Support CI on ARM64 #3045
Support CI on ARM64 #3045
Conversation
yankay
force-pushed
the
support-ci-arm64
branch
3 times, most recently
from
41ce94e to
b64eca6
Compare
yankay
force-pushed
the
support-ci-arm64
branch
2 times, most recently
from
2435baa to
e0f42cf
Compare
yankay
force-pushed
the
support-ci-arm64
branch
5 times, most recently
from
d01a271 to
6449ca8
Compare
yankay
force-pushed
the
support-ci-arm64
branch
3 times, most recently
from
2fb1b87 to
9bf3fad
Compare
.github/workflows/test.yml
Outdated
| @@ -317,3 +317,24 @@ jobs: | |||
| run: sudo vagrant up --provision-with=test-unit | |||
| - name: test-integration | |||
| run: sudo vagrant up --provision-with=test-integration | |||
|
|
|||
| test-integration-arm64: | |||
There was a problem hiding this comment.
Can we just merge this into test-integration with a matrix for runs-on ?
Dockerfile
Outdated
| @@ -356,4 +356,8 @@ FROM test-integration AS test-integration-ipv6 | |||
| CMD ["gotestsum", "--format=testname", "--rerun-fails=2", "--packages=github.com/containerd/nerdctl/v2/cmd/nerdctl/...", \ | |||
| "--", "-timeout=30m", "-args", "-test.kill-daemon", "-test.ipv6"] | |||
|
|
|||
| FROM test-integration AS test-integration-arm64 | |||
There was a problem hiding this comment.
Doesn't need to be a separate stage AFAICS
| @@ -398,6 +398,13 @@ func TestRunSigProxy(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| func fluentdImage() string { | |||
| if runtime.GOARCH == "arm64" { | |||
| return "fluent/fluentd:v1.14-arm64-debian" | |||
There was a problem hiding this comment.
This should be defined as a const in testutil
pkg/testutil/testutil_linux.go
Outdated
| @@ -41,6 +41,7 @@ var ( | |||
| MariaDBImage = mirrorOf("mariadb:10.5") | |||
| DockerAuthImage = mirrorOf("cesanta/docker_auth:1.7") | |||
| FluentdImage = mirrorOf("fluent/fluentd:v1.14-1") | |||
| FluentdImageArm64 = mirrorOf("fluent/fluentd:v1.14-arm64-debian") | |||
There was a problem hiding this comment.
v1.17.0-debian-1.0 is a proper multi-arch image. Do we really need to have multiple images and testing here?
yankay
force-pushed
the
support-ci-arm64
branch
3 times, most recently
from
c6f4b5b to
1deba48
Compare
| @@ -159,6 +166,10 @@ RUN uname -m > /usr/share/nginx/html/index.html | |||
| "http://127.0.0.1:8081": "aarch64", | |||
| "http://127.0.0.1:8082": "armv7l", | |||
| } | |||
| // using aarch64 instead of armv7l because the arm64 system is compatible with armv7. | |||
There was a problem hiding this comment.
Hey @yankay I do not understand why we should do that / what is it bringing us (actually I do not understand how that can work? - this clearly fails for me locally).
There was a problem hiding this comment.
HI @apostasie
Ref to containerd/containerd#10466. The ctr has the same behavior as nerdctl.
When we run armv7 on x86, the binfmt uses qemu to emulate. So the uname -m commands show armv7 .
But when we run armv7 on aarch64, it does not need to emulate the Linux runs the binary with native fallback execution mode. So the uname -m commands show aarch64 .
Ref to: docker/buildx#198
There was a problem hiding this comment.
My host is on arm64 (with qemu installed, as we do on the CI):
$ uname -m
aarch64
$ nerdctl run --rm --platform arm alpine uname -m
armv7l
There was a problem hiding this comment.
Tonis comment (in docker/buildx#198 (comment) ) makes it clear that this is without qemu.
But here we do enable qemu - which is why I am confused at how this could work (especially since it does not, locally)
There was a problem hiding this comment.
MY test environment is
root@iZj6c145pjnolrzzpcuvx2Z:~# uname -a
Linux iZj6c145pjnolrzzpcuvx2Z 5.15.0-76-generic #83-Ubuntu SMP Thu Jun 15 19:21:56 UTC 2023 aarch64 aarch64 aarch64 GNU/Linux
root@iZj6c145pjnolrzzpcuvx2Z:~# ctr run --rm --platform=linux/arm/v7 docker.io/library/alpine:3.13 a uname -m
aarch64
It's strange that the x86_64 emulates correctly, so the qemu is installed.
There was a problem hiding this comment.
Clearly the call to binfmt on the CI did not install the arm emulator, while it did on my machine. As to the why, my money is on the fact that the M1 may not have the magic native execution fallback thing.
Anyhow:
a. we should pin toniis image instead of using latest
b. looking at the source of it, it has clearly grown in complexity and trying too hard to do "magic" IMHO - --install all clearly no longer means --install all, it is now "install what it thinks you need". I would suggest we stop using it entirely or at least we stop doing --install-all and we instead explicitly install the architectures we need
There was a problem hiding this comment.
Thanks @apostasie . It works. 👍
yankay
force-pushed
the
support-ci-arm64
branch
3 times, most recently
from
e95ec45 to
c0c0a01
Compare
Signed-off-by: Kay Yan <[email protected]>
yankay
force-pushed
the
support-ci-arm64
branch
from
c0c0a01 to
fc4b270
Compare
| @@ -40,7 +40,7 @@ var ( | |||
| WordpressIndexHTMLSnippet = "<title>WordPress › Installation</title>" | |||
| MariaDBImage = mirrorOf("mariadb:10.5") | |||
| DockerAuthImage = mirrorOf("cesanta/docker_auth:1.7") | |||
| FluentdImage = mirrorOf("fluent/fluentd:v1.14-1") | |||
| FluentdImage = "fluent/fluentd:v1.17.0-debian-1.0" | |||
There was a problem hiding this comment.
I assume we generally avoid Docker Hub because of the dreaded 429? (which I guess is why we mirror stuff on ghcr?)
I also think this approach is problematic (as obviously publishing there is a process we cannot control from this repo).
I would prefer a solution where we cache the images on the CI.
Also, we might want to start pulling by digest for these.
Anyhow, this is fine ^ - and these problems can be addressed later.
|
@AkihiroSuda this here looks fine to me now (no more platform specialization / monkeying with the binfmt force install patch). Do you think we could merge this? |
|
Akihiro seems to be busy / out in the past few days. Do you think we could get this reviewed? |
|
I can take a look today |
To support the ARM64 better, add it to the CI. And to make the CI pass, there are some changes: