests="$(ruby boxes.rb | jq -c -r '. | keys')"
+        echo "::set-output name=matrix::${tests}"
+
+  verify-install:
+    needs: generate-matrix
+    runs-on: ubuntu-20.04
+    env:
+      VAGRANT_DEFAULT_PROVIDER: docker
+      VAGRANT_LIBVIRT_DRIVER: qemu
+    strategy:
+      fail-fast: false
+      matrix:
+        test_name: ${{ fromJSON(needs.generate-matrix.outputs.matrix) }}
+
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+        submodules: recursive
+    - name: Disable apparmor to allow containers use alternative paths
+      run: |
+        sudo systemctl stop apparmor
+    - name: Set up version to test
+      run: |
+        echo "QA_VAGRANT_LIBVIRT_VERSION=git-$(git submodule status -- vagrant-libvirt | cut -d' ' -f2)" >> ${GITHUB_ENV}
+    - name: Set up libvirt
+      run: |
+        ./scripts/install.bash --vagrant-only -- 2.2.19
+    - uses: actions/cache@v2
+      with:
+        path: ~/.vagrant.d/boxes
+        key: ${{ runner.os }}-${{ matrix.test_name }}
+        restore-keys: |
+          ${{ runner.os }}-
+    - name: launch target distro
+      run: |
+        vagrant up --no-provision ${{ matrix.test_name }}
+
+    - name: test vagrant-libvirt in target distro
+      run: |
+        vagrant provision ${{ matrix.test_name }}
+
+  finish:
+    needs: verify-install
+    runs-on: ubuntu-latest
+    steps:
+    - name: Matrix finished
+      run: |
+        echo "success"

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "vagrant-libvirt"]
+	path = vagrant-libvirt
+	url = ../vagrant-libvirt.git

Vagrantfile

@@ -1,48 +1,9 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
-ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
+ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'libvirt'
 
-# Allow for passing test versions with env vars
-if ENV['QA_VAGRANT_VERSION'].nil? || ENV['QA_VAGRANT_VERSION'] == "latest"
-  # If not specified, fetch the latest version using built-in 'version' plugin
-  #
-  # NOTE: we 'cd /tmp' to avoid invoking Vagrant against this very Vagrantfile but
-  # that may not always work. There is probably a better way by leveraging
-  # VagrantPlugins::CommandVersion::Command and using 'version-latest'
-  #
-  latest = `cd /tmp; vagrant version | grep Latest | awk '{ print $3 }'`
-  QA_VAGRANT_VERSION = latest.strip
-else
-  QA_VAGRANT_VERSION = ENV['QA_VAGRANT_VERSION']
-end
-
-if ENV['QA_VAGRANT_LIBVIRT_VERSION'].nil?
-  # If not specified, we just install latest published version
-  QA_VAGRANT_LIBVIRT_INSTALL_OPTS = "vagrant-libvirt"
-  QA_VAGRANT_LIBVIRT_VERSION = "latest"
-elsif ENV['QA_VAGRANT_LIBVIRT_VERSION'] == "master"
-  QA_VAGRANT_LIBVIRT_INSTALL_OPTS = "../vagrant-libvirt/vagrant-libvirt-*.gem"
-  QA_VAGRANT_LIBVIRT_VERSION = "master"
-else
-  QA_VAGRANT_LIBVIRT_VERSION = ENV['QA_VAGRANT_LIBVIRT_VERSION']
-  QA_VAGRANT_LIBVIRT_INSTALL_OPTS = "vagrant-libvirt --plugin-version #{QA_VAGRANT_LIBVIRT_VERSION}"
-end
-
-APT_ENV_VARS = {
-  'DEBIAN_FRONTEND': 'noninteractive',
-  'DEBCONF_NONINTERACTIVE_SEEN': true,
-}
-
-def setup_vm_provider(vm)
-  vm.provider :libvirt do |domain|
-    domain.driver = 'kvm'
-    domain.memory = 2048
-    domain.cpus = 2
-    domain.nested = true
-    domain.cpu_mode = 'host-passthrough'
-  end
-end
+require_relative './boxes.rb'
 
 def add_test_provisions(vm)
   # Workarond for Vagrant bug
@@ -56,9 +17,9 @@ def add_test_provisions(vm)
   end
   # Testing nested VM provisioning via nested kvm
   vm.provision :file, :source => './Vagrantfile.test', :destination => '~/Vagrantfile'
-  vm.provision :shell, :privileged => false, :inline => <<-EOC
+  vm.provision :shell, :privileged => false, :env => {'VAGRANT_LOG': 'debug'} ,:inline => <<-EOC
     set -e
-    vagrant destroy -f 2>/dev/null 1>/dev/null
+    vagrant destroy -f
     vagrant up --provider=libvirt
     vagrant halt
     vagrant destroy -f
@@ -67,88 +28,65 @@ end
 
 Vagrant.configure(2) do |config|
 
-  config.vm.define "ubuntu-18.04" do |v|
-    v.vm.hostname = "ubuntu-18.04"
-    v.vm.box = "generic/ubuntu1804"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :inline => 'ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf'
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
-
-  config.vm.define "ubuntu-20.04" do |v|
-    v.vm.hostname = "ubuntu-20.04"
-    v.vm.box = "generic/ubuntu2004"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :inline => 'ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf'
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+  BOXES.each_pair do |name, settings|
+    config.vm.define name do |machine|
+      machine.vm.hostname = name
 
-  config.vm.define "debian-10" do |v|
-    v.vm.hostname = "debian-10"
-    v.vm.box = "generic/debian10"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :inline => 'sed -i -e "/^dns-nameserver/g" /etc/network/interfaces', :reboot => true
-    # restarting dnsmasq can require a retry after everything else to come up correctly.
-    v.vm.provision :shell, :inline => 'apt update && apt install -y dnsmasq && systemctl restart dnsmasq', :env => APT_ENV_VARS
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+      machine.vm.provider :docker do |docker, override|
+        docker.build_dir = "docker/#{name}"
+        docker.build_args = "--pull"
+        docker.has_ssh = true
+        docker.volumes = [
+          # allow libvirt in the container to trigger loading modules such as ip6tables
+          "/lib/modules:/lib/modules",
+          # next two needed for systemd in container
+          "/sys/fs/cgroup:/sys/fs/cgroup:ro",
+          "/sys/fs/cgroup/systemd:/sys/fs/cgroup/systemd:rw",
+        ]
+        docker.create_args = [
+          "--privileged",
+          "--security-opt", "apparmor=unconfined",
+          "--tmpfs=/run",
+          "--tmpfs=/tmp:exec",
+        ]
 
-  config.vm.define "centos-7" do |v|
-    v.vm.hostname = "centos-7"
-    v.vm.box = "centos/7"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+        # Note that must add all provisioners using the same logic as vagrant does
+        # not order machine.vm.provision and override.vm.provision according to
+        # order in the Vagrantfile and instead override will always is appended last.
+        [].concat(
+          settings.fetch(:docker, {}).fetch(:provision, [])
+        ).concat(
+          settings.fetch(:provision, DEFAULT_PROVISION)
+        ).concat(
+          settings.fetch(:docker, {}).fetch(:post_install, [])
+        ).each do |p|
+          override.vm.provision :shell, **p
+        end
 
-  config.vm.define "centos-8" do |v|
-    v.vm.hostname = "centos-8"
-    v.vm.box = "centos/8"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+        add_test_provisions(override.vm)
+      end
 
-  config.vm.define "fedora-33" do |v|
-    v.vm.hostname = "fedora-33"
-    v.vm.box = "generic/fedora33"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+      machine.vm.provider :libvirt do |domain, override|
+        override.vm.box = settings[:libvirt][:box]
+        domain.driver = ENV.fetch('VAGRANT_LIBVIRT_DRIVER', 'kvm')
+        domain.memory = 4096
+        domain.cpus = 2
+        domain.nested = true
+        domain.disk_driver :io => 'threads', :cache => 'unsafe'
 
-  config.vm.define "fedora-34" do |v|
-    v.vm.hostname = "fedora-34"
-    v.vm.box = "generic/fedora34"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :reset => true, :inline => 'usermod -a -G libvirt vagrant'
-    add_test_provisions(v.vm)
-  end
+        # Note that must add all provisioners using the same logic as vagrant does
+        # not order machine.vm.provision and override.vm.provision according to
+        # order in the Vagrantfile and instead override will always is appended last.
+        [].concat(
+          settings.fetch(:libvirt, {}).fetch(:provision, [])
+        ).concat(
+          settings.fetch(:provision, DEFAULT_PROVISION)
+        ).each do |p|
+          override.vm.provision :shell, **p
+        end
 
-  config.vm.define "arch" do |v|
-    v.vm.hostname = "arch"
-    v.vm.box = "archlinux/archlinux"
-    v.vm.synced_folder ".", "/vagrant", disabled: true
-    setup_vm_provider(v.vm)
-    v.vm.provision :shell, :privileged => false, :path => './scripts/install.bash', :args => QA_VAGRANT_VERSION
-    v.vm.provision :shell, :privileged => false, :reset => true, :inline => 'sudo usermod -G kvm $(whoami)'
-    add_test_provisions(v.vm)
+        add_test_provisions(override.vm)
+      end
+    end
   end
 end

Vagrantfile.test

@@ -4,6 +4,7 @@
 ENV['VAGRANT_DEFAULT_PROVIDER'] = 'libvirt'
 
 Vagrant.configure(2) do |config|
+  config.vm.boot_timeout = 1200
   config.vm.define "tiny" do |v|
     v.vm.box = "infernix/tinycore"
     v.vm.synced_folder ".", "/vagrant", disabled: true

boxes.rb

@@ -0,0 +1,87 @@
+#!/usr/bin/ruby
+#
+# Allow for passing test versions with env vars
+if ENV['QA_VAGRANT_VERSION'].nil? || ENV['QA_VAGRANT_VERSION'] == "latest"
+  # If not specified, fetch the latest version using built-in 'version' plugin
+  #
+  # NOTE: we 'cd /tmp' to avoid invoking Vagrant against this very Vagrantfile but
+  # that may not always work. There is probably a better way by leveraging
+  # VagrantPlugins::CommandVersion::Command and using 'version-latest'
+  # 
+  latest = `cd /tmp; vagrant version | grep Latest | awk '{ print $3 }'`
+  QA_VAGRANT_VERSION = latest.strip
+else
+  QA_VAGRANT_VERSION = ENV['QA_VAGRANT_VERSION']
+end
+
+APT_ENV_VARS = {
+  'DEBIAN_FRONTEND': 'noninteractive',
+  'DEBCONF_NONINTERACTIVE_SEEN': true,
+}
+
+INSTALL_ENV_VARS = {
+  'VAGRANT_LIBVIRT_VERSION': ENV.fetch('QA_VAGRANT_LIBVIRT_VERSION', 'latest'),
+}
+
+BOXES = {
+  'ubuntu-18.04' => {
+    :libvirt => {
+      :box => "generic/ubuntu1804",
+      :provision => [
+        {:inline => 'ln -sf ../run/systemd/resolve/resolv.conf /etc/resolv.conf'},
+      ],
+    },
+  },
+  'ubuntu-20.04' => {
+    :libvirt => {
+      :box => "generic/ubuntu2004",
+    },
+  },
+  'debian-10' => {
+    :libvirt => {
+      :box => "generic/debian10",
+      :provision => [
+        {:name => 'disable dns-nameservers', :inline => 'sed -i -e "/^dns-nameserver/g" /etc/network/interfaces', :reboot => true},
+        # restarting dnsmasq can require a retry after everything else to come up correctly.
+        {:name => 'install dnsmasq', :inline => 'apt update && apt install -y dnsmasq && systemctl restart dnsmasq', :env => APT_ENV_VARS},
+      ],
+    },
+  },
+  'centos-7' => {
+    :libvirt => {
+      :box => "generic/centos7",
+    },
+  },
+  'centos-8' => {
+    :libvirt => {
+      :box => "generic/centos8",
+    },
+  },
+  'fedora-33' => {
+    :libvirt => {
+      :box => "generic/fedora33",
+    },
+  },
+  'fedora-34' => {
+    :libvirt => {
+      :box => "generic/fedora34",
+    },
+  },
+  'archlinux' => {
+    :libvirt => {
+      :box => "archlinux/archlinux",
+    },
+  },
+}
+
+DEFAULT_PROVISION = [
+  {:name => 'install script', :privileged => false, :path => './scripts/install.bash', :args => "--vagrant-version #{QA_VAGRANT_VERSION}", :env => INSTALL_ENV_VARS},
+  {:name => 'setup group', :reset => true, :inline => 'usermod -a -G libvirt vagrant'},
+  {:name => 'debug system capabilities', :privileged => false, :inline => 'virsh --connect qemu:///system capabilities'},
+  {:name => 'debug uri', :privileged => false, :inline => 'virsh uri'},
+]
+
+if __FILE__ == $0
+  require 'json'
+  puts JSON.pretty_generate(BOXES)
+end